-
Bug
-
Resolution: Duplicate
-
Undefined
-
None
-
rhel-8.9.0
-
None
-
Normal
-
Regression
-
Customer Escalated
-
sst_security_crypto
-
ssg_security
-
False
-
-
-
x86_64
What were you trying to do that didn't work?
realm command fails to join to AD domain post upgrade to RHEL 8.9 with crypto-policy FIPS:OSSP applied.
(This seems to be a regression because it used to work just fine in RHEL 8.8).
Please provide the package NVR for which bug is seen:
realmd-0.17.1-1.el8.x86_64
adcli-0.9.2-1.el8.x86_64
crypto-policies-20230731-1.git3177e06.el8.noarch
How reproducible:
Always
Steps to reproduce
- Set system in FIPS mode or switch to FIPS mode: # fips-mode-setup --enable
- Reboot
- Configure crypto-policy as: # update-crypto-policies --set FIPS:OSPP
- Reboot
- Try to join the system to AD domain via realm command: # realm join example.com -v
Expected results
realm join command fails with an error:
—
! Couldn't authenticate as: Administrator@EXAMPLE.COM: KDC has no support for encryption type
adcli: couldn't connect to win2022.test domain: Couldn't authenticate as: Administrator@EXAMPLE.COM: KDC has no support for encryption type
—
Actual results
realm join should not failĀ
- duplicates
-
RHEL-21125 HMACS-SHA1 enctype is missing in krb5.config when using FIPS:OSPP
- Closed