Re: [Bug 1831448] Re: adcli: not adding an additional service-name
Thanks! --- Jason Edgecombe | Linux Administrator UNC Charlotte | The William States Lee College of Engineering 9201 University City Blvd. | Charlotte, NC 28223-0001 Phone: 704-687-1943 jwedg...@uncc.edu | http://engr.uncc.edu | Facebook --- If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-1943. Thank you. On Sat, Oct 26, 2019 at 11:55 AM Eric Desrochers < eric.desroch...@canonical.com> wrote: > Current active devel release (Future next LTS), now introduced a newer > version of adcli: > adcli | 0.9.0-1 | focal/universe | source, amd64, arm64, armhf, i386, > ppc64el, s390x > > > ** Also affects: adcli (Ubuntu Focal) >Importance: Undecided >Status: Won't Fix > > ** Changed in: adcli (Ubuntu Focal) >Status: Won't Fix => Fix Released > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1831448 > > Title: > adcli: not adding an additional service-name > > Status in adcli package in Ubuntu: > Won't Fix > Status in adcli source package in Xenial: > Won't Fix > Status in adcli source package in Bionic: > Won't Fix > Status in adcli source package in Disco: > Won't Fix > Status in adcli source package in Eoan: > Won't Fix > Status in adcli source package in Focal: > Fix Released > Status in adcli package in CentOS: > Unknown > Status in adcli package in Debian: > Fix Released > > Bug description: > I'm trying to add service principals to my computer in an Active > Directory environment. The command runs without errors but the > computer account attribute "servicePrincipalName" in AD is not > changed. > > The man page says > > - > > --service-name=service > > Additional service name for a Kerberos principal to be created on the > computer account. This option may be specified multiple times. > > -- > > I've tried this by > >adcli -v update --service-name=nfs -D DOMAIN -C > /tmp/krb5cc_11872_nXpkOu --show-details > > and got > >* Found realm in keytab: DOMAIN >* Found service principal in keytab: host/m15015-lin.DOMAIN >* Found host qualified name in keytab: host/m15015-lin.DOMAIN >* Found service principal in keytab: host/M15015-LIN >* Found computer name in keytab: M15015-LIN >* Found service principal in keytab: host/m15015-lin >* Using domain name: DOMAIN >* Calculated computer account name from fqdn: M15015-LIN >* Using domain realm: DOMAIN >* Discovering domain controllers: _ldap._tcp.DOMAIN >* Sending netlogon pings to domain controller: cldap://X.X.X.X >* Sending netlogon pings to domain controller: cldap://X.X.X.X >* Sending netlogon pings to domain controller: cldap://X.X.x.X >* Received NetLogon info from: WinDC3.DOMAIN >* Wrote out krb5.conf snippet to > /tmp/adcli-krb5-Q9bim6/krb5.d/adcli-krb5-conf-ZzF3Xh >* Looked up short domain name: DOMAIN >* Using fully qualified name: m15015-lin >* Using domain name: DOMAIN >* Using computer account name: M15015-LIN >* Using domain realm: DOMAIN >* Using fully qualified name: m15015-lin.DOMAIN >* Enrolling computer name: M15015-LIN >* Generated 120 character computer password >* Using keytab: FILE:/etc/krb5.keytab >* Found computer account for M15015-LIN$ at: > CN=M15015-LIN,OU=Linux-Clients,OU=Client Computer,DC=DOMAIN >* Retrieved kvno '2' for computer account in directory: > CN=M15015-LIN,OU=Linux-Clients,OU=Client Computer,DC=DOMAIN >* Password not too old, no change needed >* Modifying computer account: userAccountControl >* Modifying computer account: operatingSystem >* Modifying computer account: userPrincipalName > > > The errorcode is 0. The cmd line --service-name is not working or do I > use the wrong argument? --service-name="nfs/HOSTNAME" is not working too. > > However, my AD and kerberos configuration is working and so other > updates to the computer account in AD are working like: > adcli -v update --os-version=19.04 -D DOMAIN -C > /tmp/krb5cc_11872_nXpkOu --show-details > This updates the attribute "operatingSystemVersion" for the computer > account in AD. > > > --- > Ubuntu 19.04 > adcli 0.8.2-1 > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding
[Bug 1831448] Re: adcli: not adding an additional service-name
