From 872207a7dcbb6272e6a4e8bf2fd366128a63e087 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 15 Jun 2016 16:04:29 +0200 Subject: [PATCH 1/2] s3-libnet: Print error string even on successfuly completion of libnetjoin. Sometimes useful information should be printed to the users. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977 Guenther Signed-off-by: Guenther Deschner (cherry picked from commit 632faa87610b3afca3f8d3e9f3f46ee6b87f362a) --- source3/utils/net_ads.c | 5 +++++ source3/utils/net_rpc.c | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 90af09e..c61aa0d 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1596,6 +1596,11 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) r->out.netbios_domain_name); } + /* print out informative error string in case there is one */ + if (r->out.error_string != NULL) { + d_printf("%s\n", r->out.error_string); + } + /* * We try doing the dns update (if it was compiled in * and if it was not disabled on the command line). diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 93caf04..1e3e286 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -428,6 +428,11 @@ static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv) r->out.netbios_domain_name); } + /* print out informative error string in case there is one */ + if (r->out.error_string != NULL) { + d_printf("%s\n", r->out.error_string); + } + TALLOC_FREE(mem_ctx); return 0; @@ -607,6 +612,11 @@ static int net_rpc_join_newstyle(struct net_context *c, int argc, const char **a r->out.netbios_domain_name); } + /* print out informative error string in case there is one */ + if (r->out.error_string != NULL) { + d_printf("%s\n", r->out.error_string); + } + TALLOC_FREE(mem_ctx); return 0; -- 2.5.5 From 3f5af70f63f2ca141da8bd28ae131079b7f93f55 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 15 Jun 2016 23:03:32 +0200 Subject: [PATCH 2/2] libnet: ignore realm setting for domain security joins to AD domains if 'winbind rpc only = true' Inspired by initial patch from Matt Rogers @ RedHat. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977 Signed-off-by: Michael Adam Reviewed-by: Guenther Deschner Autobuild-User(master): Michael Adam Autobuild-Date(master): Wed Jun 22 05:05:47 CEST 2016 on sn-devel-144 (cherry picked from commit e29d8f108cd090706dc3f54282f5c33ec30df899) --- source3/libnet/libnet_join.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index c007183..bab58f3 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -2303,6 +2303,7 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, bool valid_security = false; bool valid_workgroup = false; bool valid_realm = false; + bool ignored_realm = false; /* check if configuration is already set correctly */ @@ -2322,11 +2323,26 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, valid_realm = strequal(lp_realm(), r->out.dns_domain_name); switch (lp_security()) { case SEC_DOMAIN: + if (!valid_realm && lp_winbind_rpc_only()) { + valid_realm = true; + ignored_realm = true; + } case SEC_ADS: valid_security = true; } if (valid_workgroup && valid_realm && valid_security) { + if (ignored_realm && !r->in.modify_config) + { + libnet_join_set_error_string(mem_ctx, r, + "Warning: ignoring realm when " + "joining AD domain with " + "'security=domain' and " + "'winbind rpc only = yes'. " + "(realm set to '%s', " + "should be '%s').", lp_realm(), + r->out.dns_domain_name); + } /* nothing to be done */ return WERR_OK; } -- 2.5.5