Issue
What were you trying to do that didn't work?
realm command fails to join to AD domain post upgrade to RHEL 8.9 with crypto-policy FIPS:OSSP applied.
(This seems to be a regression because it used to work just fine in RHEL 8.8).
Please provide the package NVR for which bug is seen:
realmd-0.17.1-1.el8.x86_64
adcli-0.9.2-1.el8.x86_64
crypto-policies-20230731-1.git3177e06.el8.noarch
How reproducible:
Always
Steps to reproduce
Set system in FIPS mode or switch to FIPS mode: # fips-mode-setup --enable
Reboot
Configure crypto-policy as: # update-crypto-policies --set FIPS:OSPP
Reboot
Try to join the system to AD domain via realm command: # realm join example.com -v
Expected results
realm join command fails with an error:
—
! Couldn't authenticate as: Administrator@EXAMPLE.COM: KDC has no support for encryption type
adcli: couldn't connect to win2022.test domain: Couldn't authenticate as: Administrator@EXAMPLE.COM: KDC has no support for encryption type
—
Actual results
realm join should not fail
