@bigon, I made the request more "official" by reporting a bug in Debian against adcli:
# adcli new release 0.9.0 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941583 Regards, Eric ** Bug watch added: Debian Bug tracker #941583 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941583 ** Also affects: adcli (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941583 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1831448 Title: adcli: not adding an additional service-name Status in adcli package in Ubuntu: New Status in adcli source package in Xenial: New Status in adcli source package in Bionic: New Status in adcli source package in Disco: New Status in adcli source package in Eoan: New Status in adcli package in CentOS: Unknown Status in adcli package in Debian: Unknown Bug description: I'm trying to add service principals to my computer in an Active Directory environment. The command runs without errors but the computer account attribute "servicePrincipalName" in AD is not changed. The man page says ----- --service-name=service Additional service name for a Kerberos principal to be created on the computer account. This option may be specified multiple times. ------ I've tried this by adcli -v update --service-name=nfs -D DOMAIN -C /tmp/krb5cc_11872_nXpkOu --show-details and got * Found realm in keytab: DOMAIN * Found service principal in keytab: host/m15015-lin.DOMAIN * Found host qualified name in keytab: host/m15015-lin.DOMAIN * Found service principal in keytab: host/M15015-LIN * Found computer name in keytab: M15015-LIN * Found service principal in keytab: host/m15015-lin * Using domain name: DOMAIN * Calculated computer account name from fqdn: M15015-LIN * Using domain realm: DOMAIN * Discovering domain controllers: _ldap._tcp.DOMAIN * Sending netlogon pings to domain controller: cldap://X.X.X.X * Sending netlogon pings to domain controller: cldap://X.X.X.X * Sending netlogon pings to domain controller: cldap://X.X.x.X * Received NetLogon info from: WinDC3.DOMAIN * Wrote out krb5.conf snippet to /tmp/adcli-krb5-Q9bim6/krb5.d/adcli-krb5-conf-ZzF3Xh * Looked up short domain name: DOMAIN * Using fully qualified name: m15015-lin * Using domain name: DOMAIN * Using computer account name: M15015-LIN * Using domain realm: DOMAIN * Using fully qualified name: m15015-lin.DOMAIN * Enrolling computer name: M15015-LIN * Generated 120 character computer password * Using keytab: FILE:/etc/krb5.keytab * Found computer account for M15015-LIN$ at: CN=M15015-LIN,OU=Linux-Clients,OU=Client Computer,DC=DOMAIN * Retrieved kvno '2' for computer account in directory: CN=M15015-LIN,OU=Linux-Clients,OU=Client Computer,DC=DOMAIN * Password not too old, no change needed * Modifying computer account: userAccountControl * Modifying computer account: operatingSystem * Modifying computer account: userPrincipalName The errorcode is 0. The cmd line --service-name is not working or do I use the wrong argument? --service-name="nfs/HOSTNAME" is not working too. However, my AD and kerberos configuration is working and so other updates to the computer account in AD are working like: adcli -v update --os-version=19.04 -D DOMAIN -C /tmp/krb5cc_11872_nXpkOu --show-details This updates the attribute "operatingSystemVersion" for the computer account in AD. --- Ubuntu 19.04 adcli 0.8.2-1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp