Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 2216532
Created attachment 1971942 log files Description of problem: RHEL 8.8 & 9.2 fails to create AD trust with STIG applied. Version-Release number of selected component (if applicable): RHEL 8.8 and 9.2 How reproducible: consistent Steps to Reproduce: 1. Install OS with DISA STIG security profile 2. Install IdM 3. Create trust 3a. ipa trust-add --type=ad <ad domain> Actual results: body: b'{"result": null, "error": {"code": 4016, "message": "CIFS server communication error: code \\"3221225581\\", message \\"The attempted logon is invalid. This is either due to a bad username or authentication information.\\" (both may be \\"None\\")", "data": {"reason": "CIFS server communication error: code \\"3221225581\\", message \\"The attempted logon is invalid. This is either due to a bad username or authentication information.\\" (both may be \\"None\\")"}, "name": "RemoteRetrieveError"}, "id": 0, "principal": "admin@LAB18.EXAMPLE.COM", "version": "4.9.11"}' ipa: INFO: Response: { "error": { "code": 4016, "data": { "reason": "CIFS server communication error: code \"3221225581\", message \"The attempted logon is invalid. This is either due to a bad username or authentication information.\" (both may be \"None\")" }, "message": "CIFS server communication error: code \"3221225581\", message \"The attempted logon is invalid. This is either due to a bad username or authentication information.\" (both may be \"None\")", "name": "RemoteRetrieveError" }, "id": 0, "principal": "admin@LAB18.EXAMPLE.COM", "result": null, "version": "4.9.11" } ipa: ERROR: CIFS server communication error: code "3221225581", message "The attempted logon is invalid. This is either due to a bad username or authentication information." (both may be "None") Expected results: Trust is created Additional info: DISA STIG applied during OS install and FIPS removed before IdM installation.
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=2216532
Issue linked to bug 2216532
Metadata Update from @frenaud: - Issue assigned to frenaud
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/6956
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=2216532, https://bugzilla.redhat.com/show_bug.cgi?id=2231847 (was: https://bugzilla.redhat.com/show_bug.cgi?id=2216532)
master:
ipa-4-10:
ipa-4-9:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @abbra: - Custom field changelog adjusted to Make sure SSSD configuration enables nss and pam services in all circumstances, even when existing SSSD configuration is present during deployment. In environments hardened with a STIG profile this fixes support for a trust to Active Directory .
Metadata Update from @abbra: - Custom field changelog adjusted to Make sure SSSD enables nss and pam services in all circumstances, even when existing SSSD configuration is present during deployment. In environments hardened with a STIG profile this fixes support for a trust to Active Directory . (was: Make sure SSSD configuration enables nss and pam services in all circumstances, even when existing SSSD configuration is present during deployment. In environments hardened with a STIG profile this fixes support for a trust to Active Directory .)
Login to comment on this ticket.