Back to bug 2120572
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2022-08-23 09:39:27 UTC | Pool ID | sst_idm_ipa_rhel_8 | |
| Varun Mylaraiah | 2022-08-23 09:40:49 UTC | Keywords | Regression, TestBlocker | |
| Red Hat One Jira (issues.redhat.com) | 2022-08-23 09:46:32 UTC | Link ID | Red Hat Issue Tracker FREEIPA-8679 | |
| Red Hat One Jira (issues.redhat.com) | 2022-08-23 09:46:37 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-131950 | |
| Varun Mylaraiah | 2022-08-23 09:55:05 UTC | CC | pbrezina | |
| Component | ipa | sssd | ||
| Red Hat One Jira (issues.redhat.com) | 2022-08-23 09:59:15 UTC | Link ID | Red Hat Issue Tracker FREEIPA-8679 | |
| Florence Blanc-Renaud | 2022-08-24 07:17:22 UTC | QA Contact | ipa-qe | sssd-qe |
| Assignee | frenaud | sssd-maint | ||
| Florence Blanc-Renaud | 2022-08-24 07:17:58 UTC | CC | frenaud | |
| Pool ID | sst_idm_ipa_rhel_8 | sst_idm_sssd_rhel_8 | ||
| Alexey Tikhonov | 2022-08-24 07:22:55 UTC | CC | atikhono | |
| Flags | needinfo?(mvarun) | |||
| Alexander Bokovoy | 2022-08-24 07:26:11 UTC | CC | abokovoy | |
| Alexey Tikhonov | 2022-08-24 08:59:44 UTC | Flags | needinfo?(sbose) | |
| CC | sbose | |||
| Varun Mylaraiah | 2022-08-25 12:10:25 UTC | Flags | needinfo?(mvarun) | needinfo- |
| Sumit Bose | 2022-08-26 17:50:44 UTC | Flags | needinfo?(sbose) | |
| Alexey Tikhonov | 2022-08-26 17:58:48 UTC | Pool ID | sst_idm_sssd_rhel_8 | sst_idm_ipa_rhel_8 |
| QA Contact | sssd-qe | ipa-qe | ||
| Assignee | sssd-maint | frenaud | ||
| Component | sssd | ipa | ||
| Red Hat One Jira (issues.redhat.com) | 2022-08-26 18:00:54 UTC | Link ID | Red Hat Issue Tracker FREEIPA-8679 | |
| Trivino | 2022-08-29 11:53:34 UTC | Keywords | Triaged | |
| CC | ftrivino | |||
| Trivino | 2022-09-01 13:21:15 UTC | Assignee | frenaud | ftrivino |
| Varun Mylaraiah | 2022-09-05 11:33:46 UTC | Blocks | 2124243 | |
| Sudhir Menon | 2022-09-06 07:56:15 UTC | Blocks | 2089955 | |
| Florence Blanc-Renaud | 2022-09-16 06:45:37 UTC | Flags | needinfo?(ftrivino) | |
| Trivino | 2022-09-21 10:26:17 UTC | Doc Text | Cause: RC4 (NTLM hash) is not allowed in FIPS mode. Consequence: two-way trust can't be established in FIPS mode. Workaround (if any): Result: when establishing two-way trust, Win AD-DC attempts to auth to IPA DC by using NTLMSSP which is blocked by FIPS, communication fallsdown to "gse_krb5" which is not working and needs to be investigated as part of this BZ. | |
| Doc Type | If docs needed, set a value | Known Issue | ||
| Trivino | 2022-09-21 10:27:26 UTC | Flags | needinfo?(ftrivino) | |
| Lucie Vařáková | 2022-09-21 12:44:14 UTC | Docs Contact | lmcgarry | |
| Filip Hanzelka | 2022-09-22 12:42:52 UTC | Doc Text | Cause: RC4 (NTLM hash) is not allowed in FIPS mode. Consequence: two-way trust can't be established in FIPS mode. Workaround (if any): Result: when establishing two-way trust, Win AD-DC attempts to auth to IPA DC by using NTLMSSP which is blocked by FIPS, communication fallsdown to "gse_krb5" which is not working and needs to be investigated as part of this BZ. | .FIPS mode does not support using the NTLM hashing algorithm to establish a two-way cross-forest trust Establishing a two-way cross-forest trust between Identity Management (IdM) and Active Directory (AD) using the New Technology LAN Manager (NTLM) hashing algorithm fails in FIPS mode because NTLM Security Support Provider (NTLMSSP) authentication is not FIPS-compliant. The communication between the IdM and AD servers falls down to the `gse_krb5` GENSEC submechanism, which is not working. |
| CC | fhanzelk | |||
| Docs Contact | lmcgarry | fhanzelk | ||
| Filip Hanzelka | 2022-09-22 12:52:01 UTC | Flags | needinfo?(ftrivino) | |
| Trivino | 2022-09-22 16:45:06 UTC | Flags | needinfo?(ftrivino) | |
| Filip Hanzelka | 2022-09-23 14:23:00 UTC | Flags | needinfo?(ftrivino) | |
| Filip Hanzelka | 2022-09-26 11:08:44 UTC | Flags | needinfo?(ftrivino) | |
| Filip Hanzelka | 2022-09-26 18:50:23 UTC | Flags | needinfo?(mmuehlfe) | |
| Filip Hanzelka | 2022-09-27 08:31:02 UTC | Doc Text | .FIPS mode does not support using the NTLM hashing algorithm to establish a two-way cross-forest trust Establishing a two-way cross-forest trust between Identity Management (IdM) and Active Directory (AD) using the New Technology LAN Manager (NTLM) hashing algorithm fails in FIPS mode because NTLM Security Support Provider (NTLMSSP) authentication is not FIPS-compliant. The communication between the IdM and AD servers falls down to the `gse_krb5` GENSEC submechanism, which is not working. | .IdM in FIPS mode does not support using the NTLMSSP protocol to establish a two-way cross-forest trust Establishing a two-way cross-forest trust between Active Directory (AD) and Identity Management (IdM) with FIPS mode enabled fails because the New Technology LAN Manager Security Support Provider (NTLMSSP) authentication is not FIPS-compliant. IdM in FIPS mode does not accept the RC4 NTLM hash that the AD domain controller uses when attempting to authenticate. |
| Trivino | 2022-09-27 10:12:55 UTC | Flags | needinfo?(ftrivino) needinfo?(ftrivino) | |
| Marc Muehlfeld | 2022-09-30 06:10:17 UTC | Flags | needinfo?(mmuehlfe) | |
| Pasi Karkkainen | 2022-11-09 15:34:26 UTC | CC | pasik | |
| Leos Pol | 2023-02-13 08:55:12 UTC | Blocks | 2144443 | |
| CongLi | 2023-08-11 07:51:51 UTC | Blocks | 2209172 |
Back to bug 2120572