sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code

r17149: Fail the join if we cannot set any SPNs for the machine account.

Browse Source 
Disable the one we created and whine.
This commit is contained in:
Gerald Carter 2006-07-19 20:56:11 +00:00 committed by Gerald (Jerry) Carter
parent 859c51cf25
commit 1a7e81a4a8
1 changed files with 18 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
source/utils/net_ads.c
View File

@ -24,22 +24,6 @@
#include "includes.h" #include "includes.h"
#include "utils/net.h" #include "utils/net.h"
/* Macro for checking RPC error codes to make things more readable */
#if 0
#define CHECK_RPC_ERR(rpc, msg) \
if (!NT_STATUS_IS_OK(result = rpc)) { \
DEBUG(0, (msg ": %s\n", nt_errstr(result))); \
goto done; \
}
#define CHECK_RPC_ERR_DEBUG(rpc, debug_args) \
if (!NT_STATUS_IS_OK(result = rpc)) { \
DEBUG(0, debug_args); \
goto done; \
}
#endif
#ifdef HAVE_ADS #ifdef HAVE_ADS
int net_ads_usage(int argc, const char **argv) int net_ads_usage(int argc, const char **argv)
@ -1208,11 +1192,24 @@ int net_ads_join(int argc, const char **argv)
status = net_set_machine_spn( ctx, ads ); status = net_set_machine_spn( ctx, ads );
if ( !ADS_ERR_OK(status) ) { if ( !ADS_ERR_OK(status) ) {
d_fprintf(stderr, "Failed to set servicePrincipalNames. Only NTLM authentication will be possible.\n");
d_fprintf(stderr, "Please ensure that the DNS domain of this server matches the AD domain,\n");
d_fprintf(stderr, "Or rejoin with using Domain Admin credentials.\n");
/* don't fail */ d_fprintf(stderr, "Failed to set servicePrincipalNames. Please ensure that\n");
d_fprintf(stderr, "the DNS domain of this server matches the AD domain,\n");
d_fprintf(stderr, "Or rejoin with using Domain Admin credentials.\n");
/* Disable the machine account in AD. Better to fail than to leave
a confused admin. */
if ( net_ads_leave( 0, NULL ) != 0 ) {
d_fprintf( stderr, "Failed to disable machine account in AD. Please do so manually.\n");
}
/* clear out the machine password */
netdom_store_machine_account( lp_workgroup(), domain_sid, "" );
netdom_store_machine_account( short_domain_name, domain_sid, "" );
return -1;
} }
if ( !net_derive_salting_principal( ctx, ads ) ) { if ( !net_derive_salting_principal( ctx, ads ) ) {
@ -1891,15 +1888,12 @@ int net_ads_help(int argc, const char **argv)
{"GROUP", net_ads_group_usage}, {"GROUP", net_ads_group_usage},
{"PRINTER", net_ads_printer_usage}, {"PRINTER", net_ads_printer_usage},
{"SEARCH", net_ads_search_usage}, {"SEARCH", net_ads_search_usage},
#if 0
{"INFO", net_ads_info}, {"INFO", net_ads_info},
{"JOIN", net_ads_join}, {"JOIN", net_ads_join},
{"JOIN2", net_ads_join2},
{"LEAVE", net_ads_leave}, {"LEAVE", net_ads_leave},
{"STATUS", net_ads_status}, {"STATUS", net_ads_status},
{"PASSWORD", net_ads_password}, {"PASSWORD", net_ads_password},
{"CHANGETRUSTPW", net_ads_changetrustpw}, {"CHANGETRUSTPW", net_ads_changetrustpw},
#endif
{NULL, NULL} {NULL, NULL}
}; };
@ -1991,4 +1985,4 @@ int net_ads(int argc, const char **argv)
return net_ads_usage(argc, argv); return net_ads_usage(argc, argv);
} }
#endif #endif /* WITH_ADS */