Current active devel release (Future next LTS), now introduced a newer version of adcli: adcli | 0.9.0-1 | focal/universe | source, amd64, arm64, armhf, i386, ppc64el, s390x ** Also affects: adcli (Ubuntu Focal) Importance: Undecided Status: Won't Fix ** Changed in: adcli (Ubuntu Focal) Status: Won't Fix => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
Using "net ads" from the samba-common-bin package should work as an alternative to using adcli. Assuming the server is already connected to the AD using sssd you should be able to run the following. net ads join -k net ads keytab list net ads keytab add nfs ** Changed in: adcli (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
A bionic-backports request has been made via LP: #1846516 ** Changed in: adcli (Ubuntu Eoan) Status: New => Won't Fix ** Changed in: adcli (Ubuntu Disco) Status: New => Won't Fix ** Changed in: adcli (Ubuntu Bionic) Status: New => Won't Fix ** Changed in: adcli (Ubuntu Xenial) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
** Changed in: adcli (Debian) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
** Changed in: adcli (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
** Changed in: adcli (Ubuntu Eoan) Status: In Progress => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
@bigon, I made the request more "official" by reporting a bug in Debian against adcli: # adcli new release 0.9.0 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941583 Regards, Eric ** Bug watch added: Debian Bug tracker #941583 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941583 ** Also affects: adcli (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941583 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1831448] Re: adcli: not adding an additional service-name
Cool, thanks! --- Jason Edgecombe | Linux Administrator UNC Charlotte | The William States Lee College of Engineering 9201 University City Blvd. | Charlotte, NC 28223-0001 Phone: 704-687-1943 jwedg...@uncc.edu | http://engr.uncc.edu | Facebook --- If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-1943. Thank you. On Mon, Sep 30, 2019 at 4:31 PM Eric Desrochers < eric.desroch...@canonical.com> wrote: > To summarise, before talking about the Ubuntu specifics, for sure the > first step would be to make sure 0.9.0 (including the fixes needed for > this bug) is found in debian, then we'll be more amenable to discuss > further more about the Ubuntu potential options (SRU micro release, > bionic-backports, ...) > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1831448 > > Title: > adcli: not adding an additional service-name > > Status in adcli package in Ubuntu: > In Progress > Status in adcli source package in Xenial: > New > Status in adcli source package in Bionic: > New > Status in adcli source package in Disco: > New > Status in adcli source package in Eoan: > In Progress > Status in adcli package in CentOS: > Unknown > > Bug description: > I'm trying to add service principals to my computer in an Active > Directory environment. The command runs without errors but the > computer account attribute "servicePrincipalName" in AD is not > changed. > > The man page says > > - > > --service-name=service > > Additional service name for a Kerberos principal to be created on the > computer account. This option may be specified multiple times. > > -- > > I've tried this by > >adcli -v update --service-name=nfs -D DOMAIN -C > /tmp/krb5cc_11872_nXpkOu --show-details > > and got > >* Found realm in keytab: DOMAIN >* Found service principal in keytab: host/m15015-lin.DOMAIN >* Found host qualified name in keytab: host/m15015-lin.DOMAIN >* Found service principal in keytab: host/M15015-LIN >* Found computer name in keytab: M15015-LIN >* Found service principal in keytab: host/m15015-lin >* Using domain name: DOMAIN >* Calculated computer account name from fqdn: M15015-LIN >* Using domain realm: DOMAIN >* Discovering domain controllers: _ldap._tcp.DOMAIN >* Sending netlogon pings to domain controller: cldap://X.X.X.X >* Sending netlogon pings to domain controller: cldap://X.X.X.X >* Sending netlogon pings to domain controller: cldap://X.X.x.X >* Received NetLogon info from: WinDC3.DOMAIN >* Wrote out krb5.conf snippet to > /tmp/adcli-krb5-Q9bim6/krb5.d/adcli-krb5-conf-ZzF3Xh >* Looked up short domain name: DOMAIN >* Using fully qualified name: m15015-lin >* Using domain name: DOMAIN >* Using computer account name: M15015-LIN >* Using domain realm: DOMAIN >* Using fully qualified name: m15015-lin.DOMAIN >* Enrolling computer name: M15015-LIN >* Generated 120 character computer password >* Using keytab: FILE:/etc/krb5.keytab >* Found computer account for M15015-LIN$ at: > CN=M15015-LIN,OU=Linux-Clients,OU=Client Computer,DC=DOMAIN >* Retrieved kvno '2' for computer account in directory: > CN=M15015-LIN,OU=Linux-Clients,OU=Client Computer,DC=DOMAIN >* Password not too old, no change needed >* Modifying computer account: userAccountControl >* Modifying computer account: operatingSystem >* Modifying computer account: userPrincipalName > > > The errorcode is 0. The cmd line --service-name is not working or do I > use the wrong argument? --service-name="nfs/HOSTNAME" is not working too. > > However, my AD and kerberos configuration is working and so other > updates to the computer account in AD are working like: > adcli -v update --os-version=19.04 -D DOMAIN -C > /tmp/krb5cc_11872_nXpkOu --show-details > This updates the attribute "operatingSystemVersion" for the computer > account in AD. > > > --- > Ubuntu 19.04 > adcli 0.8.2-1 > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing
[Bug 1831448] Re: adcli: not adding an additional service-name
To summarise, before talking about the Ubuntu specifics, for sure the first step would be to make sure 0.9.0 (including the fixes needed for this bug) is found in debian, then we'll be more amenable to discuss further more about the Ubuntu potential options (SRU micro release, bionic-backports, ...) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
if the "microrelease SRU" doesn't apply here, then as I stated earlier maybe bionic-backport would suits better. Let's see what Laurent says. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
@bigon, Is there any plan to bump adcli (universe package) version in debian/unstable to 0.9.0 and then possibly the Ubuntu stable releases using an SRU exception (taking into account the current freeze schedule) something such as microreleases[0] with your MOTU privileges. Since you are the "adcli" debian maintainer, and the Ubuntu "adcli" merger (according to d/changelog). [0] - https://wiki.ubuntu.com/StableReleaseUpdates#New_upstream_microreleases - Eric -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
@bigon, Is there any plan to bump adcli version in debian/unstable to 0.9.0 and then possibly the Ubuntu stable releases (Xenial/Bionic/Disco/Eoan/F-Series(next development release)) using SRU exception something such as microreleases[0] with your MOTU privileges using this policy: Since you are the "adcli" debian maintainer, and the Ubuntu "adcli" merger (according to d/changelog) [0] - https://wiki.ubuntu.com/StableReleaseUpdates#New_upstream_microreleases - Eric -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
Without looking further (so maybe more commits might be needed as well or not) so far the observed commits needed are : https://gitlab.freedesktop.org/realmd/adcli/commit/163730cf8c91fc8dc4f44eb1eca45daa3abf3ed8 https://gitlab.freedesktop.org/realmd/adcli/commit/8396b9bca05fec8022758c6930f1e594252ae296 https://gitlab.freedesktop.org/realmd/adcli/commit/4987a21f4839ab7ea50e932c72df05075efb89b3 https://gitlab.freedesktop.org/realmd/adcli/commit/cd296bf24e7cc56fb8d00bad7e9a56c539894309 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
