adcli: not adding an additional service-name
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
adcli (CentOS) |
Unknown
|
Unknown
|
|||
adcli (Debian) |
Fix Released
|
Unknown
|
|||
adcli (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
Xenial |
Won't Fix
|
Undecided
|
Unassigned | ||
Bionic |
Won't Fix
|
Undecided
|
Unassigned | ||
Disco |
Won't Fix
|
Undecided
|
Unassigned | ||
Eoan |
Won't Fix
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I'm trying to add service principals to my computer in an Active Directory environment. The command runs without errors but the computer account attribute "servicePrincip
The man page says
-----
--service-
Additional service name for a Kerberos principal to be created on the computer account. This option may be specified multiple times.
------
I've tried this by
adcli -v update --service-name=nfs -D DOMAIN -C /tmp/krb5cc_
and got
* Found realm in keytab: DOMAIN
* Found service principal in keytab: host/m15015-
* Found host qualified name in keytab: host/m15015-
* Found service principal in keytab: host/M15015-LIN
* Found computer name in keytab: M15015-LIN
* Found service principal in keytab: host/m15015-lin
* Using domain name: DOMAIN
* Calculated computer account name from fqdn: M15015-LIN
* Using domain realm: DOMAIN
* Discovering domain controllers: _ldap._tcp.DOMAIN
* Sending netlogon pings to domain controller: cldap://X.X.X.X
* Sending netlogon pings to domain controller: cldap://X.X.X.X
* Sending netlogon pings to domain controller: cldap://X.X.x.X
* Received NetLogon info from: WinDC3.DOMAIN
* Wrote out krb5.conf snippet to /tmp/adcli-
* Looked up short domain name: DOMAIN
* Using fully qualified name: m15015-lin
* Using domain name: DOMAIN
* Using computer account name: M15015-LIN
* Using domain realm: DOMAIN
* Using fully qualified name: m15015-lin.DOMAIN
* Enrolling computer name: M15015-LIN
* Generated 120 character computer password
* Using keytab: FILE:/etc/
* Found computer account for M15015-LIN$ at: CN=M15015-
* Retrieved kvno '2' for computer account in directory: CN=M15015-
* Password not too old, no change needed
* Modifying computer account: userAccountControl
* Modifying computer account: operatingSystem
* Modifying computer account: userPrincipalName
The errorcode is 0. The cmd line --service-name is not working or do I use the wrong argument? --service-
However, my AD and kerberos configuration is working and so other updates to the computer account in AD are working like:
adcli -v update --os-version=19.04 -D DOMAIN -C /tmp/krb5cc_
This updates the attribute "operatingSyste
---
Ubuntu 19.04
adcli 0.8.2-1
Changed in adcli (Ubuntu Eoan): | |
status: | Confirmed → In Progress |
assignee: | nobody → Eric Desrochers (slashd) |
Changed in adcli (Ubuntu Eoan): | |
status: | In Progress → New |
Changed in adcli (Debian): | |
status: | Unknown → New |
Changed in adcli (Debian): | |
status: | New → Fix Released |
I'm having an issue with using adcli to add a service name on Ubuntu 18.04 as well. It works on RHEL8.