Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1144121
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: "ipa trust-add" command outputs that the trust is established : <snip> Trust direction: Two-way trust Trust type: Active Directory domain Trust status: Established and verified </snip> While in the logs we see : <snip> netr_LogonControl2Ex: struct netr_LogonControl2Ex out: struct netr_LogonControl2Ex query : * query : union netr_CONTROL_QUERY_INFORMATION(case 2) info2 : * info2: struct netr_NETLOGON_INFO_2 flags : 0x00000080 (128) 0: NETLOGON_REPLICATION_NEEDED 0: NETLOGON_REPLICATION_IN_PROGRESS 0: NETLOGON_FULL_SYNC_REPLICATION 0: NETLOGON_REDO_NEEDED 0: NETLOGON_HAS_IP 0: NETLOGON_HAS_TIMESERV 0: NETLOGON_DNS_UPDATE_FAILURE 1: NETLOGON_VERIFY_STATUS_RETURNED pdc_connection_status : WERR_ACCESS_DENIED trusted_dc_name : * trusted_dc_name : '' tc_connection_status : WERR_ACCESS_DENIED result : WERR_OK </snip>
Alexander did the initial investigation and had some ideas how to fix it, AFAIK.
Patch is sent to the list: https://www.redhat.com/archives/freeipa-devel/2014-November/msg00417.html
We should shoot for 4.1.2, this will help with trust-add robustness.
master:
ipa-4-1:
Metadata Update from @mkosek: - Issue assigned to abbra - Issue set to the milestone: FreeIPA 4.1.2
Login to comment on this ticket.