Sorry, I was on vaccation.
I can confirm that the backports work as expected with "ad_use_ldaps =
True" on both bionic and focal.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
I've done a fairly simple test using the latest Ubuntu 18.04 and can
confirm that with "ad_use_ldaps = True" set in sssd.conf, sssd appears
to only be making connections over ports 636 & 3269.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Hi Tobias, Thorstein, and anyone who is after a backport of these
patches,
I have completed backporting the below patches to the Bionic and Focal
adcli and sssd packages, and I am looking for some help with testing. If
you have some spare time, a Windows Active Directory server available,
and
** Changed in: adcli (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: adcli (Ubuntu Bionic)
Status: Confirmed => In Progress
** Changed in: adcli (Ubuntu Bionic)
Assignee: (unassigned) => Matthew Ruffell (mruffell)
** Changed in: adcli (Ubuntu Focal)
Importance:
Yes, that's the plan.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Support new AD requirements (ADV190023)
To manage notifications about this bug go to:
Can we now get patched adcli and sssd backported to bionic and focal?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Support new AD requirements (ADV190023)
To manage notifications
This bug was fixed in the package adcli - 0.9.0-1ubuntu1
---
adcli (0.9.0-1ubuntu1) groovy; urgency=medium
* New features (LP: #1893784):
- d/p/tools-add-show-computer-command.patch: add a show-computer
command to print the LDAP attrs of the computer object
-
This one is a bit more risky, as it changes the default behavior of now
preferring GSS-SPNEGO if available. We missed taking care of this one
earlier, so arguments 'it's too late' do not make much sense. I assume
that the server team did enough testing of this in the meantime, so I
think we can
** Changed in: adcli (Ubuntu Eoan)
Status: Confirmed => Won't Fix
** Changed in: adcli (Ubuntu Disco)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Description changed:
Please backport the following patch to add the option ad_use_ldaps.
With this new boolean option the AD provider should only use the LDAPS port
636 and the Global Catalog port 3629 which is TLS protected as well.
https://github.com/SSSD/sssd/pull/969
This
Switched bug to "New" so it can be considered by the release team.
** Changed in: adcli (Ubuntu Groovy)
Status: Confirmed => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
** Bug watch added: github.com/cyrusimap/cyrus-sasl/issues #600
https://github.com/cyrusimap/cyrus-sasl/issues/600
** Also affects: cyrus-sasl2 via
https://github.com/cyrusimap/cyrus-sasl/issues/600
Importance: Unknown
Status: Unknown
--
You received this bug notification
Oh, I missed that this was an update for the *client* (windows 10), not
the server. Hm. Confusing.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Support new AD requirements
https://support.microsoft.com/en-us/help/4559003/windows-10-update-
kb4559003
Reading beyond the "highlights", one can see:
"Addresses an issue that incorrectly reports Lightweight Directory
Access Protocol (LDAP) sessions as unsecure sessions in Event ID 2889.
This occurs when the LDAP session
That is very likely, but first I have to get it into groovy, which is
past Feature Freeze. The MP was approved already, but I need a +1 from
the release team before uploading.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Are there any indications of this being included in Focal and Bionic
anytime soon?
We're looking at a setup with RHEL 7 and 8 servers where we can use
ad_use_ldaps and Ubuntu servers where we cannot.. It would be nicer to
be able to use the same config on both :) Unfortunately the network guys
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: sssd (Ubuntu Bionic)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: adcli (Ubuntu Eoan)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: adcli (Ubuntu Groovy)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: adcli (Ubuntu Bionic)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: adcli (Ubuntu Disco)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: adcli (Ubuntu Focal)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
** Description changed:
Please backport the following patch to add the option ad_use_ldaps.
With this new boolean option the AD provider should only use the LDAPS port
636 and the Global Catalog port 3629 which is TLS protected as well.
https://github.com/SSSD/sssd/pull/969
This
** Description changed:
Please backport the following patch to add the option ad_use_ldaps.
With this new boolean option the AD provider should only use the LDAPS port
636 and the Global Catalog port 3629 which is TLS protected as well.
https://github.com/SSSD/sssd/pull/969
This
** Merge proposal linked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/adcli/+git/adcli/+merge/390164
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Support new AD
I wonder if Microsoft changed the behaviour since early this year? I've
seen mailing list posts stating that a simple ldapsearch with gssapi
would succeed, even with the server enforcing rules on signing enabled,
but still log the 2889 event. But I don't see that now.
This works and does not
26 matches
Mail list logo