Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-22158

realm command fails to join to AD domain post upgrade to RHEL 8.9 with crypto-policy FIPS:OSSP applied

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • rhel-8.9.0
    • crypto-policies
    • None
    • Normal
    • Regression
    • Customer Escalated
    • sst_security_crypto
    • ssg_security
    • False
    • Hide

      None

      Show
      None
    • x86_64

      What were you trying to do that didn't work?

      realm command fails to join to AD domain post upgrade to RHEL 8.9 with crypto-policy FIPS:OSSP applied.

      (This seems to be a regression because it used to work just fine in RHEL 8.8).

      Please provide the package NVR for which bug is seen:

      realmd-0.17.1-1.el8.x86_64

      adcli-0.9.2-1.el8.x86_64

      crypto-policies-20230731-1.git3177e06.el8.noarch

      How reproducible:

      Always

      Steps to reproduce

      1. Set system in FIPS mode or switch to FIPS mode: # fips-mode-setup --enable
      2. Reboot
      3. Configure crypto-policy as: # update-crypto-policies --set FIPS:OSPP
      4. Reboot
      5. Try to join the system to AD domain via realm command: # realm join example.com -v

      Expected results

      realm join command fails with an error:


      ! Couldn't authenticate as: Administrator@EXAMPLE.COM: KDC has no support for encryption type
      adcli: couldn't connect to win2022.test domain: Couldn't authenticate as: Administrator@EXAMPLE.COM: KDC has no support for encryption type

      Actual results

      realm join should not failĀ 

            asosedki@redhat.com Alexander Sosedkin
            rhn-support-asakure Akshay Sakure
            Alexander Sosedkin Alexander Sosedkin
            SSG Security QE SSG Security QE
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: