group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #32869
[Bug 1831448] Re: adcli: not adding an additional service-name
A bionic-backports request has been made via LP: #1846516
** Changed in: adcli (Ubuntu Eoan)
Status: New => Won't Fix
** Changed in: adcli (Ubuntu Disco)
Status: New => Won't Fix
** Changed in: adcli (Ubuntu Bionic)
Status: New => Won't Fix
** Changed in: adcli (Ubuntu Xenial)
Status: New => Won't Fix
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1831448
Title:
adcli: not adding an additional service-name
Status in adcli package in Ubuntu:
New
Status in adcli source package in Xenial:
Won't Fix
Status in adcli source package in Bionic:
Won't Fix
Status in adcli source package in Disco:
Won't Fix
Status in adcli source package in Eoan:
Won't Fix
Status in adcli package in CentOS:
Unknown
Status in adcli package in Debian:
Fix Released
Bug description:
I'm trying to add service principals to my computer in an Active
Directory environment. The command runs without errors but the
computer account attribute "servicePrincipalName" in AD is not
changed.
The man page says
-----
--service-name=service
Additional service name for a Kerberos principal to be created on the
computer account. This option may be specified multiple times.
------
I've tried this by
adcli -v update --service-name=nfs -D DOMAIN -C
/tmp/krb5cc_11872_nXpkOu --show-details
and got
* Found realm in keytab: DOMAIN
* Found service principal in keytab: host/m15015-lin.DOMAIN
* Found host qualified name in keytab: host/m15015-lin.DOMAIN
* Found service principal in keytab: host/M15015-LIN
* Found computer name in keytab: M15015-LIN
* Found service principal in keytab: host/m15015-lin
* Using domain name: DOMAIN
* Calculated computer account name from fqdn: M15015-LIN
* Using domain realm: DOMAIN
* Discovering domain controllers: _ldap._tcp.DOMAIN
* Sending netlogon pings to domain controller: cldap://X.X.X.X
* Sending netlogon pings to domain controller: cldap://X.X.X.X
* Sending netlogon pings to domain controller: cldap://X.X.x.X
* Received NetLogon info from: WinDC3.DOMAIN
* Wrote out krb5.conf snippet to /tmp/adcli-krb5-Q9bim6/krb5.d/adcli-krb5-conf-ZzF3Xh
* Looked up short domain name: DOMAIN
* Using fully qualified name: m15015-lin
* Using domain name: DOMAIN
* Using computer account name: M15015-LIN
* Using domain realm: DOMAIN
* Using fully qualified name: m15015-lin.DOMAIN
* Enrolling computer name: M15015-LIN
* Generated 120 character computer password
* Using keytab: FILE:/etc/krb5.keytab
* Found computer account for M15015-LIN$ at: CN=M15015-LIN,OU=Linux-Clients,OU=Client Computer,DC=DOMAIN
* Retrieved kvno '2' for computer account in directory: CN=M15015-LIN,OU=Linux-Clients,OU=Client Computer,DC=DOMAIN
* Password not too old, no change needed
* Modifying computer account: userAccountControl
* Modifying computer account: operatingSystem
* Modifying computer account: userPrincipalName
The errorcode is 0. The cmd line --service-name is not working or do I use the wrong argument? --service-name="nfs/HOSTNAME" is not working too.
However, my AD and kerberos configuration is working and so other updates to the computer account in AD are working like:
adcli -v update --os-version=19.04 -D DOMAIN -C /tmp/krb5cc_11872_nXpkOu --show-details
This updates the attribute "operatingSystemVersion" for the computer account in AD.
---
Ubuntu 19.04
adcli 0.8.2-1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1831448/+subscriptions