The branch, v4-22-test has been updated
via 95099cef157 WHATSNEW: add krb5 netlogon smb.conf options
via d589ae806b2 s3:testparm: make it clear that 'client use krb5
netlogon' is experimental
via 6833384a1b8 samba-tool/testparm: make it clear that 'client use
krb5 netlogon' is experimental
via 9fe35b7767d docs-xml/smbdotconf: make it clear that 'client use
krb5 netlogon' is experimental
from 1c31c4d4498 VERSION: Bump version up to Samba 4.22.0rc4...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-22-test
- Log -----------------------------------------------------------------
commit 95099cef1573d4261d4e585a8ab49302c6083df6
Author: Stefan Metzmacher <[email protected]>
Date: Sat Feb 22 16:54:42 2025 +0100
WHATSNEW: add krb5 netlogon smb.conf options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15815
Signed-off-by: Stefan Metzmacher <[email protected]>
Autobuild-User(v4-22-test): Jule Anger <[email protected]>
Autobuild-Date(v4-22-test): Wed Feb 26 10:09:36 UTC 2025 on atb-devel-224
commit d589ae806b222c4009f12468c1ae133e7403927e
Author: Stefan Metzmacher <[email protected]>
Date: Sat Feb 22 15:58:51 2025 +0100
s3:testparm: make it clear that 'client use krb5 netlogon' is experimental
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15815
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Autobuild-User(master): Volker Lendecke <[email protected]>
Autobuild-Date(master): Mon Feb 24 08:43:55 UTC 2025 on atb-devel-224
(cherry picked from commit 154875244c5a349e04605cad1f66cb26aeaf86d7)
commit 6833384a1b89f2561493269dbce8c76d03a775c8
Author: Stefan Metzmacher <[email protected]>
Date: Sat Feb 22 15:58:51 2025 +0100
samba-tool/testparm: make it clear that 'client use krb5 netlogon' is
experimental
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15815
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(cherry picked from commit 5fc5f90dee13ab5168c22fd53b89c582f3d582e9)
commit 9fe35b7767dd6ccf31f4bfe0cf0f0089af075fad
Author: Stefan Metzmacher <[email protected]>
Date: Sat Feb 22 15:58:51 2025 +0100
docs-xml/smbdotconf: make it clear that 'client use krb5 netlogon' is
experimental
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15815
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(cherry picked from commit 54514ad809ef2e70b772906a815b27a0950a5341)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 4 ++++
docs-xml/smbdotconf/winbind/clientusekrb5netlogon.xml | 5 +++++
python/samba/netcmd/testparm.py | 10 ++++++++++
source3/utils/testparm.c | 13 +++++++++++++
4 files changed, 32 insertions(+)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index b7e111ec06d..008e45d7afe 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -74,6 +74,10 @@ smb.conf changes
smb3 directory leases New Auto
vfs mkdir use tmp name New Auto
client netlogon ping protocol New cldap
+ client use krb5 netlogon Experimental no
+ reject aes netlogon servers Experimental no
+ server reject aes schannel Experimental no
+ server support krb5 netlogon Experimental no
fruit:posix_rename Removed
cldap port Removed
diff --git a/docs-xml/smbdotconf/winbind/clientusekrb5netlogon.xml
b/docs-xml/smbdotconf/winbind/clientusekrb5netlogon.xml
index ad0fc907903..e65941eb901 100644
--- a/docs-xml/smbdotconf/winbind/clientusekrb5netlogon.xml
+++ b/docs-xml/smbdotconf/winbind/clientusekrb5netlogon.xml
@@ -39,6 +39,11 @@
is detected as active directory domain, e.g.
with 'SECURITY = ADS' or on an active directory domain controller.
</para>
+
+ <para><emphasis>
+ WARNING: This option is experimental in this Samba version
+ (see VERSION section below) and should not be used in production!
+ </emphasis></para>
</description>
<value type="default">default</value>
diff --git a/python/samba/netcmd/testparm.py b/python/samba/netcmd/testparm.py
index 6fbde635a7d..cd854feee9c 100644
--- a/python/samba/netcmd/testparm.py
+++ b/python/samba/netcmd/testparm.py
@@ -191,6 +191,16 @@ class cmd_testparm(Command):
"'allow_sasl_without_tls_channel_bindings' "
"(if really needed).")
+ cli_krb5_netlogon = lp.get("client use krb5 netlogon")
+ if cli_krb5_netlogon not in ["no", "default"]:
+ logger.error(
+ "You have configured "
+ "'client use krb5 netlogon = %s'.\n"
+ "This is experimental in Samba %s "
+ "and should not be used in production!\n\n" %
+ (cli_krb5_netlogon, samba.version))
+ valid = False
+
return valid
def allow_access(self, deny_list, allow_list, cname, caddr):
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 55c9bf1e076..a93bc020607 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -359,6 +359,7 @@ static int do_global_checks(void)
const char **lp_ptr = NULL;
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
+ int ival;
fprintf(stderr, "\n");
@@ -784,6 +785,18 @@ static int do_global_checks(void)
"options\n\n");
}
+ ival = lp__client_use_krb5_netlogon();
+ if (ival > 0) {
+ fprintf(stderr,
+ "ERROR: You have configured "
+ "'client use krb5 netlogon = %s'.\n"
+ "This is experimental in Samba %s "
+ "and should not be used in production!\n\n",
+ ival == Auto ? "auto" : "yes",
+ samba_version_string());
+ ret = 1;
+ }
+
if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY) {
fprintf(stderr,
"WARNING: You have configured "
--
Samba Shared Repository
