IPA Client installation is failing with FIPS mode in RHEL 9 when FIPS is enabled on RHEL 8 IPA Server
Environment
- Red Hat Enterprise Linux 9.0 (RHEL)
ipa-client-4.9.8-7.el9_0.x86_64- FIPS
Issue
- Unable to install IPA Client with FIPS
- Client installation is failing with the error
kinit: KDC has no support for encryption type while getting initial credentials
Resolution
This is a known issue. It is being tracked in Bugzilla 2103327
Diagnostic Steps
- ipa-client-install.log
2022-08-30T09:50:26Z DEBUG Initializing principal admin@EXAMPLE.COM using password
2022-08-30T09:50:26Z DEBUG Starting external process
2022-08-30T09:50:26Z DEBUG args=['/usr/bin/kinit', 'admin@EXAMPLE.COM', '-c', '/tmp/krbccwtr795vy/ccache']
2022-08-30T09:50:28Z DEBUG Process finished, return code=1
2022-08-30T09:50:28Z DEBUG stdout=
2022-08-30T09:50:28Z DEBUG stderr=kinit: KDC has no support for encryption type while getting initial credentials
...
...
2022-08-30T09:50:36Z DEBUG The ipa-client-install command failed, exception: ScriptError: Kerberos authentication failed: kinit: KDC has no support for encryption type while getting initial credentials
2022-08-30T09:50:36Z ERROR Kerberos authentication failed: kinit: KDC has no support for encryption type while getting initial credentials
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments