#4570 trust-add fails with internal error in misconfigured environment
Closed: Invalid None Opened 9 years ago by jcholast.

trust-add failed with different internal errors when I ran it in my misconfigured environment (missing DNS records, etc.):

ipa: ERROR: LDAP error when connecting to MKDC2012: {'desc': "Can't contact LDAP server"}
ipa: ERROR: non-public: KeyError: 'sid'
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 333, in wsgi_execute
    result = self.Command[name](*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 436, in __call__
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 755, in run
    result = self.execute(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 441, in execute
    old_range, range_name, dom_sid = self.validate_range(*keys, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 607, in validate_range
    dom_sid = self.trustinstance.remote_domain.info['sid']
KeyError: 'sid'
ipa: INFO: admin@IDM.LAB.ENG.BRQ.REDHAT.COM: trust_add(u'MKAD2012', trust_type=u'ad', all=False, raw=False, version=u'2.65'): KeyError



ipa: ERROR: LDAP error when connecting to MKDC2012: {'desc': "Can't contact LDAP server"}
ipa: ERROR: non-public: KeyError: 'dns_hostname'
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 333, in wsgi_execute
    result = self.Command[name](*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 436, in __call__
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 755, in run
    result = self.execute(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 441, in execute
    old_range, range_name, dom_sid = self.validate_range(*keys, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 605, in validate_range
    self.realm_passwd
  File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 1100, in populate_remote_domain
    td.retrieve(rd.info['dns_hostname'])
KeyError: 'dns_hostname'
ipa: INFO: admin@IDM.LAB.ENG.BRQ.REDHAT.COM: trust_add(u'MKAD2012', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.65'): KeyError



ipa: ERROR: non-public: AttributeError: 'lsa.ForestTrustCollisionInfo' object has no attribute '__ndr_print__'
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 333, in wsgi_execute
    result = self.Command[name](*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 436, in __call__
    ret = self.run(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 755, in run
    result = self.execute(*args, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 442, in execute
    result = self.execute_ad(full_join, *keys, **options)
  File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 656, in execute_ad
    self.realm_passwd
  File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 1152, in join_ad_full_credentials
    self.remote_domain.establish_trust(self.local_domain, trustdom_pass)
  File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 920, in establish_trust
    self.update_ftinfo(another_domain)
  File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 878, in update_ftinfo
    root_logger.error("When setting forest trust information, got collision info back:\\n%s" % (ndr_print(collision_info)))
  File "/usr/lib64/python2.7/site-packages/samba/ndr.py", line 50, in ndr_print
    return object.__ndr_print__()
AttributeError: 'lsa.ForestTrustCollisionInfo' object has no attribute '__ndr_print__'
ipa: INFO: admin@IDM.LAB.ENG.BRQ.REDHAT.COM: trust_add(u'MKAD2012', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.65'): AttributeError

It would be nice if an error explaning what went wrong was reported instead.


4.1.4 was released, moving to new milestone

This is rather generic issue and it seems it is no longer applicable.

AD unable to reach IPA:

$ ipa trust-add --type=ad ad.test --range-type ipa-ad-trust --admin Administrator --password --two-way TRUE
Active Directory domain administrator's password: 
ipa: ERROR: AD DC was unable to reach any IPA domain controller. Most likely it is a DNS or firewall issue

IPA unable to reach AD:

$ ipa trust-add --type=ad ad.test --range-type ipa-ad-trust --admin Administrator --password
Active Directory domain administrator's password: 
ipa: ERROR: Cannot find specified domain or server name

Closing as works for me, please create separate tickets with reproduction steps if any internal errors are encountered.

Metadata Update from @jcholast:
- Issue assigned to tbabej
- Issue set to the milestone: FreeIPA 4.2.1

7 years ago

Login to comment on this ticket.

Metadata