|
|
c1b752 |
From 36e35c860cebc5e3f3d2199742c7f46d5ef7b778 Mon Sep 17 00:00:00 2001
|
|
|
c1b752 |
From: Stef Walter <stefw@redhat.com>
|
|
|
c1b752 |
Date: Fri, 16 Oct 2015 11:41:14 +0200
|
|
|
c1b752 |
Subject: [PATCH] Revert "service: Prefer adcli over samba for most credential
|
|
|
c1b752 |
types"
|
|
|
c1b752 |
|
|
|
c1b752 |
This reverts commit 70878dec6e23226ab25f731654ab53cc0e7b11c3.
|
|
|
c1b752 |
---
|
|
|
c1b752 |
service/realm-sssd-ad.c | 19 ++++++++++++++++---
|
|
|
c1b752 |
1 file changed, 16 insertions(+), 3 deletions(-)
|
|
|
c1b752 |
|
|
|
c1b752 |
diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
|
|
|
c1b752 |
index c7ffe8a..39fcf81 100644
|
|
|
c1b752 |
--- a/service/realm-sssd-ad.c
|
|
|
c1b752 |
+++ b/service/realm-sssd-ad.c
|
|
|
c1b752 |
@@ -343,13 +343,26 @@ parse_join_options (JoinClosure *join,
|
|
|
c1b752 |
}
|
|
|
c1b752 |
|
|
|
c1b752 |
/*
|
|
|
c1b752 |
- * For other valid types of credentials we prefer adcli.
|
|
|
c1b752 |
+ * If we are enrolling with a ccache, then prefer to use adcli over samba.
|
|
|
c1b752 |
+ * There have been some strange corner case problems when using samba with
|
|
|
c1b752 |
+ * a ccache.
|
|
|
c1b752 |
*/
|
|
|
c1b752 |
- } else if (cred->type == REALM_CREDENTIAL_CCACHE ||
|
|
|
c1b752 |
- (cred->type == REALM_CREDENTIAL_PASSWORD && cred->owner == REALM_CREDENTIAL_OWNER_ADMIN)) {
|
|
|
c1b752 |
+ } else if (cred->type == REALM_CREDENTIAL_CCACHE) {
|
|
|
c1b752 |
if (!software)
|
|
|
c1b752 |
software = REALM_DBUS_IDENTIFIER_ADCLI;
|
|
|
c1b752 |
|
|
|
c1b752 |
+ /*
|
|
|
c1b752 |
+ * For other supported enrolling credentials, we support either adcli or
|
|
|
c1b752 |
+ * samba. But since adcli is pretty immature at this point, we use samba
|
|
|
c1b752 |
+ * by default. Samba falls over with hostnames that are not perfectly
|
|
|
c1b752 |
+ * specified, so use adcli there.
|
|
|
c1b752 |
+ */
|
|
|
c1b752 |
+ } else if (cred->type == REALM_CREDENTIAL_PASSWORD && cred->owner == REALM_CREDENTIAL_OWNER_ADMIN) {
|
|
|
c1b752 |
+ if (!software && join->disco->explicit_server)
|
|
|
c1b752 |
+ software = REALM_DBUS_IDENTIFIER_ADCLI;
|
|
|
c1b752 |
+ else if (!software)
|
|
|
c1b752 |
+ software = REALM_DBUS_IDENTIFIER_SAMBA;
|
|
|
c1b752 |
+
|
|
|
c1b752 |
/* It would be odd to get here */
|
|
|
c1b752 |
} else {
|
|
|
c1b752 |
g_set_error (error, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
|
|
|
c1b752 |
--
|
|
|
c1b752 |
2.5.0
|
|
|
c1b752 |
|