15557 – gpupdate: The root cert import when NDES is not available is broken

Bug 15557 - gpupdate: The root cert import when NDES is not available is broken

Summary: gpupdate: The root cert import when NDES is not available is broken

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Python (show other bugs)
Version:	4.19.4
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Jule Anger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-01-19 07:18 UTC by Andreas Schneider
Modified:	2024-02-19 10:47 UTC (History)
CC List:	3 users (show)

See Also:	https://gitlab.com/samba-team/samba/-/merge_requests/3496

Attachments
patch for 4.19 (27.75 KB, patch) 2024-01-23 05:56 UTC, Andreas Schneider	asn: review? (dmulder) pfilipensky: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Schneider 2024-01-19 07:18:00 UTC

If I unsinstall NDES I get the following traceback:

raise SSLError(e, request=request)\nrequests.exceptions.SSLError: 
HTTPSConnectionPool(host=\'win-dc01.earth.milkyway.site\', port=443): Max 
retries exceeded with url: /ADPolicyProvider_CEP_Kerberos/service.svc/CEP 
(Caused by SSLError(SSLCertVerificationError(1, \'[SSL: 
CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local 
issuer certificate (_ssl.c:1000)\')))\n\n'}
2024-01-18 17:04:00.349|[W26775]| Failed to fetch the root certificate chain. 
| {}
2024-01-18 17:04:00.349|[W05621]| The Network Device Enrollment Service is 
either not installed or not configured. | {}
2024-01-18 17:04:00.349|[W11946]| Installing the server certificate only. | {}
2024-01-18 17:04:00.355|[E02562]| Failed to apply extension  
Cryptography\AutoEnrollment | {}
2024-01-18 17:04:00.356|[E46678]| /usr/lib64/python3.12/site-packages/
cryptography/x509/base.py:594: TypeError: argument 'data': 'str' object cannot 
be converted to 'PyBytes' | {}

Comment 1 Samba QA Contact 2024-01-22 16:49:03 UTC

This bug was referenced in samba master:

0d1ff69936f18ea729fc11fbbb1569a833302572
3f3ddfa699a33c2c8a59f7fb9ee044bb2a6e0e06

Comment 2 Andreas Schneider 2024-01-23 05:56:09 UTC

Created attachment 18233 [details]
patch for 4.19

Comment 3 Andreas Schneider 2024-01-30 08:55:29 UTC

Jule, please apply the patch to 4.19. Thanks!

Comment 4 Jule Anger 2024-02-05 09:18:09 UTC

Pushed to autobuild-v4-19-test.

Comment 5 Samba QA Contact 2024-02-05 12:35:06 UTC

This bug was referenced in samba v4-19-test:

a50016bc7aec83b21cb9ac15af29a35575c8c365
90cf23e1ccab6cef426f4027ffd93496ab7666be

Comment 6 Jule Anger 2024-02-06 09:27:37 UTC

Closing out bug report.

Thanks!

Comment 7 Samba QA Contact 2024-02-19 10:47:27 UTC

This bug was referenced in samba v4-19-stable (Release samba-4.19.5):

a50016bc7aec83b21cb9ac15af29a35575c8c365
90cf23e1ccab6cef426f4027ffd93496ab7666be