Created attachment 8476 [details] Warning about missing LOGNAME env. On FreeBSD su command with full login simulation ("-l" or "-" option) clears LOGNAME environment. The absence of LOGNAME environment makes "net ads join -k" to use 'anonymous' connections to domain controller and the joining fails. # kinit domadmin domadmin@DOMAIN.LOC's Password: # unset LOGNAME # net ads join -k Failed to join domain: failed to join domain 'DOMAIN.LOC' over rpc: Access denied # export LOGNAME=root # net ads join -k Using short domain name -- DOMAIN Joined 'HOSTNAME' to realm 'domain.loc' It's really not a problem to set the LOGNAME environment, but importance of this environment is not documented and 'net' issues no warning so it's very hard to find a source of a problem. Attached patch adds such warning.
I've run into this issue when running "net ads join -k" from /etc/rc.local on a RHEL 6.7 system. This issue is 3+ years old and has a proposed patch which at least informs the user of the problem. Any chance someone could commit the proposed patch?
I really think that this is not worth changing and putting additional checks and verbose output in the code. I would never recommend anyone not to give a username for a "net join". Doing it without krb5 also shows the user name that is being used by the "net" command. Those people who don't do that and in addition to that also blindly use kerberos (which usually is not working before we join a machine by the way) should really know what they do.