15886 – net ads keytab create broken for domain controllers

Bug 15886 - net ads keytab create broken for domain controllers

Summary: net ads keytab create broken for domain controllers

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Tools (show other bugs)
Version:	4.21.0
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-07-27 18:30 UTC by Evgeny Sinelnikov
Modified:	2025-07-27 21:46 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Fix keytab sync regression for domain controllers (1.81 KB, patch) 2025-07-27 20:05 UTC, Evgeny Sinelnikov	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Evgeny Sinelnikov 2025-07-27 18:30:32 UTC

The keytab sync was broken for domain controllers (both AD and IPA) by the
introduction of the 'sync machine password to keytab' option.

The core problem: Domain controllers are silently excluded from keytab synchronization since the feature was implemented.

Comment 1 Evgeny Sinelnikov 2025-07-27 20:05:40 UTC

Created attachment 18679 [details]
Fix keytab sync regression for domain controllers

This patch extends keytab sync on Active Directory and IPA domain controllers (ROLE_ACTIVE_DIRECTORY_DC and ROLE_IPA_DC).