Performing verification of adcli on Groovy. Groovy only required one patch, which fixed a missed enablement of --use-ldaps for the testjoin and update commands.
So, just testing those two. I installed adcli 0.9.0-1ubuntu1 from -updates, and I set everything up by issuing a join command. After that, I tried the --use-ldaps flag with testjoin and update commands: # adcli testjoin --use-ldaps --verbose --domain WIN-SB6JAS7PH22.testing.local --domain-controller WIN-SB6JAS7PH22.testing.local testjoin: unrecognized option '--use-ldaps' usage: adcli testjoin # adcli update --use-ldaps --verbose --domain WIN-SB6JAS7PH22.testing.local --domain-controller WIN-SB6JAS7PH22.testing.local update: unrecognized option '--use-ldaps' usage: adcli update I then enabled -proposed, and installed adcli 0.9.0-1ubuntu1.2 and tried again: We block port 389 on firewall, so # ufw deny 389 # ufw deny 3268 Then try testjoin and update: # adcli testjoin --use-ldaps --verbose --domain WIN-SB6JAS7PH22.testing.local --domain-controller WIN-SB6JAS7PH22.testing.local * Found realm in keytab: TESTING.LOCAL * Found computer name in keytab: UBUNTU * Found service principal in keytab: host/UBUNTU * Found service principal in keytab: host/ubuntu.testing.local * Found host qualified name in keytab: ubuntu.testing.local * Found service principal in keytab: RestrictedKrbHost/UBUNTU * Found service principal in keytab: RestrictedKrbHost/ubuntu.testing.local * Using domain name: WIN-SB6JAS7PH22.testing.local * Calculated computer account name from fqdn: UBUNTU * Using domain realm: WIN-SB6JAS7PH22.testing.local * Sending NetLogon ping to domain controller: WIN-SB6JAS7PH22.testing.local * Received NetLogon info from: WIN-SB6JAS7PH22.testing.local * Wrote out krb5.conf snippet to /tmp/adcli-krb5-6SRtqJ/krb5.d/adcli-krb5-conf-YGzgnK * Authenticated as default/reset computer account: UBUNTU * Using LDAPS to connect to WIN-SB6JAS7PH22.testing.local * Looked up short domain name: TESTING * Looked up domain SID: S-1-5-21-960071060-1417404557-720088570 Sucessfully validated join to domain WIN-SB6JAS7PH22.testing.local # adcli update --use-ldaps --verbose --domain WIN-SB6JAS7PH22.testing.local --domain-controller WIN-SB6JAS7PH22.testing.local * Found realm in keytab: TESTING.LOCAL * Found computer name in keytab: UBUNTU * Found service principal in keytab: host/UBUNTU * Found service principal in keytab: host/ubuntu.testing.local * Found host qualified name in keytab: ubuntu.testing.local * Found service principal in keytab: RestrictedKrbHost/UBUNTU * Found service principal in keytab: RestrictedKrbHost/ubuntu.testing.local * Using domain name: WIN-SB6JAS7PH22.testing.local * Calculated computer account name from fqdn: UBUNTU * Using domain realm: WIN-SB6JAS7PH22.testing.local * Sending NetLogon ping to domain controller: WIN-SB6JAS7PH22.testing.local * Received NetLogon info from: WIN-SB6JAS7PH22.testing.local * Wrote out krb5.conf snippet to /tmp/adcli-krb5-6FQ1ZS/krb5.d/adcli-krb5-conf-LHowkP * Authenticated as default/reset computer account: UBUNTU * Using LDAPS to connect to WIN-SB6JAS7PH22.testing.local * Looked up short domain name: TESTING * Looked up domain SID: S-1-5-21-960071060-1417404557-720088570 * Using fully qualified name: ubuntu * Using domain name: WIN-SB6JAS7PH22.testing.local * Using computer account name: UBUNTU * Using domain realm: WIN-SB6JAS7PH22.testing.local * Using fully qualified name: ubuntu.testing.local * Enrolling computer name: UBUNTU * Generated 120 character computer password * Using keytab: FILE:/etc/krb5.keytab * Found computer account for UBUNTU$ at: CN=UBUNTU,CN=Computers,DC=testing,DC=local * Retrieved kvno '12' for computer account in directory: CN=UBUNTU,CN=Computers,DC=testing,DC=local * Password not too old, no change needed * Sending NetLogon ping to domain controller: WIN-SB6JAS7PH22.testing.local * Received NetLogon info from: WIN-SB6JAS7PH22.testing.local * Modifying computer account: dNSHostName * Checking RestrictedKrbHost/ubuntu.testing.local * Added RestrictedKrbHost/ubuntu.testing.local * Checking host/ubuntu.testing.local * Added host/ubuntu.testing.local * Checking RestrictedKrbHost/UBUNTU * Added RestrictedKrbHost/UBUNTU * Checking host/UBUNTU * Added host/UBUNTU Everything seems fine. Happy to mark Groovy as verified for adcli. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1868703 Title: Support "ad_use_ldaps" flag for new AD requirements (ADV190023) To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/1868703/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
