[Desktop-packages] [Bug 2051363] Re: Cannot perform certificate auto-enroll without NDES installed
SRU information missing from the description -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2051363 Title: Cannot perform certificate auto-enroll without NDES installed Status in adsys package in Ubuntu: Fix Released Bug description: NDES role should not be mandatory in order to perform certificate auto-enrollment with adsys. Samba/ADSys is able to take advantage of the NDES endpoint to install the root certificate chain, but is also able to infer the certificate information from LDAP. Due to a bug in the Samba implementation of cert-autoenroll, the root cert is not parsed properly if the NDES component is not installed -- so in the current state attempting auto-enrollment without NDES installed will result in an error like the following: 2024-01-08 16:11:07.809|[W26775]| Failed to fetch the root certificate chain. | {} 2024-01-08 16:11:07.809|[W05621]| The Network Device Enrollment Service is either not installed or not configured. | {} 2024-01-08 16:11:07.809|[W11946]| Installing the server certificate only. | {} Traceback (most recent call last): File "", line 142, in File "", line 89, in main File "", line 20, in enroll File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 502, in __enroll self.apply(guid, ca, cert_enroll, ca, ldb, trust_dir, File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 369, in apply data = applier_func(*args, **kwargs) ^ File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 274, in cert_enroll root_certs = getca(ca, url, trust_dir) ^ File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 221, in getca cert = load_der_x509_certificate(ca['cACertificate'], ^^ File "/usr/lib/python3/dist-packages/cryptography/x509/base.py", line 528, in load_der_x509_certificate return rust_x509.load_der_x509_certificate(data) ^ TypeError: argument 'data': 'str' object cannot be converted to 'PyBytes' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2051363/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2051363] Re: Cannot perform certificate auto-enroll without NDES installed
This bug was fixed in the package adsys - 0.13.3 --- adsys (0.13.3) noble; urgency=medium * Fix cert auto-enroll without NDES (LP: #2051363) * Refresh policy definition files (remove Lunar support) * CI and quality of life changes not impacting package functionality: - Bump github actions to latest: - actions/download-artifact - actions/setup-go - actions/upload-artifact * Update dependencies to latest: - github.com/charmbracelet/bubbles - github.com/charmbracelet/bubbletea - github.com/google/uuid - github.com/spf13/viper - golang.org/x/crypto - golang.org/x/net - golang.org/x/sync - golang.org/x/sys - google.golang.org/grpc - google.golang.org/protobuf -- Gabriel Nagy Fri, 26 Jan 2024 13:57:46 +0200 ** Changed in: adsys (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2051363 Title: Cannot perform certificate auto-enroll without NDES installed Status in adsys package in Ubuntu: Fix Released Bug description: NDES role should not be mandatory in order to perform certificate auto-enrollment with adsys. Samba/ADSys is able to take advantage of the NDES endpoint to install the root certificate chain, but is also able to infer the certificate information from LDAP. Due to a bug in the Samba implementation of cert-autoenroll, the root cert is not parsed properly if the NDES component is not installed -- so in the current state attempting auto-enrollment without NDES installed will result in an error like the following: 2024-01-08 16:11:07.809|[W26775]| Failed to fetch the root certificate chain. | {} 2024-01-08 16:11:07.809|[W05621]| The Network Device Enrollment Service is either not installed or not configured. | {} 2024-01-08 16:11:07.809|[W11946]| Installing the server certificate only. | {} Traceback (most recent call last): File "", line 142, in File "", line 89, in main File "", line 20, in enroll File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 502, in __enroll self.apply(guid, ca, cert_enroll, ca, ldb, trust_dir, File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 369, in apply data = applier_func(*args, **kwargs) ^ File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 274, in cert_enroll root_certs = getca(ca, url, trust_dir) ^ File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 221, in getca cert = load_der_x509_certificate(ca['cACertificate'], ^^ File "/usr/lib/python3/dist-packages/cryptography/x509/base.py", line 528, in load_der_x509_certificate return rust_x509.load_der_x509_certificate(data) ^ TypeError: argument 'data': 'str' object cannot be converted to 'PyBytes' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2051363/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2051363] Re: Cannot perform certificate auto-enroll without NDES installed
** Changed in: adsys (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2051363 Title: Cannot perform certificate auto-enroll without NDES installed Status in adsys package in Ubuntu: Fix Committed Bug description: NDES role should not be mandatory in order to perform certificate auto-enrollment with adsys. Samba/ADSys is able to take advantage of the NDES endpoint to install the root certificate chain, but is also able to infer the certificate information from LDAP. Due to a bug in the Samba implementation of cert-autoenroll, the root cert is not parsed properly if the NDES component is not installed -- so in the current state attempting auto-enrollment without NDES installed will result in an error like the following: 2024-01-08 16:11:07.809|[W26775]| Failed to fetch the root certificate chain. | {} 2024-01-08 16:11:07.809|[W05621]| The Network Device Enrollment Service is either not installed or not configured. | {} 2024-01-08 16:11:07.809|[W11946]| Installing the server certificate only. | {} Traceback (most recent call last): File "", line 142, in File "", line 89, in main File "", line 20, in enroll File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 502, in __enroll self.apply(guid, ca, cert_enroll, ca, ldb, trust_dir, File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 369, in apply data = applier_func(*args, **kwargs) ^ File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 274, in cert_enroll root_certs = getca(ca, url, trust_dir) ^ File "/usr/share/adsys/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py", line 221, in getca cert = load_der_x509_certificate(ca['cACertificate'], ^^ File "/usr/lib/python3/dist-packages/cryptography/x509/base.py", line 528, in load_der_x509_certificate return rust_x509.load_der_x509_certificate(data) ^ TypeError: argument 'data': 'str' object cannot be converted to 'PyBytes' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2051363/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp