Ubuntu
realmd package

Bug #1880157
Comment #6

Comment 6 for bug 1880157

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2022-08-03:

Confirmed, just tried on a fresh jammy 22.04 and the services line is back to sssd.conf :/

ubuntu@j-sssd:~$ sudo realm join -v internal.example.fake
* Resolving: _ldap._tcp.internal.example.fake
* Performing LDAP DSE lookup on: 10.0.16.5
* Successfully discovered: internal.example.fake
Password for Administrator:
* Unconditionally checking packages
* Resolving required packages
* Installing necessary packages: sssd-tools
* LANG=C /usr/sbin/adcli join --verbose --domain internal.example.fake --domain-realm INTERNAL.EXAMPLE.FAKE --domain-controller 10.0.16.5 --login-type user --login-user Administrator --stdin-password
* Using domain name: internal.example.fake
* Calculated computer account name from fqdn: J-SSSD
* Using domain realm: internal.example.fake
* Sending NetLogon ping to domain controller: 10.0.16.5
* Received NetLogon info from: WIN-KRIET1E5ELO.internal.example.fake
* Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-8AgvFI/krb5.d/adcli-krb5-conf-NZrUEM
* Authenticated as user: <email address hidden>
* Using GSS-SPNEGO for SASL bind
* Looked up short domain name: INTEXAMPLE
* Looked up domain SID: S-1-5-21-3924544305-522449517-3196740370
* Using fully qualified name: j-sssd
* Using domain name: internal.example.fake
* Using computer account name: J-SSSD
* Using domain realm: internal.example.fake
* Calculated computer account name from fqdn: J-SSSD
* Generated 120 character computer password
* Using keytab: FILE:/etc/krb5.keytab
* A computer account for J-SSSD$ does not exist
* Found well known computer container at: CN=Computers,DC=internal,DC=example,DC=fake
* Calculated computer account: CN=J-SSSD,CN=Computers,DC=internal,DC=example,DC=fake
* Encryption type [3] not permitted.
* Encryption type [1] not permitted.
* Created computer account: CN=J-SSSD,CN=Computers,DC=internal,DC=example,DC=fake
* Sending NetLogon ping to domain controller: 10.0.16.5
* Received NetLogon info from: WIN-KRIET1E5ELO.internal.example.fake
* Set computer password
* Retrieved kvno '2' for computer account in directory: CN=J-SSSD,CN=Computers,DC=internal,DC=example,DC=fake
* Checking RestrictedKrbHost/J-SSSD
* Added RestrictedKrbHost/J-SSSD
* Checking host/J-SSSD
* Added host/J-SSSD
* Discovered which keytab salt to use
* Added the entries to the keytab: J-SSSD$@INTERNAL.EXAMPLE.FAKE: FILE:/etc/krb5.keytab
* Added the entries to the keytab: <email address hidden>: FILE:/etc/krb5.keytab
* Added the entries to the keytab: <email address hidden>: FILE:/etc/krb5.keytab
* /usr/sbin/update-rc.d sssd enable
* /usr/sbin/service sssd restart
* Successfully enrolled machine in realm

ubuntu@j-sssd:~$ sudo -i
root@j-sssd:~# cat /etc/sssd/sssd.conf

[sssd]
domains = internal.example.fake
config_file_version = 2
services = nss, pam

(...)

Confirmed, just tried on a fresh jammy 22.04 and the services line is back to sssd.conf :/

ubuntu@j-sssd:~$ sudo realm join -v internal.example.fake
 * Resolving: _ldap._tcp.internal.example.fake
 * Performing LDAP DSE lookup on: 10.0.16.5
 * Successfully discovered: internal.example.fake
Password for Administrator: 
 * Unconditionally checking packages
 * Resolving required packages
 * Installing necessary packages: sssd-tools
 * LANG=C /usr/sbin/adcli join --verbose --domain internal.example.fake --domain-realm INTERNAL.EXAMPLE.FAKE --domain-controller 10.0.16.5 --login-type user --login-user Administrator --stdin-password
 * Using domain name: internal.example.fake
 * Calculated computer account name from fqdn: J-SSSD
 * Using domain realm: internal.example.fake
 * Sending NetLogon ping to domain controller: 10.0.16.5
 * Received NetLogon info from: WIN-KRIET1E5ELO.internal.example.fake
 * Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-8AgvFI/krb5.d/adcli-krb5-conf-NZrUEM
 * Authenticated as user: Administrator@INTERNAL.EXAMPLE.FAKE
 * Using GSS-SPNEGO for SASL bind
 * Looked up short domain name: INTEXAMPLE
 * Looked up domain SID: S-1-5-21-3924544305-522449517-3196740370
 * Using fully qualified name: j-sssd
 * Using domain name: internal.example.fake
 * Using computer account name: J-SSSD
 * Using domain realm: internal.example.fake
 * Calculated computer account name from fqdn: J-SSSD
 * Generated 120 character computer password
 * Using keytab: FILE:/etc/krb5.keytab
 * A computer account for J-SSSD$ does not exist
 * Found well known computer container at: CN=Computers,DC=internal,DC=example,DC=fake
 * Calculated computer account: CN=J-SSSD,CN=Computers,DC=internal,DC=example,DC=fake
 * Encryption type [3] not permitted.
 * Encryption type [1] not permitted.
 * Created computer account: CN=J-SSSD,CN=Computers,DC=internal,DC=example,DC=fake
 * Sending NetLogon ping to domain controller: 10.0.16.5
 * Received NetLogon info from: WIN-KRIET1E5ELO.internal.example.fake
 * Set computer password
 * Retrieved kvno '2' for computer account in directory: CN=J-SSSD,CN=Computers,DC=internal,DC=example,DC=fake
 * Checking RestrictedKrbHost/J-SSSD
 *    Added RestrictedKrbHost/J-SSSD
 * Checking host/J-SSSD
 *    Added host/J-SSSD
 * Discovered which keytab salt to use
 * Added the entries to the keytab: J-SSSD$@INTERNAL.EXAMPLE.FAKE: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: host/J-SSSD@INTERNAL.EXAMPLE.FAKE: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: RestrictedKrbHost/J-SSSD@INTERNAL.EXAMPLE.FAKE: FILE:/etc/krb5.keytab
 * /usr/sbin/update-rc.d sssd enable
 * /usr/sbin/service sssd restart
 * Successfully enrolled machine in realm

ubuntu@j-sssd:~$ sudo -i
root@j-sssd:~# cat /etc/sssd/sssd.conf

[sssd]
domains = internal.example.fake
config_file_version = 2
services = nss, pam

(...)

Ubunturealmd package

Comment 6 for bug 1880157

Ubuntu
realmd package