False positive from net ads testjoin
Ken Cross
kcross at nssolutions.com
Fri Jan 17 18:53:01 GMT 2003
Samba critters:
Running with SAMBA_3_0, the following sequence gives incorrect results
from the last "net ads testjoin":
# net ads testjoin -P
ERROR: Unable to fetch machine password
# net ads join -U ...
Joined 'KJCTST' to realm 'WIN2DOM.LOCAL'
# net ads testjoin -P
Join is OK
# net ads leave
Removed 'KJCTST' from realm 'WIN2DOM.LOCAL'
# net ads testjoin -P
[2003/01/17 13:40:03, 0] libads/kerberos.c:ads_kinit_password(133)
kerberos_kinit_password KJCTST$@WIN2DOM.LOCAL failed: Client not
found in Kerberos database
Join is OK
If the purpose of "net ads testjoin" is to determine whether the join is
currently valid, it's returning the wrong results.
The following is a fix, though it may not be the Best Fix:
# cvs diff -pu net_ads.c
Index: net_ads.c
===================================================================
RCS file: /cvsroot/samba/source/utils/net_ads.c,v
retrieving revision 1.37.2.10
diff -p -u -r1.37.2.10 net_ads.c
--- net_ads.c 15 Jan 2003 18:57:41 -0000 1.37.2.10
+++ net_ads.c 17 Jan 2003 18:48:24 -0000
@@ -586,6 +586,11 @@ static int net_ads_join_ok(void)
return -1;
}
+ if (!ads->auth.user_name || !ads->auth.realm ||
+ ads_kinit_password(ads)) {
+ return -1;
+ }
+
ads_destroy(&ads);
return 0;
}
Ken
More information about the samba-technical
mailing list