After analysis, the 2 mentioned fixes depends on a few other commits as the fixes has been made on top and/or using functions not yet implemented in version "0.8.2-1". Meaning there is a significant amount of code change/add to be done that goes beyond the fix itself. I'm afraid this won't be eligible/suitable for SRU. As an alternative, a request[0] to the Ubuntu Backport Team[1] can possibly be try and see if a home for "adcli - 0.9.0" (with the required fixes) can be found in bionic-backports[2] instead, which IMHO will be more suitable (if accepted by backport team). That way bionic-update will remain at "0.8.2-1" and bionic-backports could have "0.9.X". Regards, Eric [0] - https://launchpad.net/ubp [1] - https://wiki.ubuntu.com/UbuntuBackports [2] - https://help.ubuntu.com/community/UbuntuBackports ** Changed in: adcli (Ubuntu Eoan) Assignee: Eric Desrochers (slashd) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1831448] Re: adcli: not adding an additional service-name
Sounds good, thanks! --- Jason Edgecombe | Linux Administrator UNC Charlotte | The William States Lee College of Engineering 9201 University City Blvd. | Charlotte, NC 28223-0001 Phone: 704-687-1943 jwedg...@uncc.edu | http://engr.uncc.edu | Facebook --- If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-1943. Thank you. On Mon, Sep 30, 2019 at 11:06 AM Eric Desrochers < eric.desroch...@canonical.com> wrote: > I'm investigating the feasibility of the patchset's backport at the > moment. > I'll update the bug as I make progress. > > Regards, > Eric > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1831448 > > Title: > adcli: not adding an additional service-name > > Status in adcli package in Ubuntu: > In Progress > Status in adcli source package in Xenial: > New > Status in adcli source package in Bionic: > New > Status in adcli source package in Disco: > New > Status in adcli source package in Eoan: > In Progress > Status in adcli package in CentOS: > Unknown > > Bug description: > I'm trying to add service principals to my computer in an Active > Directory environment. The command runs without errors but the > computer account attribute "servicePrincipalName" in AD is not > changed. > > The man page says > > - > > --service-name=service > > Additional service name for a Kerberos principal to be created on the > computer account. This option may be specified multiple times. > > -- > > I've tried this by > >adcli -v update --service-name=nfs -D DOMAIN -C > /tmp/krb5cc_11872_nXpkOu --show-details > > and got > >* Found realm in keytab: DOMAIN >* Found service principal in keytab: host/m15015-lin.DOMAIN >* Found host qualified name in keytab: host/m15015-lin.DOMAIN >* Found service principal in keytab: host/M15015-LIN >* Found computer name in keytab: M15015-LIN >* Found service principal in keytab: host/m15015-lin >* Using domain name: DOMAIN >* Calculated computer account name from fqdn: M15015-LIN >* Using domain realm: DOMAIN >* Discovering domain controllers: _ldap._tcp.DOMAIN >* Sending netlogon pings to domain controller: cldap://X.X.X.X >* Sending netlogon pings to domain controller: cldap://X.X.X.X >* Sending netlogon pings to domain controller: cldap://X.X.x.X >* Received NetLogon info from: WinDC3.DOMAIN >* Wrote out krb5.conf snippet to > /tmp/adcli-krb5-Q9bim6/krb5.d/adcli-krb5-conf-ZzF3Xh >* Looked up short domain name: DOMAIN >* Using fully qualified name: m15015-lin >* Using domain name: DOMAIN >* Using computer account name: M15015-LIN >* Using domain realm: DOMAIN >* Using fully qualified name: m15015-lin.DOMAIN >* Enrolling computer name: M15015-LIN >* Generated 120 character computer password >* Using keytab: FILE:/etc/krb5.keytab >* Found computer account for M15015-LIN$ at: > CN=M15015-LIN,OU=Linux-Clients,OU=Client Computer,DC=DOMAIN >* Retrieved kvno '2' for computer account in directory: > CN=M15015-LIN,OU=Linux-Clients,OU=Client Computer,DC=DOMAIN >* Password not too old, no change needed >* Modifying computer account: userAccountControl >* Modifying computer account: operatingSystem >* Modifying computer account: userPrincipalName > > > The errorcode is 0. The cmd line --service-name is not working or do I > use the wrong argument? --service-name="nfs/HOSTNAME" is not working too. > > However, my AD and kerberos configuration is working and so other > updates to the computer account in AD are working like: > adcli -v update --os-version=19.04 -D DOMAIN -C > /tmp/krb5cc_11872_nXpkOu --show-details > This updates the attribute "operatingSystemVersion" for the computer > account in AD. > > > --- > Ubuntu 19.04 > adcli 0.8.2-1 > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
