freeipa

Clone
Source Code
GIT

#4195 Invalid credential cache in trust_add on RHEL 7
Closed: Fixed None Opened 10 years ago by dpal.

Closed: Fixed
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1069182

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

+++ This bug was initially created as a clone of Bug #1069102 +++

Description of problem:

* IPA is unable to establish trust with Active Directory on RHEL7.

Observations:
* Principal that is used to connect does not have a -512 RID.
* Httpd's logs mention "credential cache for @TESTRELM" (no user)
* Installing packages from F20 does resolve the issue.

Version-Release number of selected component (if applicable):


[root@hp-dl385g7-02 ~]# rpm -q samba
samba-4.1.1-15.el7.x86_64

Used packages from F20 that work:

samba-4.1.4-1.fc20.x86_64.rpm

How reproducible:

Always.

Steps to Reproduce:
1. Install IPA server (# ipa-server-install)
2. Install IPA server's AD trust add-on (# ipa-adtrust-install)
3. Try to add trust with an Active Directory (# ipa trust-add)

master:

  • fb2eca8 ipa-kdb: in case of delegation use original client's database entry, not the proxy
  • f7955ab ipa-kdb: make sure we don't produce MS-PAC in case of authdata flag cleared by admin

ipa-3-3:

  • a5ccd6e ipa-kdb: in case of delegation use original client's database entry, not the proxy
  • c771ba2 ipa-kdb: make sure we don't produce MS-PAC in case of authdata flag cleared by admin

Metadata Update from @dpal:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 3.3.5 (bug fixing)
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
1
None
None
simo
None
https://bugzilla.redhat.com/show_bug.cgi?id=1069182
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.