Back to bug 2124243
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2022-09-05 11:33:46 UTC | Pool ID | sst_idm_ipa_rhel_9 | |
| Red Hat One Jira (issues.redhat.com) | 2022-09-05 11:36:50 UTC | Link ID | Red Hat Issue Tracker FREEIPA-8704 | |
| Red Hat One Jira (issues.redhat.com) | 2022-09-05 11:37:00 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-133224 | |
| Mohammad Rizwan | 2022-09-06 07:59:57 UTC | Blocks | 2091421 | |
| Florence Blanc-Renaud | 2022-09-16 06:56:13 UTC | Flags | needinfo?(ftrivino) | |
| Trivino | 2022-09-21 10:30:04 UTC | Doc Text | Cause: RC4 (NTLM hash) is not allowed in FIPS mode. Consequence: two-way trust can't be established in FIPS mode. Workaround (if any): Result: when establishing two-way trust, Win AD-DC attempts to auth to IPA DC by using NTLMSSP which is blocked by FIPS, communication fallsdown to "gse_krb5" which is not working and needs to be investigated as part of this BZ. | |
| Flags | needinfo?(ftrivino) | |||
| Doc Type | If docs needed, set a value | Known Issue | ||
| Gabi Fialová | 2022-09-26 06:53:40 UTC | Docs Contact | fhanzelk | |
| CC | gfialova | |||
| Gabi Fialová | 2022-09-26 06:57:04 UTC | Flags | needinfo?(fhanzelk) | |
| CC | fhanzelk | |||
| Filip Hanzelka | 2022-10-03 08:28:24 UTC | Doc Text | Cause: RC4 (NTLM hash) is not allowed in FIPS mode. Consequence: two-way trust can't be established in FIPS mode. Workaround (if any): Result: when establishing two-way trust, Win AD-DC attempts to auth to IPA DC by using NTLMSSP which is blocked by FIPS, communication fallsdown to "gse_krb5" which is not working and needs to be investigated as part of this BZ. | .IdM in FIPS mode does not support using the NTLMSSP protocol to establish a two-way cross-forest trust Establishing a two-way cross-forest trust between Active Directory (AD) and Identity Management (IdM) with FIPS mode enabled fails because the New Technology LAN Manager Security Support Provider (NTLMSSP) authentication is not FIPS-compliant. IdM in FIPS mode does not accept the RC4 NTLM hash that the AD domain controller uses when attempting to authenticate. |
| Flags | needinfo?(fhanzelk) | |||
| Gabi Fialová | 2022-10-03 15:54:48 UTC | CC | gfialova | |
| Pasi Karkkainen | 2023-02-05 15:09:58 UTC | CC | pasik | |
| Leos Pol | 2023-02-13 08:52:18 UTC | Blocks | 2144442 | |
| CongLi | 2023-08-11 07:00:20 UTC | Blocks | 2209174 |
Back to bug 2124243