#8715 Establishing trust with AD domain using shared secret fails in FIPS mode
Opened 3 years ago by frenaud. Modified 3 years ago

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1924707

Description of problem:
When trying to establish trust with AD domain with IPA in FIPS mode creation of
Windows side of trust fails with "Access denied"

Version-Release number of selected component (if applicable):

ipa-server-4.9.1-1.module+el8.4.0+9665+c9815399.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Execute test suite: freeipa/ipatests/test_integration/test_trust.py
2. Look at results of test case
"test_establish_forest_trust_with_shared_secret"

Actual results:
transport.py               513 DEBUG    RUN ['powershell', '-c', '[System.Direc
toryServices.ActiveDirectory.Forest]::getCurrentForest().CreateLocalSideOfTrust
Relationship("testrelm.test", 1, "qwertyuiopQq!1")']
transport.py               558 DEBUG    bash: line 2:
/home/Administrator/env.sh: No such file or directory
transport.py               558 DEBUG    Exception calling
"CreateLocalSideOfTrustRelationship" with "3" argument(s): "Access is denied.
transport.py               558 DEBUG    "
transport.py               558 DEBUG    At line:1 char:1
transport.py               558 DEBUG    +
[System.DirectoryServices.ActiveDirectory.Forest]::getCurrentForest() ...
transport.py               558 DEBUG    +
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
transport.py               558 DEBUG        + CategoryInfo          :
NotSpecified: (:) [], MethodInvocationException
transport.py               558 DEBUG        + FullyQualifiedErrorId :
UnauthorizedAccessException
transport.py               558 DEBUG
transport.py               214 ERROR    Exit code: 1



Additional info:
The test succeeds in non-FIPS mode in otherwise equivalent environment.

Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1924707

3 years ago

master:

  • 4d87982 ipatests: skip tests for AD trust with shared secret in FIPS mode

ipa-4-9:

  • 6d7b2d7 ipatests: skip tests for AD trust with shared secret in FIPS mode

Metadata Update from @pcech:
- Issue set to the milestone: FreeIPA 4.9

3 years ago

Login to comment on this ticket.

Metadata