Groovy only required one patch, which fixed a missed enablement of --use-ldaps for the testjoin and update commands.
So, just testing those two.
I installed adcli 0.9.0-1ubuntu1 from -updates, and I set everything up by issuing a join command. After that, I tried the --use-ldaps flag with testjoin and update commands:
I then enabled -proposed, and installed adcli 0.9.0-1ubuntu1.2 and tried again:
We block port 389 on firewall, so
# ufw deny 389
# ufw deny 3268
Then try testjoin and update:
# adcli testjoin --use-ldaps --verbose --domain WIN-SB6JAS7PH22.testing.local --domain-controller WIN-SB6JAS7PH22.testing.local
* Found realm in keytab: TESTING.LOCAL
* Found computer name in keytab: UBUNTU
* Found service principal in keytab: host/UBUNTU
* Found service principal in keytab: host/ubuntu.testing.local
* Found host qualified name in keytab: ubuntu.testing.local
* Found service principal in keytab: RestrictedKrbHost/UBUNTU
* Found service principal in keytab: RestrictedKrbHost/ubuntu.testing.local
* Using domain name: WIN-SB6JAS7PH22.testing.local
* Calculated computer account name from fqdn: UBUNTU
* Using domain realm: WIN-SB6JAS7PH22.testing.local
* Sending NetLogon ping to domain controller: WIN-SB6JAS7PH22.testing.local
* Received NetLogon info from: WIN-SB6JAS7PH22.testing.local
* Wrote out krb5.conf snippet to /tmp/adcli-krb5-6SRtqJ/krb5.d/adcli-krb5-conf-YGzgnK
* Authenticated as default/reset computer account: UBUNTU
* Using LDAPS to connect to WIN-SB6JAS7PH22.testing.local
* Looked up short domain name: TESTING
* Looked up domain SID: S-1-5-21-960071060-1417404557-720088570
Sucessfully validated join to domain WIN-SB6JAS7PH22.testing.local
# adcli update --use-ldaps --verbose --domain WIN-SB6JAS7PH22.testing.local --domain-controller WIN-SB6JAS7PH22.testing.local
* Found realm in keytab: TESTING.LOCAL
* Found computer name in keytab: UBUNTU
* Found service principal in keytab: host/UBUNTU
* Found service principal in keytab: host/ubuntu.testing.local
* Found host qualified name in keytab: ubuntu.testing.local
* Found service principal in keytab: RestrictedKrbHost/UBUNTU
* Found service principal in keytab: RestrictedKrbHost/ubuntu.testing.local
* Using domain name: WIN-SB6JAS7PH22.testing.local
* Calculated computer account name from fqdn: UBUNTU
* Using domain realm: WIN-SB6JAS7PH22.testing.local
* Sending NetLogon ping to domain controller: WIN-SB6JAS7PH22.testing.local
* Received NetLogon info from: WIN-SB6JAS7PH22.testing.local
* Wrote out krb5.conf snippet to /tmp/adcli-krb5-6FQ1ZS/krb5.d/adcli-krb5-conf-LHowkP
* Authenticated as default/reset computer account: UBUNTU
* Using LDAPS to connect to WIN-SB6JAS7PH22.testing.local
* Looked up short domain name: TESTING
* Looked up domain SID: S-1-5-21-960071060-1417404557-720088570
* Using fully qualified name: ubuntu
* Using domain name: WIN-SB6JAS7PH22.testing.local
* Using computer account name: UBUNTU
* Using domain realm: WIN-SB6JAS7PH22.testing.local
* Using fully qualified name: ubuntu.testing.local
* Enrolling computer name: UBUNTU
* Generated 120 character computer password
* Using keytab: FILE:/etc/krb5.keytab
* Found computer account for UBUNTU$ at: CN=UBUNTU,CN=Computers,DC=testing,DC=local
* Retrieved kvno '12' for computer account in directory: CN=UBUNTU,CN=Computers,DC=testing,DC=local
* Password not too old, no change needed
* Sending NetLogon ping to domain controller: WIN-SB6JAS7PH22.testing.local
* Received NetLogon info from: WIN-SB6JAS7PH22.testing.local
* Modifying computer account: dNSHostName
* Checking RestrictedKrbHost/ubuntu.testing.local
* Added RestrictedKrbHost/ubuntu.testing.local
* Checking host/ubuntu.testing.local
* Added host/ubuntu.testing.local
* Checking RestrictedKrbHost/UBUNTU
* Added RestrictedKrbHost/UBUNTU
* Checking host/UBUNTU
* Added host/UBUNTU
Everything seems fine. Happy to mark Groovy as verified for adcli.
Performing verification of adcli on Groovy.
Groovy only required one patch, which fixed a missed enablement of --use-ldaps for the testjoin and update commands.
So, just testing those two.