I'm investigating the feasibility of the patchset's backport at the moment. I'll update the bug as I make progress. Regards, Eric -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1831448] Re: adcli: not adding an additional service-name
How can I get the new version to test? --- Jason Edgecombe | Linux Administrator UNC Charlotte | The William States Lee College of Engineering 9201 University City Blvd. | Charlotte, NC 28223-0001 Phone: 704-687-1943 jwedg...@uncc.edu | http://engr.uncc.edu | Facebook --- If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-1943. Thank you. On Mon, Sep 30, 2019 at 10:30 AM Eric Desrochers < eric.desroch...@canonical.com> wrote: > $ rmadison adcli > adcli | 0.7.5-1 | trusty/universe | source, amd64, arm64, armhf, i386, > powerpc, ppc64el > adcli | 0.8.1-1 | xenial/universe | source, amd64, arm64, armhf, i386, > powerpc, ppc64el, s390x > adcli | 0.8.2-1 | bionic/universe | source, amd64, arm64, armhf, i386, > ppc64el, s390x > adcli | 0.8.2-1 | disco/universe | source, amd64, arm64, armhf, i386, > ppc64el, s390x > adcli | 0.8.2-1 | eoan/universe | source, amd64, arm64, armhf, i386, > ppc64el, s390x > > > $ git log --oneline --grep="id=1644311" > 4987a21 library: return error if no matching key was found > cd296bf join: always add service principals > > $ git describe --contains 4987a21 > 0.9.0~23 > > $ git describe --contains cd296bf > 0.9.0~24 > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1831448 > > Title: > adcli: not adding an additional service-name > > Status in adcli package in Ubuntu: > In Progress > Status in adcli source package in Xenial: > New > Status in adcli source package in Bionic: > New > Status in adcli source package in Disco: > New > Status in adcli source package in Eoan: > In Progress > Status in adcli package in CentOS: > Unknown > > Bug description: > I'm trying to add service principals to my computer in an Active > Directory environment. The command runs without errors but the > computer account attribute "servicePrincipalName" in AD is not > changed. > > The man page says > > - > > --service-name=service > > Additional service name for a Kerberos principal to be created on the > computer account. This option may be specified multiple times. > > -- > > I've tried this by > >adcli -v update --service-name=nfs -D DOMAIN -C > /tmp/krb5cc_11872_nXpkOu --show-details > > and got > >* Found realm in keytab: DOMAIN >* Found service principal in keytab: host/m15015-lin.DOMAIN >* Found host qualified name in keytab: host/m15015-lin.DOMAIN >* Found service principal in keytab: host/M15015-LIN >* Found computer name in keytab: M15015-LIN >* Found service principal in keytab: host/m15015-lin >* Using domain name: DOMAIN >* Calculated computer account name from fqdn: M15015-LIN >* Using domain realm: DOMAIN >* Discovering domain controllers: _ldap._tcp.DOMAIN >* Sending netlogon pings to domain controller: cldap://X.X.X.X >* Sending netlogon pings to domain controller: cldap://X.X.X.X >* Sending netlogon pings to domain controller: cldap://X.X.x.X >* Received NetLogon info from: WinDC3.DOMAIN >* Wrote out krb5.conf snippet to > /tmp/adcli-krb5-Q9bim6/krb5.d/adcli-krb5-conf-ZzF3Xh >* Looked up short domain name: DOMAIN >* Using fully qualified name: m15015-lin >* Using domain name: DOMAIN >* Using computer account name: M15015-LIN >* Using domain realm: DOMAIN >* Using fully qualified name: m15015-lin.DOMAIN >* Enrolling computer name: M15015-LIN >* Generated 120 character computer password >* Using keytab: FILE:/etc/krb5.keytab >* Found computer account for M15015-LIN$ at: > CN=M15015-LIN,OU=Linux-Clients,OU=Client Computer,DC=DOMAIN >* Retrieved kvno '2' for computer account in directory: > CN=M15015-LIN,OU=Linux-Clients,OU=Client Computer,DC=DOMAIN >* Password not too old, no change needed >* Modifying computer account: userAccountControl >* Modifying computer account: operatingSystem >* Modifying computer account: userPrincipalName > > > The errorcode is 0. The cmd line --service-name is not working or do I > use the wrong argument? --service-name="nfs/HOSTNAME" is not working too. > > However, my AD and kerberos configuration is working and so other > updates to the computer account in AD are working like: > adcli -v update --os-version=19.04 -D DOMAIN -C > /tmp/krb5cc_11872_nXpkOu --show-details > This updates the attribute "operatingSystemVersion" for the computer > account in AD. > > > --- > Ubuntu 19.04 > adcli 0.8.2-1 > > To manage notifications about
