Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-147423

provide ad_integration_sssd_settings to set proper krb5_canonicalize EL10

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • ansible-collection-microsoft-sql-2.6.6-1.el10
    • None
    • Moderate
    • rhel-system-roles
    • 3
    • QE ack, Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      Use the role to join to AD server

      What is the impact of this issue to you?

      When sssd.conf is misconfigured, executing privileged commands against MS ADS fails with error 15404 

      How reproducible is this bug?

      Only when users manually set krb5_canonicalize=true

      Steps to reproduce
      See KCS article https://access.redhat.com/solutions/7134391
      Proposed fix

      The role should ensure that krb5_canonicalize=false is set when running the ad_integration role internally to connect to AD Server. The ad_integration role has a variable ad_integration_sssd_settings that allows configuring sssd settings, the role should set this variable to configure krb5_canonicalize=false explicitly.

              spetros@redhat.com Sergei Petrosian
              spetros@redhat.com Sergei Petrosian
              Sergei Petrosian Sergei Petrosian
              Daniel Yeisley Daniel Yeisley
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: