#7659 ipa trust-add fails in FIPS mode.
Closed: fixed a year ago Opened a year ago by rcritten.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1608783

Description of problem: ipa trust-add fails in FIPS mode.


Version-Release number of selected component (if applicable):
[root@intel-canoepass-12 abrt]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.6 Beta (Maipo)

ipa-server-4.6.4-3.el7.x86_64
sssd-1.16.2-7.el7.x86_64
krb5-server-1.15.1-33.el7.x86_64
pki-server-10.5.9-3.el7.noarch
389-ds-base-1.3.8.4-8.el7.x86_64
samba-4.8.3-3.el7.x86_64

How reproducible: Always

Steps to Reproduce:
1. Seup IPA on FIPS enabled machine
2. establish trust with Windows2K16 AD
3. Check the message displayed on the console.

Actual results:
3. echo password | ipa trust-add ipaad2016.test --admin Administrator
--two-way=True --password

ipa: ERROR: CIFS server communication error: code "3221225473", message
"{Operation Failed} The requested operation was unsuccessful." (both may be
"None")

Expected results:
Trust should be established without any error.

Additional info:
Attaching the samba, http and dirsrv debug logs for reference.

Metadata Update from @rcritten:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1608783

a year ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.6.5 (was: FreeIPA 4.7.1)

a year ago

Metadata Update from @abbra:
- Issue assigned to abbra

a year ago

master:

  • de8f969 Move fips_enabled to a common library to share across different plugins
  • 6907a0c ipasam: do not use RC4 in FIPS mode

ipa-4-7:

  • 5e8bc96 Move fips_enabled to a common library to share across different plugins
  • 04c5798 ipasam: do not use RC4 in FIPS mode

ipa-4-6:

  • 2ede8e6 Move fips_enabled to a common library to share across different plugins
  • 0a89f64 ipasam: do not use RC4 in FIPS mode

Metadata Update from @tdudlak:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.

Metadata