From d813722a34597dd33d06a558de6bc6cc2c2adb97 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 3 Apr 2020 15:58:28 +0200 Subject: [PATCH 1/2] s3:libads: Fix ads_get_upn() This adds the userPrincipalName to ads_find_machine_acct() which fetches the data for us. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14336 Signed-off-by: Andreas Schneider Reviewed-by: Alexander Bokovoy (cherry picked from commit ec69752cb963ae850568d3f4905d2941e485627e) --- source3/libads/ldap.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 979192eb3ed..8ad76ed0ae9 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -1373,6 +1373,7 @@ char *ads_parent_dn(const char *dn) "userAccountControl", "DnsHostName", "ServicePrincipalName", + "userPrincipalName", "unicodePwd", /* Additional attributes Samba checks */ -- 2.26.0 From 9ecf7552c15ca4c7ff71b5c9348aae03b0012bc0 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 3 Apr 2020 15:40:48 +0200 Subject: [PATCH 2/2] testprogs: Add 'net ads join createupn' test also verifying the keytab BUG: https://bugzilla.samba.org/show_bug.cgi?id=14336 Signed-off-by: Andreas Schneider Reviewed-by: Alexander Bokovoy Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Mon Apr 6 19:09:53 UTC 2020 on sn-devel-184 (cherry picked from commit c4be195da2845be4f64e47883e3c911dedd90e48) --- testprogs/blackbox/test_net_ads.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh index 8bcff006b8e..95c0cf76f90 100755 --- a/testprogs/blackbox/test_net_ads.sh +++ b/testprogs/blackbox/test_net_ads.sh @@ -237,6 +237,23 @@ testit "leave+createcomputer" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_P testit "Remove OU=Servers" $VALGRIND $ldbdel -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER "OU=Servers,$base_dn" +# +# Test createupn option of 'net ads join' +# +testit "join+createupn" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD createupn="host/test-$HOSTNAME@$REALM" || failed=`expr $failed + 1` + +testit_grep "checkupn" "userPrincipalName: host/test-$HOSTNAME@$REALM" $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -s base -b "CN=$HOSTNAME,CN=Computers,$base_dn" || failed=`expr $failed + 1` + +dedicated_keytab_file="$PREFIX_ABS/test_net_create_dedicated_krb5.keytab" + +testit "create_keytab" $VALGRIND $net_tool ads keytab create --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1` + +testit_grep "checkupn+keytab" "host/test-$HOSTNAME@$REALM" $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1` + +rm -f $dedicated_keytab_file + +testit "leave+createupn" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` + rm -rf $BASEDIR/$WORKDIR exit $failed -- 2.26.0