pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Source Code
GIT

Files

  1.   8f4e668e5f13f8c069944c4e73ef82980690fdb1
  2.   SOURCES
  3.   0006-Map-NT_STATUS_INVALID_PARAMETER-to-most-likely-error.patch
Blob Blame History Raw 
From f3292de4abee43c35c25d7ecd8b3638173fb24b8 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 12 Nov 2013 11:36:22 +0200
Subject: [PATCH 6/6] Map NT_STATUS_INVALID_PARAMETER to most likely error
 cause: clock skew

When we get NT_STATUS_INVALID_PARAMETER in response to establish
DCE RPC pipe with Kerberos, the most likely reason is clock skew.
Suggest that it is so in the error message.

https://fedorahosted.org/freeipa/ticket/4024
---
 ipaserver/dcerpc.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index 86bb42884067ec91477d8efb37a5e7729ad50315..0dde3473b12b857ff269a936ad9a07d098405c45 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -82,6 +82,9 @@ def is_sid_valid(sid):
     -1073741614: access_denied_error,
     -1073741603:
         errors.ValidationError(name=_('AD domain controller'), error=_('unsupported functional level')),
+    -1073741811: # NT_STATUS_INVALID_PARAMETER
+        errors.RemoteRetrieveError(
+            reason=_('AD domain controller complains about communication sequence. It may mean unsynchronized time on both sides, for example')),
 }
 
 dcerpc_error_messages = {
-- 
1.8.3.1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation