Bug 12441 - The krb5.conf created by net and winbind does not include the system /etc/krb5.conf
The krb5.conf created by net and winbind does not include the system /etc/krb...
Status: RESOLVED FIXED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind
4.4.7
All All
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-23 13:49 UTC by Andreas Schneider
Modified: 2017-01-10 08:19 UTC (History)
3 users (show)

See Also:


Attachments
patch for 4.5 (5.93 KB, patch)
2016-12-05 13:12 UTC, Andreas Schneider
ab: review+
Details
patch for 4.4 (5.93 KB, patch)
2016-12-05 13:12 UTC, Andreas Schneider
ab: review+
Details
system_krb5_conf-v4.5.patch (6.02 KB, patch)
2016-12-07 13:20 UTC, Andreas Schneider
ab: review+
Details
system_krb5_conf-v4.4.patch (6.02 KB, patch)
2016-12-07 13:21 UTC, Andreas Schneider
ab: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2016-11-23 13:49:41 UTC
Description of problem:

The krb5.conf created by 'net' and 'winbind' should include the system /etc/krb5.conf so that we get the system defaults. Currently it doesn't do that and can to lead to some issues if you try to join a domain with Kerberos credentials.


Patchset will follow.
Comment 1 Andreas Schneider 2016-12-05 13:12:08 UTC
Created attachment 12723 [details]
patch for 4.5
Comment 2 Andreas Schneider 2016-12-05 13:12:31 UTC
Created attachment 12724 [details]
patch for 4.4
Comment 3 Alexander Bokovoy 2016-12-05 13:39:56 UTC
Comment on attachment 12723 [details]
patch for 4.5

Looks good.
Comment 4 Alexander Bokovoy 2016-12-05 13:40:32 UTC
Comment on attachment 12724 [details]
patch for 4.4

Looks good.
Comment 5 Andreas Schneider 2016-12-05 14:22:38 UTC
Karolin, please add the patches to the relevant branches. Thanks!
Comment 6 Karolin Seeger 2016-12-07 11:11:53 UTC
(In reply to Andreas Schneider from comment #5)
Pushed to autobuild-v4-{5,4}-test.
Comment 7 Karolin Seeger 2016-12-07 12:30:56 UTC
This seems to break the build:
[2182/4066] Compiling source3/libads/kerberos.c
../source3/libads/kerberos.c: In function ‘smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt’:
../source3/libads/kerberos.c:161:2: warning: ‘krb5_get_init_creds_opt_get_error’ is deprecated (declared at default/source4/heimdal/lib/krb5/krb5-protos.h:2004) [-Wdeprecated-declarations]
  ret = krb5_get_init_creds_opt_get_error(ctx, opt, &error);
  ^
../source3/libads/kerberos.c: In function ‘create_local_private_krb5_conf_for_domain’:
../source3/libads/kerberos.c:918:6: error: too many arguments for format [-Werror=format-extra-args]
      include_system_krb5);
      ^
cc1: all warnings being treated as errors
Waf: Leaving directory `/memdisk/kseeger/a45/b902229/samba/bin'
Build failed:  -> task failed (err #1): 
	{task: cc kerberos.c -> kerberos_47.o}

Reverting this patch seems to help...
Comment 8 Andreas Schneider 2016-12-07 13:20:50 UTC
Created attachment 12742 [details]
system_krb5_conf-v4.5.patch
Comment 9 Andreas Schneider 2016-12-07 13:21:15 UTC
Created attachment 12743 [details]
system_krb5_conf-v4.4.patch
Comment 10 Karolin Seeger 2016-12-20 08:40:46 UTC
Waiting for review here...
Comment 11 Alexander Bokovoy 2016-12-20 09:10:47 UTC
Comment on attachment 12742 [details]
system_krb5_conf-v4.5.patch

Looks good, thanks.
Comment 12 Alexander Bokovoy 2016-12-20 09:11:40 UTC
Comment on attachment 12743 [details]
system_krb5_conf-v4.4.patch

Looks good, thanks.
Comment 13 Karolin Seeger 2017-01-09 08:00:04 UTC
Pushed to autobuild-v4-{5,4}-test.
Comment 14 Karolin Seeger 2017-01-10 08:19:57 UTC
(In reply to Karolin Seeger from comment #13)
Pushed to both branches.
Closing out bug report.

Thanks!