Bug 15052 - net ads join -k is deprecated but its replacement is unclear
Summary: net ads join -k is deprecated but its replacement is unclear
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.15.5
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-04-22 15:38 UTC by glorang
Modified: 2022-04-25 09:26 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description glorang 2022-04-22 15:38:22 UTC
Hi, 

As posted on the list "potential samba bug with Kerberos -k => --use-kerberos" on January 27, 2022 Samba >= 4.15 now gives a deprecation warning when using -k:

root@server:~# net ads join -k
WARNING: The option -k|--kerberos is deprecated!
Using short domain name -- DOMAIN
Joined 'SERVER' to dns domain 'DOMAIN.COM'

Using its replacement "--use-kerberos=required" will prompt for a password, even when a valid Kerberos ticket is present. We assume this should not be the case.

root@server:~# net ads join --use-kerberos=required
Password for [user@DOMAIN.COM]:


According to man page there is also "--use-krb5-ccache=CCACHE" which will automatically set "--use-kerberos=required" as well.

This works indeed and does not ask for a password:

root@server:~# net ads join --use-krb5-ccache=/tmp/krb5cc_0
Using short domain name -- DOMAIN
Joined 'SERVER' to dns domain 'DOMAIN.COM'

Now the more interesting part, following also works:

root@server:~# net ads join --use-krb5-ccache=
Using short domain name -- DOMAIN
Joined 'SERVER' to dns domain 'DOMAIN.COM'

And this as well:

root@server:~# net ads join --use-krb5-ccache=/this/does/not/exist
Using short domain name -- DOMAIN
Joined 'SERVER' to dns domain 'DOMAIN.COM'
Comment 1 Rowland Penny 2022-04-24 07:36:16 UTC
(In reply to glorang from comment #0)
This sounds like a duplicate of bug 14846, which was fixed in 4.15.3
So which version are you using ?
Comment 2 glorang 2022-04-25 09:26:03 UTC
This is on Ubuntu 22.04 which ships with 2:4.15.5~dfsg-0ubuntu5.

I've checked the Ubuntu source for package samba-common-bin and the patch of #14846 is applied.