From 36e35c860cebc5e3f3d2199742c7f46d5ef7b778 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Fri, 16 Oct 2015 11:41:14 +0200 Subject: [PATCH] Revert "service: Prefer adcli over samba for most credential types" This reverts commit 70878dec6e23226ab25f731654ab53cc0e7b11c3. --- service/realm-sssd-ad.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c index c7ffe8a..39fcf81 100644 --- a/service/realm-sssd-ad.c +++ b/service/realm-sssd-ad.c @@ -343,13 +343,26 @@ parse_join_options (JoinClosure *join, } /* - * For other valid types of credentials we prefer adcli. + * If we are enrolling with a ccache, then prefer to use adcli over samba. + * There have been some strange corner case problems when using samba with + * a ccache. */ - } else if (cred->type == REALM_CREDENTIAL_CCACHE || - (cred->type == REALM_CREDENTIAL_PASSWORD && cred->owner == REALM_CREDENTIAL_OWNER_ADMIN)) { + } else if (cred->type == REALM_CREDENTIAL_CCACHE) { if (!software) software = REALM_DBUS_IDENTIFIER_ADCLI; + /* + * For other supported enrolling credentials, we support either adcli or + * samba. But since adcli is pretty immature at this point, we use samba + * by default. Samba falls over with hostnames that are not perfectly + * specified, so use adcli there. + */ + } else if (cred->type == REALM_CREDENTIAL_PASSWORD && cred->owner == REALM_CREDENTIAL_OWNER_ADMIN) { + if (!software && join->disco->explicit_server) + software = REALM_DBUS_IDENTIFIER_ADCLI; + else if (!software) + software = REALM_DBUS_IDENTIFIER_SAMBA; + /* It would be odd to get here */ } else { g_set_error (error, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, -- 2.5.0