Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: rhel-10.0
Component/s: python-requests-gssapi
Labels:
None

Regression:
No
Severity:
None

AssignedTeam:
rhel-idm-uah

Story Points:
None
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Certificate Auto Enrollment in Samba with CEP/CES isn't working against Windows 2025 as support for channel binding is missing in python-requests-gssapi. This is required since 2024-12.

This is also known as Extended Protection for Authentication.

See

https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/2c3ea153-eff9-46a7-8614-19b677efa4e0

blocks

RHEL-103400 Certificate Auto Enrollment doesn't work against Windows Server 2025 [rhel-10]

Planning

links to

pythongssapi/requests-gssapi/issues/56

Assignee:: Francisco Trivino Garcia

Reporter:: Andreas Schneider

Developer:: Francisco Trivino Garcia

QA Contact:: Michal Polovka

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/07/14 8:31 AM

Updated:: 2025/09/10 9:52 AM

Stale Date:: 2026/07/13

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates