From 8bbc4c5ff4b5a3c9bb99241a213bb52deb418212 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Fri, 11 Jan 2013 16:33:43 +0100
Subject: Test NetBIOS name clash before creating a trust

Give a clear message about what is wrong with current Trust settings
before letting AD to return a confusing error message.

https://fedorahosted.org/freeipa/ticket/3193
---
 ipaserver/dcerpc.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'ipaserver')

diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index bff435f7..38404443 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -593,6 +593,12 @@ class TrustDomainInstance(object):
         info.trust_type = lsa.LSA_TRUST_TYPE_UPLEVEL
         info.trust_attributes = lsa.LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
 
+        if self.info['name'] == info.netbios_name.string:
+            # Check that NetBIOS names do not clash
+            raise errors.ValidationError(name=u'AD Trust Setup',
+                    error=_('the IPA server and the remote domain cannot share the same '
+                            'NetBIOS name: %s') % self.info['name'])
+
         try:
             dname = lsa.String()
             dname.string = another_domain.info['dns_domain']
-- 
cgit