Bug 1860129
| Summary: | ipa trust-add fails when FIPS enabled | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Scott Poore <spoore> |
| Component: | ipa | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | high | ||
| Version: | 8.3 | CC: | abokovoy, awestbro, dhellard, dkarpele, dpal, frenaud, kfrankli, ksiddiqu, mpolovka, myusuf, ndehadra, pasik, pcech, pvoborni, rcritten, sorlov, ssidhaye, tscherf |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | 8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.9.1-1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-05-18 15:48:21 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1793411, 1894575 | ||
*** Bug 1874396 has been marked as a duplicate of this bug. *** Fixed upstream master: https://pagure.io/freeipa/c/cf17b7af5a8cd835ae20fe23a57fe656481e27a3 https://pagure.io/freeipa/c/e157ea1e14edd239c58847957fe0ae7c7fa5c9ab https://pagure.io/freeipa/c/fd15f60216b4098d0423fc39a0ad62293df5d116 Fixed upstream ipa-4-9: https://pagure.io/freeipa/c/753246f4e82af5697ee51bdc7f667959e1824be1 https://pagure.io/freeipa/c/8ab9bf68a4d12c8763c1669d0c14b7771a3289da https://pagure.io/freeipa/c/3fa07a108030265dc89921a37216a1184e1e7516 Fixed upstream master: https://pagure.io/freeipa/c/968f8ada650ead218055026d1acfb5d41b87cdf0 https://pagure.io/freeipa/c/e6f8d8bc9bc53fe6947867e4918585654fd4acfb https://pagure.io/freeipa/c/75882516c4126fde403291357c991917616a5314 https://pagure.io/freeipa/c/a1e2fe9c32ca44e4c06aadd6aa75565ccb6910c3 https://pagure.io/freeipa/c/08d7d90ab0934ecefaaccf7866c73dca8ccf636f https://pagure.io/freeipa/c/214aeb724308c91847d4643a9a4f4c2d38d5abfa https://pagure.io/freeipa/c/9d19c08269226ec15a6e99208aff66ca85fe2c51 https://pagure.io/freeipa/c/94242563d52adc0d6c539a78a70b5e486d6047ed https://pagure.io/freeipa/c/ae7cd4702dcbeb9479a3e4975a44f5e7b17061f5 https://pagure.io/freeipa/c/54e5ffc0005d273773618fb0c23f96cc7e4a16c1 Fixed upstream ipa-4-9: https://pagure.io/freeipa/c/f8bf37422b7c49a4a39b4704b18158b37ee9ef80 https://pagure.io/freeipa/c/962052a0567b6878843272b1882d0a0b3b2debd1 https://pagure.io/freeipa/c/2e8eb0f5fe82be58be88fa0d9b07ee7af69d8829 https://pagure.io/freeipa/c/e8f927db7da00d1671f871d3b2e89429aec3beb9 https://pagure.io/freeipa/c/f103172954c259443f0c5b4ac89474e66cf3a1d6 https://pagure.io/freeipa/c/3d706b6f57309ec394df617cecb9a73d021fc2f7 https://pagure.io/freeipa/c/dc16c2484c1006bc249848383d86ef828abd921a https://pagure.io/freeipa/c/b53592492879f87465774eb9a4d6c02a8ba26a5e https://pagure.io/freeipa/c/c842d4b5c2404d263d56aa0c4ba33fe32b2ca61e https://pagure.io/freeipa/c/9f63afb4408e308c2ee972a72875525afefa5d54 Verified using ipa-server-4.9.1-1.module+el8.4.0+9665+c9815399.x86_64 and ipa-server-trust-ad-4.9.1-1.module+el8.4.0+9665+c9815399.x86_64 in RHEL8.4 nightly build running in FIPS mode. Passed test_integration/test_trust.py::TestTrust::()::test_establish_nonposix_trust Passed test_integration/test_trust.py::TestTrust::()::test_trustdomains_found_in_nonposix_trust Passed test_integration/test_trust.py::TestTrust::()::test_range_properties_in_nonposix_trust Passed test_integration/test_trust.py::TestTrust::()::test_user_gid_uid_resolution_in_nonposix_trust Passed test_integration/test_trust.py::TestTrust::()::test_ipa_commands_run_as_aduser Passed test_integration/test_trust.py::TestTrust::()::test_ipa_management_run_as_aduser Passed test_integration/test_trust.py::TestTrust::()::test_password_login_as_aduser Passed test_integration/test_trust.py::TestTrust::()::test_ipauser_authentication_with_nonposix_trust Passed test_integration/test_trust.py::TestTrust::()::test_upn_in_nonposix_trust Passed test_integration/test_trust.py::TestTrust::()::test_upn_user_resolution_in_nonposix_trust Passed