I sincerely apologise for causing this regression, it seems my testing was not good enough during the recent SRU.
I recently made a change to adcli in bug 1868703 to add the --use-ldaps flag, so adcli can communicate with a domain controller over LDAPS.
It also introduced a change where it will use GSS-SPENGO by default, and enforce channel signing, over doing everything in cleartext, which was the old default.
The good news is that it seems to be limited to Bionic only, and even though Focal got the exact same patches, Focal seems unaffected.
For anyone experiencing this bug, you can downgrade to a working adcli with:
$ sudo apt install adcli=0.8.2-1
I am working to fix this now.
Comparison of logging and packet traces from various versions:
Hi Rolf,
I sincerely apologise for causing this regression, it seems my testing was not good enough during the recent SRU.
I recently made a change to adcli in bug 1868703 to add the --use-ldaps flag, so adcli can communicate with a domain controller over LDAPS.
It also introduced a change where it will use GSS-SPENGO by default, and enforce channel signing, over doing everything in cleartext, which was the old default.
The good news is that it seems to be limited to Bionic only, and even though Focal got the exact same patches, Focal seems unaffected.
For anyone experiencing this bug, you can downgrade to a working adcli with:
$ sudo apt install adcli=0.8.2-1
I am working to fix this now.
Comparison of logging and packet traces from various versions:
Bionic adcli 0.8.2-1 /paste. ubuntu. com/p/NWHGQn746 D/
https:/
Bionic adcli 0.8.2-1ubuntu1 /paste. ubuntu. com/p/WRnnRMGBP m/
https:/
Focal adcli 0.9.0-1ubuntu0. 20.04.1 /paste. ubuntu. com/p/8668pJrr2 m/
https:/
We can see that Bionic 0.8.2-1ubuntu1 stops at Couldn't lookup computer account: BIONIC$: Can't contact LDAP server
Starting debugging now. Will update soon.