IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Propagate kinit errors with trust account

Browse Source 
When using Global Catalog for resolving users and groups, one needs
to authenticate against Active Directory DC using GSSAPI. Obtaining
Kerberos ticket might fail. Make sure the failure message is actually
returned to the user so that decision can be made about the source
of issue.

https://fedorahosted.org/freeipa/ticket/3265
This commit is contained in:
Alexander Bokovoy 2012-11-27 20:31:02 +02:00 committed by Rob Crittenden
parent bef251a13c
commit ec20a74a59
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ipaserver/dcerpc.py
View File

@ -279,6 +279,10 @@ class DomainValidator(object):
if returncode == 0:
return (ccache_name, principal)
else:
if returncode == 1:
raise errors.ACIError(
info=_("KDC for %(domain)s denied trust account for IPA domain with a message '%(message)s'") %
dict(domain=info['dns_domain'],message=stderr.strip()))
return (None, None)
def resolve_against_gc(self, domain, name):