Comment 30 for bug 1906627

Performing verification for Bionic

Firstly, I installed adcli and libsasl2-modules-gssapi-mit from -updates:

adcli 0.8.2-1
libsasl2-modules-gssapi-mit 2.1.27~101-g0780600+dfsg-3ubuntu2.1

From there, I joined a Active Directory realm:

https://paste.ubuntu.com/p/zJhvpRzktk/

Next, I enabled -proposed and installed the fixed cyrus-sasl2 and adcli packages:

https://paste.ubuntu.com/p/cRrbkjjFmw/

We see that installing adcli 0.8.2-1ubuntu1.2 automatically pulls in the fixed cyrus-sasl2 2.1.27~101-g0780600+dfsg-3ubuntu2.3 packages because of the depends we set.

Next, I joined a Active Directory realm, using the same commands as previous, i.e. not using the new --use-ldaps flag, but instead, falling back to GSS-API and the new GSS-SPNEGO changes:

https://paste.ubuntu.com/p/WdKYxxDBQm/

The join succeeds, and does not get stuck. This shows that the implementation of GSS-SPNEGO is now compatible with Active Directory, and that the new adcli package is using the new implementation.

Looking at the packet trace, we see the full 30 or so packets exchanged, which matches the expect count.

https://paste.ubuntu.com/p/k9njh3jYHh/

With these changes, the adcli and cyrus-sasl2 packages in -proposed can join realms in the same ways that the initial packages in -updates can.

These changes fix the recent adcli regression. Happy to mark verified.