From 36e35c860cebc5e3f3d2199742c7f46d5ef7b778 Mon Sep 17 00:00:00 2001

From: Stef Walter <stefw@redhat.com>

Date: Fri, 16 Oct 2015 11:41:14 +0200

Subject: [PATCH] Revert "service: Prefer adcli over samba for most credential

 types"

This reverts commit 70878dec6e23226ab25f731654ab53cc0e7b11c3.

---

 service/realm-sssd-ad.c | 19 ++++++++++++++++---

 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c

index c7ffe8a..39fcf81 100644

--- a/service/realm-sssd-ad.c

+++ b/service/realm-sssd-ad.c

@@ -343,13 +343,26 @@ parse_join_options (JoinClosure *join,

 		}

 	/*

-	 * For other valid types of credentials we prefer adcli.

+	 * If we are enrolling with a ccache, then prefer to use adcli over samba.

+	 * There have been some strange corner case problems when using samba with

+	 * a ccache.

 	 */

-	} else if (cred->type == REALM_CREDENTIAL_CCACHE ||

-	           (cred->type == REALM_CREDENTIAL_PASSWORD && cred->owner == REALM_CREDENTIAL_OWNER_ADMIN)) {

+	} else if (cred->type == REALM_CREDENTIAL_CCACHE) {

 		if (!software)

 			software = REALM_DBUS_IDENTIFIER_ADCLI;

+	/*

+	 * For other supported enrolling credentials, we support either adcli or

+	 * samba. But since adcli is pretty immature at this point, we use samba

+	 * by default. Samba falls over with hostnames that are not perfectly

+	 * specified, so use adcli there.

+	 */

+	} else if (cred->type == REALM_CREDENTIAL_PASSWORD && cred->owner == REALM_CREDENTIAL_OWNER_ADMIN) {

+		if (!software && join->disco->explicit_server)

+			software = REALM_DBUS_IDENTIFIER_ADCLI;

+		else if (!software)

+			software = REALM_DBUS_IDENTIFIER_SAMBA;

+

 	/* It would be odd to get here */

 	} else {

 		g_set_error (error, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,

-- 

2.5.0