I installed adcli 0.9.0-1ubuntu1 from -updates, and I set everything up by issuing a join command. After that, I tried the --use-ldaps flag with testjoin and update commands:
# adcli testjoin --use-ldaps --verbose --domain WIN-SB6JAS7PH22 .testing. local --domain-controller WIN-SB6JAS7PH22 .testing. local
testjoin: unrecognized option '--use-ldaps'
usage: adcli testjoin
# adcli update --use-ldaps --verbose --domain WIN-SB6JAS7PH22 .testing. local --domain-controller WIN-SB6JAS7PH22 .testing. local
update: unrecognized option '--use-ldaps'
usage: adcli update
I then enabled -proposed, and installed adcli 0.9.0-1ubuntu1.2 and tried again:
We block port 389 on firewall, so
# ufw deny 389
# ufw deny 3268
Then try testjoin and update:
# adcli testjoin --use-ldaps --verbose --domain WIN-SB6JAS7PH22 .testing. local --domain-controller WIN-SB6JAS7PH22 .testing. local testing. local testing. local st/UBUNTU st/ubuntu. testing. local .testing. local .testing. local .testing. local .testing. local krb5-6SRtqJ/ krb5.d/ adcli-krb5- conf-YGzgnK .testing. local 960071060- 1417404557- 720088570 .testing. local
* Found realm in keytab: TESTING.LOCAL
* Found computer name in keytab: UBUNTU
* Found service principal in keytab: host/UBUNTU
* Found service principal in keytab: host/ubuntu.
* Found host qualified name in keytab: ubuntu.
* Found service principal in keytab: RestrictedKrbHo
* Found service principal in keytab: RestrictedKrbHo
* Using domain name: WIN-SB6JAS7PH22
* Calculated computer account name from fqdn: UBUNTU
* Using domain realm: WIN-SB6JAS7PH22
* Sending NetLogon ping to domain controller: WIN-SB6JAS7PH22
* Received NetLogon info from: WIN-SB6JAS7PH22
* Wrote out krb5.conf snippet to /tmp/adcli-
* Authenticated as default/reset computer account: UBUNTU
* Using LDAPS to connect to WIN-SB6JAS7PH22
* Looked up short domain name: TESTING
* Looked up domain SID: S-1-5-21-
Sucessfully validated join to domain WIN-SB6JAS7PH22
# adcli update --use-ldaps --verbose --domain WIN-SB6JAS7PH22 .testing. local --domain-controller WIN-SB6JAS7PH22 .testing. local testing. local testing. local st/UBUNTU st/ubuntu. testing. local .testing. local .testing. local .testing. local .testing. local krb5-6FQ1ZS/ krb5.d/ adcli-krb5- conf-LHowkP .testing. local 960071060- 1417404557- 720088570 .testing. local .testing. local testing. local krb5.keytab CN=Computers, DC=testing, DC=local CN=Computers, DC=testing, DC=local .testing. local .testing. local st/ubuntu. testing. local st/ubuntu. testing. local testing. local testing. local st/UBUNTU st/UBUNTU
* Found realm in keytab: TESTING.LOCAL
* Found computer name in keytab: UBUNTU
* Found service principal in keytab: host/UBUNTU
* Found service principal in keytab: host/ubuntu.
* Found host qualified name in keytab: ubuntu.
* Found service principal in keytab: RestrictedKrbHo
* Found service principal in keytab: RestrictedKrbHo
* Using domain name: WIN-SB6JAS7PH22
* Calculated computer account name from fqdn: UBUNTU
* Using domain realm: WIN-SB6JAS7PH22
* Sending NetLogon ping to domain controller: WIN-SB6JAS7PH22
* Received NetLogon info from: WIN-SB6JAS7PH22
* Wrote out krb5.conf snippet to /tmp/adcli-
* Authenticated as default/reset computer account: UBUNTU
* Using LDAPS to connect to WIN-SB6JAS7PH22
* Looked up short domain name: TESTING
* Looked up domain SID: S-1-5-21-
* Using fully qualified name: ubuntu
* Using domain name: WIN-SB6JAS7PH22
* Using computer account name: UBUNTU
* Using domain realm: WIN-SB6JAS7PH22
* Using fully qualified name: ubuntu.
* Enrolling computer name: UBUNTU
* Generated 120 character computer password
* Using keytab: FILE:/etc/
* Found computer account for UBUNTU$ at: CN=UBUNTU,
* Retrieved kvno '12' for computer account in directory: CN=UBUNTU,
* Password not too old, no change needed
* Sending NetLogon ping to domain controller: WIN-SB6JAS7PH22
* Received NetLogon info from: WIN-SB6JAS7PH22
* Modifying computer account: dNSHostName
* Checking RestrictedKrbHo
* Added RestrictedKrbHo
* Checking host/ubuntu.
* Added host/ubuntu.
* Checking RestrictedKrbHo
* Added RestrictedKrbHo
* Checking host/UBUNTU
* Added host/UBUNTU
Everything seems fine. Happy to mark Groovy as verified for adcli.