[Bug 1831448] Re: adcli: not adding an additional service-name
$ rmadison adcli adcli | 0.7.5-1 | trusty/universe | source, amd64, arm64, armhf, i386, powerpc, ppc64el adcli | 0.8.1-1 | xenial/universe | source, amd64, arm64, armhf, i386, powerpc, ppc64el, s390x adcli | 0.8.2-1 | bionic/universe | source, amd64, arm64, armhf, i386, ppc64el, s390x adcli | 0.8.2-1 | disco/universe | source, amd64, arm64, armhf, i386, ppc64el, s390x adcli | 0.8.2-1 | eoan/universe | source, amd64, arm64, armhf, i386, ppc64el, s390x $ git log --oneline --grep="id=1644311" 4987a21 library: return error if no matching key was found cd296bf join: always add service principals $ git describe --contains 4987a21 0.9.0~23 $ git describe --contains cd296bf 0.9.0~24 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
** Also affects: adcli (Ubuntu Disco) Importance: Undecided Status: New ** Also affects: adcli (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: adcli (Ubuntu Eoan) Importance: Undecided Status: Confirmed ** Also affects: adcli (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: adcli (Ubuntu Eoan) Status: Confirmed => In Progress ** Changed in: adcli (Ubuntu Eoan) Assignee: (unassigned) => Eric Desrochers (slashd) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
Thanks! So I'm looking forward for someone is porting a new package for ubuntu... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
Sorry, I gave the wrong RedHat errata link. Here is the right one: https://access.redhat.com/errata/RHEA-2019:2256 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
FYI, the related RedHat bugzilla bug is at https://bugzilla.redhat.com/show_bug.cgi?id=1644311 ** Also affects: adcli (CentOS) via https://bugzilla.redhat.com/show_bug.cgi?id=1644311 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
Hi Alexander, RedHat fixed this issue in https://rhn.redhat.com/errata/RHBA-2016-0763.html , which is why CentOS7 works, but I think the patch needs to be ported to ubuntu. ** Bug watch added: Red Hat Bugzilla #1644311 https://bugzilla.redhat.com/show_bug.cgi?id=1644311 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
I've tested it on CentOS 7 as well and it is working there! adcli -v update --service-name="nfs/centos7" --os-version=centos -D DOMAIN -C /tmp/krb5cc_0 --show-details This adds nfs service principals on centos 7 with adcli 0.8.1 # yum info adcli Geladene Plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirror.23media.com * centosplus: mirror.imt-systems.com * epel: mirror.imt-systems.com * extras: mirror.imt-systems.com * updates: mirror.imt-systems.com Installierte Pakete Name : adcli Architektur : x86_64 Version: 0.8.1 Ausgabe: 6.el7_6.1 Größe : 318 k Quelle : installed Aus Quelle : updates Zusammenfassung: Active Directory enrollment URL: http://cgit.freedesktop.org/realmd/adcli Lizenz : LGPLv2+ Beschreibung: adcli is a library and tool for joining an Active Directory domain using : standard LDAP and Kerberos calls. On Ubuntu 19.04 there is adcli 0.8.2-1 amd64Tool for performing actions on an Active Directory domain but adcli -v update --service-name="nfs/kubuntu-latest" --os-version=ubuntu -D DOMAIN -C /tmp/krb5cc_10011_RNMrYn --show-details does not change anything. If I only update --os-version this is working. When only trying to update --service-name nothing happens to the AD attributes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
I'm having an issue with using adcli to add a service name on Ubuntu 18.04 as well. It works on RHEL8. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1831448] Re: adcli: not adding an additional service-name
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: adcli (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs