The Samba-Bugzilla – Attachment 12195 Details for
Bug 11977
libnetjoin fails to join AD domains with security=domain when realm is not set
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for v4-4-test, cherry-picked from master
bug-11977.v4-4-test.patches (text/plain), 3.93 KB, created by
Michael Adam
on 2016-06-22 08:32:16 UTC
(
hide
)
Description:
patch for v4-4-test, cherry-picked from master
Filename:
MIME Type:
Creator:
Michael Adam
Created:
2016-06-22 08:32:16 UTC
Size:
3.93 KB
patch
obsolete
>From 872207a7dcbb6272e6a4e8bf2fd366128a63e087 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 15 Jun 2016 16:04:29 +0200 >Subject: [PATCH 1/2] s3-libnet: Print error string even on successfuly > completion of libnetjoin. > >Sometimes useful information should be printed to the users. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977 > >Guenther > >Signed-off-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 632faa87610b3afca3f8d3e9f3f46ee6b87f362a) >--- > source3/utils/net_ads.c | 5 +++++ > source3/utils/net_rpc.c | 10 ++++++++++ > 2 files changed, 15 insertions(+) > >diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c >index 90af09e..c61aa0d 100644 >--- a/source3/utils/net_ads.c >+++ b/source3/utils/net_ads.c >@@ -1596,6 +1596,11 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) > r->out.netbios_domain_name); > } > >+ /* print out informative error string in case there is one */ >+ if (r->out.error_string != NULL) { >+ d_printf("%s\n", r->out.error_string); >+ } >+ > /* > * We try doing the dns update (if it was compiled in > * and if it was not disabled on the command line). >diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c >index 93caf04..1e3e286 100644 >--- a/source3/utils/net_rpc.c >+++ b/source3/utils/net_rpc.c >@@ -428,6 +428,11 @@ static int net_rpc_oldjoin(struct net_context *c, int argc, const char **argv) > r->out.netbios_domain_name); > } > >+ /* print out informative error string in case there is one */ >+ if (r->out.error_string != NULL) { >+ d_printf("%s\n", r->out.error_string); >+ } >+ > TALLOC_FREE(mem_ctx); > > return 0; >@@ -607,6 +612,11 @@ static int net_rpc_join_newstyle(struct net_context *c, int argc, const char **a > r->out.netbios_domain_name); > } > >+ /* print out informative error string in case there is one */ >+ if (r->out.error_string != NULL) { >+ d_printf("%s\n", r->out.error_string); >+ } >+ > TALLOC_FREE(mem_ctx); > > return 0; >-- >2.5.5 > > >From 3f5af70f63f2ca141da8bd28ae131079b7f93f55 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Wed, 15 Jun 2016 23:03:32 +0200 >Subject: [PATCH 2/2] libnet: ignore realm setting for domain security joins to > AD domains if 'winbind rpc only = true' > >Inspired by initial patch from Matt Rogers @ RedHat. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977 > >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> > >Autobuild-User(master): Michael Adam <obnox@samba.org> >Autobuild-Date(master): Wed Jun 22 05:05:47 CEST 2016 on sn-devel-144 > >(cherry picked from commit e29d8f108cd090706dc3f54282f5c33ec30df899) >--- > source3/libnet/libnet_join.c | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > >diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c >index c007183..bab58f3 100644 >--- a/source3/libnet/libnet_join.c >+++ b/source3/libnet/libnet_join.c >@@ -2303,6 +2303,7 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, > bool valid_security = false; > bool valid_workgroup = false; > bool valid_realm = false; >+ bool ignored_realm = false; > > /* check if configuration is already set correctly */ > >@@ -2322,11 +2323,26 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, > valid_realm = strequal(lp_realm(), r->out.dns_domain_name); > switch (lp_security()) { > case SEC_DOMAIN: >+ if (!valid_realm && lp_winbind_rpc_only()) { >+ valid_realm = true; >+ ignored_realm = true; >+ } > case SEC_ADS: > valid_security = true; > } > > if (valid_workgroup && valid_realm && valid_security) { >+ if (ignored_realm && !r->in.modify_config) >+ { >+ libnet_join_set_error_string(mem_ctx, r, >+ "Warning: ignoring realm when " >+ "joining AD domain with " >+ "'security=domain' and " >+ "'winbind rpc only = yes'. " >+ "(realm set to '%s', " >+ "should be '%s').", lp_realm(), >+ r->out.dns_domain_name); >+ } > /* nothing to be done */ > return WERR_OK; > } >-- >2.5.5 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=12195">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
obnox
:
review+
gd
:
review+
Actions:
View
Attachments on
bug 11977
:
12183
|
12184
| 12195 |
12196