Comment 2 for bug 1906627
Revision history for this message
| Matthew Ruffell (mruffell) wrote Re: adcli fails, can't contact LDAP server | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Hi Rolf,
I sincerely apologise for causing this regression, it seems my testing was not good enough during the recent SRU.
I recently made a change to adcli in bug 1868703 to add the --use-ldaps flag, so adcli can communicate with a domain controller over LDAPS.
It also introduced a change where it will use GSS-SPENGO by default, and enforce channel signing, over doing everything in cleartext, which was the old default.
The good news is that it seems to be limited to Bionic only, and even though Focal got the exact same patches, Focal seems unaffected.
For anyone experiencing this bug, you can downgrade to a working adcli with:
$ sudo apt install adcli=0.8.2-1
I am working to fix this now.
Comparison of logging and packet traces from various versions:
Bionic adcli 0.8.2-1
https:/
Bionic adcli 0.8.2-1ubuntu1
https:/
Focal adcli 0.9.0-1ubuntu0.
https:/
We can see that Bionic 0.8.2-1ubuntu1 stops at Couldn't lookup computer account: BIONIC$: Can't contact LDAP server
Starting debugging now. Will update soon.