-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-10.0
-
No
-
Moderate
-
rhel-idm-uah
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
What were you trying to do that didn't work?
samba-gpupdate is unable to fetch supported templates against Windows 2025 CA
What is the impact of this issue to you?
autoenrollment doesn't work
Please provide the package NVR for which the bug is seen:
samba-common-4.21.3-106.el10_0
samba-gpupdate-4.21.3-106.el10_0
How reproducible is this bug?:
Always
Steps to reproduce
- Set up Windows DC and CA according to
[Certificate Auto Enrollment - HackMD []|https://hackmd.io/@asn/Syieb4gBge]
- enroll RHEL 10 into domain with samba/winbind
- run `samba-gpupdate`
Expected results
Autoenrolled certificates should be fetched via certmonger
Actual results
Failure on fetching templates:
2025-07-14 10:08:54.187|[E66544]| Failed to fetch the list of supported templates. | {'Error': '2025-07-14 10:08:54,162 __main__:ERROR:Traceback (most recent call last):\n File "/usr/libexec/certmonger/cepces-submit", line 68, in main\n service = Service(config)\n File "/usr/lib/python3.9/site-packages/cepces/core.py", line 90, in __init__\n self._policies = self._xcep.get_policies()\n File "/usr/lib/python3.9/site-packages/cepces/xcep/service.py", line 52, in get_policies\n response = self.send(envelope)\n File "/usr/lib/python3.9/site-packages/cepces/soap/service.py", line 93, in send\n req.raise_for_status()\n File "/usr/lib/python3.9/site-packages/requests/models.py", line 943, in raise_for_status\n raise HTTPError(http_error_msg, response=self)\nrequests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://dc.win25.local/ADPolicyProvider_CEP_Kerberos/service.svc/CEP\n\n'}
- is blocked by
-
-
- New
-
