Bug 14479 - The created krb5.conf for 'net ads join' doesn't have a domain entry
Summary: The created krb5.conf for 'net ads join' doesn't have a domain entry
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.12.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-04 10:34 UTC by Andreas Schneider
Modified: 2020-09-18 08:34 UTC (History)
2 users (show)

See Also:

Attachments
patch for 4.13 (3.31 KB, patch)
2020-09-07 12:13 UTC, Andreas Schneider 		iboukris: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2020-09-04 10:34:54 UTC 
The created krb5.conf for 'net ads join' doesn't have a domain entry.

net ads join -k -UADDOMAIN\user will then fail to find a KDC.
Comment 1 Louis 2020-09-07 08:14:01 UTC 
Hai Andreas, 

Do we need one? because all my servers (Debian/Ubuntu) only have : 
[libdefaults]
        default_realm = INTERNAL.DOMAIN.TLD

And as long the DNS is setup correctlty, this should work fine out of the box. 

net ads join -k is also all i used in all my members and all joined without problems. ( based on samba 4.6+ upto 4.12.6 ) 

So this looks to me there's more going on. 
Only i dont use RH/Centos. 

And isnt this wrong.. net ads join -k -U ... 

I would expect to see :

kinit Administrator
net ads join -k
or
net ads join -U"ADDOMAIN\user"
or
net ads join -U"ADDOMAIN\user@REALM"
or
net ads join -U"user@REALM"
Comment 2 Samba QA Contact 2020-09-07 09:26:08 UTC 
This bug was referenced in samba master:
6444a743525532c70634e2dd4cacadce54ba2eab
Comment 3 Andreas Schneider 2020-09-07 12:13:12 UTC 
Created attachment 16202 [details]
patch for 4.13
Comment 4 Andreas Schneider 2020-09-07 12:15:59 UTC 
Take a look at the krb5.conf we generate, we only create an entry for the realm, we also should have one for the domain.

It also fixes a bug in selftest when in FIPS mode.
Comment 5 Andreas Schneider 2020-09-07 15:46:01 UTC 
Karolin, if possible please add the patch to 4.13 if possible A minor 4.13 elease would be ok too. Thanks!
Comment 6 Karolin Seeger 2020-09-09 12:58:03 UTC 
(In reply to Andreas Schneider from comment #5)
Pushed to autobuild-v4-13-test.
Comment 7 Samba QA Contact 2020-09-10 09:43:07 UTC 
This bug was referenced in samba v4-13-test:

a0c9e2e49079f093baa26621a593d45d10ba69ed
Comment 8 Samba QA Contact 2020-09-18 08:34:26 UTC 
This bug was referenced in samba v4-13-stable:

a0c9e2e49079f093baa26621a593d45d10ba69ed