Ubuntu
realmd package

  1. Bug #1905000
  2. Comment #5

Comment 5 for bug 1905000

Revision history for this message
Alexander Fieroch (fieroch) wrote :

On 19.10 the bug does not occur and keytab entries are correct:

I joined to AD with:
realm join --user-principal=KUBUNTU-TEST$ --automatic-id-mapping=no --membership-software=samba --client-software=winbind --computer-name=kubuntu-test --os-name=Ubuntu --os-version=19.10 MPI-DORTMUND.MPG.DE

root@kubuntu-test:# klist -kte
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
   3 01.12.2020 17:04:15 <email address hidden> (etype 1)
   3 01.12.2020 17:04:15 <email address hidden> (etype 1)
   3 01.12.2020 17:04:15 <email address hidden> (etype 3)
   3 01.12.2020 17:04:15 <email address hidden> (etype 3)
   3 01.12.2020 17:04:15 <email address hidden> (aes128-cts-hmac-sha1-96)
   3 01.12.2020 17:04:15 <email address hidden> (aes128-cts-hmac-sha1-96)
   3 01.12.2020 17:04:15 <email address hidden> (aes256-cts-hmac-sha1-96)
   3 01.12.2020 17:04:15 <email address hidden> (aes256-cts-hmac-sha1-96)
   3 01.12.2020 17:04:15 <email address hidden> (arcfour-hmac)
   3 01.12.2020 17:04:15 <email address hidden> (arcfour-hmac)
   3 01.12.2020 17:04:15 KUBUNTU-TEST$@MPI-DORTMUND.MPG.DE (etype 1)
   3 01.12.2020 17:04:15 KUBUNTU-TEST$@MPI-DORTMUND.MPG.DE (etype 3)
   3 01.12.2020 17:04:15 KUBUNTU-TEST$@MPI-DORTMUND.MPG.DE (aes128-cts-hmac-sha1-96)
   3 01.12.2020 17:04:15 KUBUNTU-TEST$@MPI-DORTMUND.MPG.DE (aes256-cts-hmac-sha1-96)
   3 01.12.2020 17:04:15 KUBUNTU-TEST$@MPI-DORTMUND.MPG.DE (arcfour-hmac)
   3 01.12.2020 17:05:07 <email address hidden> (etype 1)
   3 01.12.2020 17:05:07 <email address hidden> (etype 1)
   3 01.12.2020 17:05:07 <email address hidden> (etype 3)
   3 01.12.2020 17:05:07 <email address hidden> (etype 3)
   3 01.12.2020 17:05:07 <email address hidden> (aes128-cts-hmac-sha1-96)
   3 01.12.2020 17:05:07 <email address hidden> (aes128-cts-hmac-sha1-96)
   3 01.12.2020 17:05:07 <email address hidden> (aes256-cts-hmac-sha1-96)
   3 01.12.2020 17:05:07 <email address hidden> (aes256-cts-hmac-sha1-96)
   3 01.12.2020 17:05:07 <email address hidden> (arcfour-hmac)
   3 01.12.2020 17:05:07 <email address hidden> (arcfour-hmac)

So the regression starts with 20.04.

Last version of samba and realm creating a correct keytab in 19.10 are:

root@kubuntu-test:# dpkg -l | grep -E "realm|samba"
ii python3-samba 2:4.10.7+dfsg-0ubuntu2.6 amd64 Python 3 bindings for Samba
ii realmd 0.16.3-3 amd64 DBus service for configuring kerberos and other online identities
ii samba 2:4.10.7+dfsg-0ubuntu2.6 amd64 SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.10.7+dfsg-0ubuntu2.6 all common files used by both the Samba server and client
ii samba-common-bin 2:4.10.7+dfsg-0ubuntu2.6 amd64 Samba common files used by both the server and the client
ii samba-dsdb-modules:amd64 2:4.10.7+dfsg-0ubuntu2.6 amd64 Samba Directory Services Database
ii samba-libs:amd64 2:4.10.7+dfsg-0ubuntu2.6 amd64 Samba core libraries
ii samba-vfs-modules:amd64 2:4.10.7+dfsg-0ubuntu2.6 amd64 Samba Virtual FileSystem plugins