False positive from net ads testjoin

Ken Cross kcross at nssolutions.com
Fri Jan 17 18:53:01 GMT 2003


Samba critters:

Running with SAMBA_3_0, the following sequence gives incorrect results
from the last "net ads testjoin":

  # net ads testjoin -P
  ERROR: Unable to fetch machine password

  # net ads join -U ...
  Joined 'KJCTST' to realm 'WIN2DOM.LOCAL'

  # net ads testjoin -P
  Join is OK

  # net ads leave
  Removed 'KJCTST' from realm 'WIN2DOM.LOCAL'

  # net ads testjoin -P
  [2003/01/17 13:40:03, 0] libads/kerberos.c:ads_kinit_password(133)
    kerberos_kinit_password KJCTST$@WIN2DOM.LOCAL failed: Client not
found in Kerberos database
  Join is OK

If the purpose of "net ads testjoin" is to determine whether the join is
currently valid, it's returning the wrong results.

The following is a fix, though it may not be the Best Fix:


# cvs diff -pu net_ads.c
Index: net_ads.c
===================================================================
RCS file: /cvsroot/samba/source/utils/net_ads.c,v
retrieving revision 1.37.2.10
diff -p -u -r1.37.2.10 net_ads.c
--- net_ads.c   15 Jan 2003 18:57:41 -0000      1.37.2.10
+++ net_ads.c   17 Jan 2003 18:48:24 -0000
@@ -586,6 +586,11 @@ static int net_ads_join_ok(void)
                return -1;
        }
 
+        if (!ads->auth.user_name || !ads->auth.realm || 
+            ads_kinit_password(ads)) {
+                return -1;
+        }
+
        ads_destroy(&ads);
        return 0;
}

Ken




More information about the samba-technical mailing list