|
 |
86624f |
From f5a5b00033a3d9d55cb8661d1cf5e63facc1ea72 Mon Sep 17 00:00:00 2001
|
|
|
86624f |
From: Sumit Bose <sbose@redhat.com>
|
|
|
86624f |
Date: Tue, 11 Aug 2020 11:18:17 +0200
|
|
|
86624f |
Subject: [PATCH] service: use net ads join with -k for user join as well
|
|
|
86624f |
|
|
|
86624f |
The NTLM authentication used by 'net ads join' does only support crypto
|
|
|
86624f |
algorithms which e.g. are not allowed by FIPS. It would be better to
|
|
|
86624f |
tell 'net ads join' to try Kerberos first before falling back to NTLM by
|
|
|
86624f |
adding the '-k' option.
|
|
|
86624f |
|
|
|
86624f |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1859503
|
|
|
86624f |
---
|
|
|
86624f |
service/realm-samba-enroll.c | 3 ++-
|
|
|
86624f |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
86624f |
|
|
|
86624f |
diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
|
|
|
86624f |
index f5edca3..3f86c51 100644
|
|
|
86624f |
--- a/service/realm-samba-enroll.c
|
|
|
86624f |
+++ b/service/realm-samba-enroll.c
|
|
|
86624f |
@@ -372,7 +372,8 @@ begin_join (GTask *task,
|
|
|
86624f |
} else if (join->user_name) {
|
|
|
86624f |
begin_net_process (join, join->password_input,
|
|
|
86624f |
on_join_do_keytab, g_object_ref (task),
|
|
|
86624f |
- "-U", join->user_name, "ads", "join", join->disco->domain_name,
|
|
|
86624f |
+ "-U", join->user_name,
|
|
|
86624f |
+ "-k", "ads", "join", join->disco->domain_name,
|
|
|
86624f |
join->join_args[0], join->join_args[1],
|
|
|
86624f |
join->join_args[2], join->join_args[3],
|
|
|
86624f |
join->join_args[4], NULL);
|
|
|
86624f |
--
|
|
|
86624f |
2.26.2
|
|
|
86624f |
|