Issue #4114: ipasam cannot update trusted domain info when reseting trusted secret from AD DC side - freeipa

freeipa

#4114 ipasam cannot update trusted domain info when reseting trusted secret from AD DC side

Opened 10 years ago by abbra. Modified 7 years ago

When attempting to validate trust from AD DC side and reseting trust shared secret, Samba reports an error because some string conversion fails:

 [2014/01/14 15:55:32.599455, 10, pid=13817, effective(948600000, 948600000), real(948600000, 0)] ipa_sam.c:2137(ipasam_get_trusted_domain_by_sid)
  ipasam_get_trusted_domain_by_sid called for sid S-1-5-21-2396524182-1808436206-1789356876
[2014/01/14 15:55:32.599500,  5, pid=13817, effective(948600000, 948600000), real(948600000, 0)] ../source3/lib/smbldap.c:1249(smbldap_search_ext)
  smbldap_search_ext: base => [cn=ad,cn=trusts,dc=ipa,dc=weald,dc=vda,dc=li], filter => [(&(objectClass=ipaNTTrustedDomain)(ipaNTTrustedDomainSID=S-1-5-21-2396524182-1808436206-1789356876))], scope => [2]
[2014/01/14 15:55:32.599556, 11, pid=13817, effective(948600000, 948600000), real(948600000, 0)] ../source3/lib/smbldap.c:1067(smbldap_open)
  smbldap_open: already connected to the LDAP server
[2014/01/14 15:55:32.600840,  9, pid=13817, effective(948600000, 948600000), real(948600000, 0)] ipa_sam.c:2084(fill_pdb_trusted_domain)
  Failed to set forest trust info.
[2014/01/14 15:55:32.600914,  3, pid=13817, effective(948600000, 948600000), real(948600000, 0)] ../lib/util/charset/convert_string.c:435(convert_string_talloc_handle)
  convert_string_talloc: Conversion error: Illegal multibyte sequence(4<DD><F8>ڐ<F1>ESC^D<87><8F>)
[2014/01/14 15:55:32.600953,  0, pid=13817, effective(948600000, 948600000), real(948600000, 0)] ../lib/util/charset/convert_string.c:438(convert_string_talloc_handle)
  Conversion error: Illegal multibyte sequence(4<DD><F8>ڐ<F1>ESC^D<87><8F>)
[2014/01/14 15:55:32.602160,  1, pid=13817, effective(948600000, 948600000), real(948600000, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug)
       lsa_QueryTrustedDomainInfoBySid: struct lsa_QueryTrustedDomainInfoBySid
          out: struct lsa_QueryTrustedDomainInfoBySid
              info                     : *
                  info                     : NULL
              result                   : NT_STATUS_INVALID_PARAMETER

This is with Fedora 20, samba 4.1.3-2.fc20 and FreeIPA from git master.

mkosek commented 10 years ago

Alexander found out this issue affects IPA ability to successfully use trusts with AD 2012. We need to re-prioritize.

dpal commented 10 years ago

Not reproducible. Not clear where the issue is.

mkosek commented 9 years ago

Linking with new downstream bug https://bugzilla.redhat.com/show_bug.cgi?id=1190566. Alexander may revisit this ticket when evaluating trusts with Samba DC.

mkosek commented 8 years ago

Moving to 4.4 for now, abbra would like to get it working at the same time we'll get Samba AD.

Metadata Update from @abbra:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 4.5 backlog

7 years ago

Metadata

Assignee

abbra

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.5 backlog

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

Trusts

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1190566

tester

None

changelog

None

design

None

freeipa

Source Code

#4114 ipasam cannot update trusted domain info when reseting trusted secret from AD DC side Opened 10 years ago by abbra. Modified 7 years ago

Close issue as:

Metadata

#4114 ipasam cannot update trusted domain info when reseting trusted secret from AD DC side

Opened 10 years ago by abbra. Modified 7 years ago