© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
Performing verification of adcli on Groovy.
Groovy only required one patch, which fixed a missed enablement of --use-ldaps for the testjoin and update commands.
So, just testing those two.
I installed adcli 0.9.0-1ubuntu1 from -updates, and I set everything up by issuing a join command. After that, I tried the --use-ldaps flag with testjoin and update commands:
# adcli testjoin --use-ldaps --verbose --domain WIN-SB6JAS7PH22
testjoin: unrecognized option '--use-ldaps'
usage: adcli testjoin
# adcli update --use-ldaps --verbose --domain WIN-SB6JAS7PH22
update: unrecognized option '--use-ldaps'
usage: adcli update
I then enabled -proposed, and installed adcli 0.9.0-1ubuntu1.2 and tried again:
We block port 389 on firewall, so
# ufw deny 389
# ufw deny 3268
Then try testjoin and update:
# adcli testjoin --use-ldaps --verbose --domain WIN-SB6JAS7PH22
* Found realm in keytab: TESTING.LOCAL
* Found computer name in keytab: UBUNTU
* Found service principal in keytab: host/UBUNTU
* Found service principal in keytab: host/ubuntu.
* Found host qualified name in keytab: ubuntu.
* Found service principal in keytab: RestrictedKrbHo
* Found service principal in keytab: RestrictedKrbHo
* Using domain name: WIN-SB6JAS7PH22
* Calculated computer account name from fqdn: UBUNTU
* Using domain realm: WIN-SB6JAS7PH22
* Sending NetLogon ping to domain controller: WIN-SB6JAS7PH22
* Received NetLogon info from: WIN-SB6JAS7PH22
* Wrote out krb5.conf snippet to /tmp/adcli-
* Authenticated as default/reset computer account: UBUNTU
* Using LDAPS to connect to WIN-SB6JAS7PH22
* Looked up short domain name: TESTING
* Looked up domain SID: S-1-5-21-
Sucessfully validated join to domain WIN-SB6JAS7PH22
# adcli update --use-ldaps --verbose --domain WIN-SB6JAS7PH22
* Found realm in keytab: TESTING.LOCAL
* Found computer name in keytab: UBUNTU
* Found service principal in keytab: host/UBUNTU
* Found service principal in keytab: host/ubuntu.
* Found host qualified name in keytab: ubuntu.
* Found service principal in keytab: RestrictedKrbHo
* Found service principal in keytab: RestrictedKrbHo
* Using domain name: WIN-SB6JAS7PH22
* Calculated computer account name from fqdn: UBUNTU
* Using domain realm: WIN-SB6JAS7PH22
* Sending NetLogon ping to domain controller: WIN-SB6JAS7PH22
* Received NetLogon info from: WIN-SB6JAS7PH22
* Wrote out krb5.conf snippet to /tmp/adcli-
* Authenticated as default/reset computer account: UBUNTU
* Using LDAPS to connect to WIN-SB6JAS7PH22
* Looked up short domain name: TESTING
* Looked up domain SID: S-1-5-21-
* Using fully qualified name: ubuntu
* Using domain name: WIN-SB6JAS7PH22
* Using computer account name: UBUNTU
* Using domain realm: WIN-SB6JAS7PH22
* Using fully qualified name: ubuntu.
* Enrolling computer name: UBUNTU
* Generated 120 character computer password
* Using keytab: FILE:/etc/
* Found computer account for UBUNTU$ at: CN=UBUNTU,
* Retrieved kvno '12' for computer account in directory: CN=UBUNTU,
* Password not too old, no change needed
* Sending NetLogon ping to domain controller: WIN-SB6JAS7PH22
* Received NetLogon info from: WIN-SB6JAS7PH22
* Modifying computer account: dNSHostName
* Checking RestrictedKrbHo
* Added RestrictedKrbHo
* Checking host/ubuntu.
* Added host/ubuntu.
* Checking RestrictedKrbHo
* Added RestrictedKrbHo
* Checking host/UBUNTU
* Added host/UBUNTU
Everything seems fine. Happy to mark Groovy as verified for adcli.