#4246 Establishing trust with --trust-secret fails with conversion error
Closed: Fixed None Opened 10 years ago by abbra.

[root@dhcp207-218 ~]# ipa trust-add adtest.qe --trust-secret
Shared secret for the trust: 
ipa: ERROR: invalid 'ipanttrusteddomainsid': must be Unicode text

[root@dhcp207-218 ~]# ipa trust-show adtest.qe
  Realm name: adtest.qe
  Domain NetBIOS name: ADTEST
  Domain Security Identifier: S-1-5-21-1910160501-511572375-3625658879
  Trust direction: Two-way trust
  Trust type: Active Directory domain

[root@dhcp207-218 ~]# ipa idrange-find
---------------
1 range matched
---------------
  Range name: TESTRELM.TEST_id_range
  First Posix ID of the range: 1752200000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 1000
  First RID of the secondary RID range: 100000000
  Range type: local domain range
----------------------------
Number of entries returned 1
----------------------------

Patch is sent for review, it is a one liner.

We want this fix in 3.3.5.

master:

  • 6195870 ipaserver/dcerpc: make sure to always return unicode SID of the trust domain
  • 34d644e trust: do not fetch subdomains in case shared secret was used to set up the trust

ipa-3-3:

  • f8a0bf4 ipaserver/dcerpc: make sure to always return unicode SID of the trust domain
  • a9fab2f trust: do not fetch subdomains in case shared secret was used to set up the trust

Metadata Update from @abbra:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 3.3.5 (bug fixing)

7 years ago

Login to comment on this ticket.

Metadata