Public bug reported: I'm trying to add service principals to my computer in an Active Directory environment. The command runs without errors but the computer account attribute "servicePrincipalName" in AD is not changed.
The man page says ----- --service-name=service Additional service name for a Kerberos principal to be created on the computer account. This option may be specified multiple times. ------ I've tried this by adcli -v update --service-name=nfs -D DOMAIN -C /tmp/krb5cc_11872_nXpkOu --show-details and got * Found realm in keytab: DOMAIN * Found service principal in keytab: host/m15015-lin.DOMAIN * Found host qualified name in keytab: host/m15015-lin.DOMAIN * Found service principal in keytab: host/M15015-LIN * Found computer name in keytab: M15015-LIN * Found service principal in keytab: host/m15015-lin * Using domain name: DOMAIN * Calculated computer account name from fqdn: M15015-LIN * Using domain realm: DOMAIN * Discovering domain controllers: _ldap._tcp.DOMAIN * Sending netlogon pings to domain controller: cldap://X.X.X.X * Sending netlogon pings to domain controller: cldap://X.X.X.X * Sending netlogon pings to domain controller: cldap://X.X.x.X * Received NetLogon info from: WinDC3.DOMAIN * Wrote out krb5.conf snippet to /tmp/adcli-krb5-Q9bim6/krb5.d/adcli-krb5-conf-ZzF3Xh * Looked up short domain name: DOMAIN * Using fully qualified name: m15015-lin * Using domain name: DOMAIN * Using computer account name: M15015-LIN * Using domain realm: DOMAIN * Using fully qualified name: m15015-lin.DOMAIN * Enrolling computer name: M15015-LIN * Generated 120 character computer password * Using keytab: FILE:/etc/krb5.keytab * Found computer account for M15015-LIN$ at: CN=M15015-LIN,OU=Linux-Clients,OU=Client Computer,DC=DOMAIN * Retrieved kvno '2' for computer account in directory: CN=M15015-LIN,OU=Linux-Clients,OU=Client Computer,DC=DOMAIN * Password not too old, no change needed * Modifying computer account: userAccountControl * Modifying computer account: operatingSystem * Modifying computer account: userPrincipalName The errorcode is 0. The cmd line --service-name is not working or do I use the wrong argument? --service-name="nfs/HOSTNAME" is not working too. However, my AD and kerberos configuration is working and so other updates to the computer account in AD are working like: adcli -v update --os-version=19.04 -D DOMAIN -C /tmp/krb5cc_11872_nXpkOu --show-details This updates the attribute "operatingSystemVersion" for the computer account in AD. --- Ubuntu 19.04 adcli 0.8.2-1 ** Affects: adcli (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