test_integration/test_trust.py::TestTrust::()::test_upn_user_authentication_in_nonposix_trust Passed test_integration/test_trust.py::TestTrust::()::test_sudorules_ad_users Passed test_integration/test_trust.py::TestTrust::()::test_sudorules_ad_groups Passed test_integration/test_trust.py::TestTrust::()::test_sudorules_ad_runasuser Passed test_integration/test_trust.py::TestTrust::()::test_sudorules_ad_runasuser_group Passed test_integration/test_trust.py::TestTrust::()::test_sudorules_ad_runasgroup Passed test_integration/test_trust.py::TestTrust::()::test_remove_nonposix_trust Passed test_integration/test_trust.py::TestTrust::()::test_remove_subordinate_suffixes_trust Passed test_integration/test_trust.py::TestTrust::()::test_establish_posix_trust Passed test_integration/test_trust.py::TestTrust::()::test_trustdomains_found_in_posix_trust Passed test_integration/test_trust.py::TestTrust::()::test_range_properties_in_posix_trust Passed test_integration/test_trust.py::TestTrust::()::test_user_uid_gid_resolution_in_posix_trust Passed test_integration/test_trust.py::TestTrust::()::test_user_without_posix_attributes_not_visible Passed test_integration/test_trust.py::TestTrust::()::test_override_homedir Passed test_integration/test_trust.py::TestTrust::()::test_extdom_plugin Passed test_integration/test_trust.py::TestTrust::()::test_remove_posix_trust Passed test_integration/test_trust.py::TestTrust::()::test_invalid_range_types Passed test_integration/test_trust.py::TestTrust::()::test_establish_external_subdomain_trust Passed test_integration/test_trust.py::TestTrust::()::test_trustdomains_found_in_external_subdomain_trust Passed test_integration/test_trust.py::TestTrust::()::test_user_gid_uid_resolution_in_external_subdomain_trust Passed test_integration/test_trust.py::TestTrust::()::test_remove_external_subdomain_trust Passed test_integration/test_trust.py::TestTrust::()::test_establish_nonexternal_subdomain_trust Passed test_integration/test_trust.py::TestTrust::()::test_establish_external_treedomain_trust Passed test_integration/test_trust.py::TestTrust::()::test_trustdomains_found_in_external_treedomain_trust Passed test_integration/test_trust.py::TestTrust::()::test_user_gid_uid_resolution_in_external_treedomain_trust Passed test_integration/test_trust.py::TestTrust::()::test_remove_external_treedomain_trust Passed test_integration/test_trust.py::TestTrust::()::test_establish_nonexternal_treedomain_trust Passed test_integration/test_trust.py::TestTrust::()::test_establish_external_rootdomain_trust Passed test_integration/test_trust.py::TestTrust::()::test_trustdomains_found_in_external_rootdomain_trust Passed test_integration/test_trust.py::TestTrust::()::test_remove_external_rootdomain_trust There are failures in other test cases in this test class, however those are unrelated to this BZ. Full test log is an attachment of this BZ. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:1846 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |
Description of problem: When FIPS is enabled on a RHEL8 IPA Server, I cannot add an AD trust: # echo Secret123 | ipa trust-add adcs19.test --two-way True --admin Administrator --password ipa: ERROR: CIFS server communication error: code "3221225495", message "{Not Enough Quota} Not enough virtual memory or paging file quota is available to complete the specified operation." (both may be "None") Version-Release number of selected component (if applicable): ipa-server-4.8.7-7.module+el8.3.0+7376+c83e4fcd.x86_64 How reproducible: always Steps to Reproduce: 1. Enable FIPS mode on server 2. Install IPA 3. setup DNS as necessary for IPA and AD 4. ipa trust-add Actual results: Error as shown above Expected results: Adds trust with AD server. Additional info: