The branch, master has been updated via 377d27359cc s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join via 68121f46c74 s3-libnet_join: setup libnet join error string when AD connect fails via ea29aa27cba s3-libnet_join: always pass down admin domain to ads layer from a80ea6bf4fe rpc: Fix a typo
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 377d27359ccdb8f2680fda36ca388f44456590e5 Author: Günther Deschner <g...@samba.org> Date: Tue Apr 2 13:16:55 2019 +0200 s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join When a non-DNS and non-default admin domain is provided during the join sometimes we might not be able to kinit with 'user@SHORTDOMAINNAME' (e.g. when the winbind krb5 locator is not installed). In that case lets fallback to NTLMSSP, like we do in winbind. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Wed Apr 3 18:57:31 UTC 2019 on sn-devel-144 commit 68121f46c74df9cef7a377040d01ba75cdcf5a26 Author: Günther Deschner <g...@samba.org> Date: Tue Apr 2 13:16:11 2019 +0200 s3-libnet_join: setup libnet join error string when AD connect fails BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit ea29aa27cbac4253ee1701fed99a3e0811f7475d Author: Günther Deschner <g...@samba.org> Date: Tue Apr 2 13:14:06 2019 +0200 s3-libnet_join: always pass down admin domain to ads layer Otherwise we could loose the information that a non-default domain name has been used for admin creds. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/libnet/libnet_join.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) Changeset truncated at 500 lines: diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index e052306523d..b876d7ea89f 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -145,6 +145,8 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name, return ADS_ERROR_LDAP(LDAP_NO_MEMORY); } + my_ads->auth.flags |= ADS_AUTH_ALLOW_NTLMSSP; + if (user_name) { SAFE_FREE(my_ads->auth.user_name); my_ads->auth.user_name = SMB_STRDUP(user_name); @@ -205,7 +207,19 @@ static ADS_STATUS libnet_join_connect_ads(TALLOC_CTX *mem_ctx, password = r->in.machine_password; ccname = "MEMORY:libnet_join_machine_creds"; } else { + char *p = NULL; + username = r->in.admin_account; + + p = strchr(r->in.admin_account, '@'); + if (p == NULL) { + username = talloc_asprintf(mem_ctx, "%s@%s", + r->in.admin_account, + r->in.admin_domain); + } + if (username == NULL) { + return ADS_ERROR(LDAP_NO_MEMORY); + } password = r->in.admin_password; /* @@ -2643,6 +2657,9 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, ads_status = libnet_join_connect_ads_user(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to connect to AD: %s", + ads_errstr(ads_status)); return WERR_NERR_DEFAULTJOINREQUIRED; } -- Samba Shared Repository