Sorry, I was on vaccation.
I can confirm that the backports work as expected with "ad_use_ldaps =
True" on both bionic and focal.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Suppor
I've done a fairly simple test using the latest Ubuntu 18.04 and can
confirm that with "ad_use_ldaps = True" set in sssd.conf, sssd appears
to only be making connections over ports 636 & 3269.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ub
Hi Tobias, Thorstein, and anyone who is after a backport of these
patches,
I have completed backporting the below patches to the Bionic and Focal
adcli and sssd packages, and I am looking for some help with testing. If
you have some spare time, a Windows Active Directory server available,
and some
** Changed in: adcli (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: adcli (Ubuntu Bionic)
Status: Confirmed => In Progress
** Changed in: adcli (Ubuntu Bionic)
Assignee: (unassigned) => Matthew Ruffell (mruffell)
** Changed in: adcli (Ubuntu Focal)
Importance: U
Yes, that's the plan.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Support new AD requirements (ADV190023)
To manage notifications about this bug go to:
https://bugs.launchpad.net/c
Can we now get patched adcli and sssd backported to bionic and focal?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Support new AD requirements (ADV190023)
To manage notifications ab
This bug was fixed in the package adcli - 0.9.0-1ubuntu1
---
adcli (0.9.0-1ubuntu1) groovy; urgency=medium
* New features (LP: #1893784):
- d/p/tools-add-show-computer-command.patch: add a show-computer
command to print the LDAP attrs of the computer object
- d/p/add-d
This one is a bit more risky, as it changes the default behavior of now
preferring GSS-SPNEGO if available. We missed taking care of this one
earlier, so arguments 'it's too late' do not make much sense. I assume
that the server team did enough testing of this in the meantime, so I
think we can ris
** Changed in: adcli (Ubuntu Eoan)
Status: Confirmed => Won't Fix
** Changed in: adcli (Ubuntu Disco)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
** Description changed:
Please backport the following patch to add the option ad_use_ldaps.
With this new boolean option the AD provider should only use the LDAPS port
636 and the Global Catalog port 3629 which is TLS protected as well.
https://github.com/SSSD/sssd/pull/969
This is
Switched bug to "New" so it can be considered by the release team.
** Changed in: adcli (Ubuntu Groovy)
Status: Confirmed => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
** Bug watch added: github.com/cyrusimap/cyrus-sasl/issues #600
https://github.com/cyrusimap/cyrus-sasl/issues/600
** Also affects: cyrus-sasl2 via
https://github.com/cyrusimap/cyrus-sasl/issues/600
Importance: Unknown
Status: Unknown
--
You received this bug notification because
Oh, I missed that this was an update for the *client* (windows 10), not
the server. Hm. Confusing.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Support new AD requirements (ADV190023
https://support.microsoft.com/en-us/help/4559003/windows-10-update-
kb4559003
Reading beyond the "highlights", one can see:
"Addresses an issue that incorrectly reports Lightweight Directory
Access Protocol (LDAP) sessions as unsecure sessions in Event ID 2889.
This occurs when the LDAP session i
That is very likely, but first I have to get it into groovy, which is
past Feature Freeze. The MP was approved already, but I need a +1 from
the release team before uploading.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bug
Are there any indications of this being included in Focal and Bionic
anytime soon?
We're looking at a setup with RHEL 7 and 8 servers where we can use
ad_use_ldaps and Ubuntu servers where we cannot.. It would be nicer to
be able to use the same config on both :) Unfortunately the network guys
wan
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: sssd (Ubuntu Bionic)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: adcli (Ubuntu Eoan)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: adcli (Ubuntu Groovy)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: adcli (Ubuntu Bionic)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: adcli (Ubuntu Disco)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: adcli (Ubuntu Focal)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
** Description changed:
Please backport the following patch to add the option ad_use_ldaps.
With this new boolean option the AD provider should only use the LDAPS port
636 and the Global Catalog port 3629 which is TLS protected as well.
https://github.com/SSSD/sssd/pull/969
This is
** Description changed:
Please backport the following patch to add the option ad_use_ldaps.
With this new boolean option the AD provider should only use the LDAPS port
636 and the Global Catalog port 3629 which is TLS protected as well.
https://github.com/SSSD/sssd/pull/969
This is
** Merge proposal linked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/adcli/+git/adcli/+merge/390164
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868703
Title:
Support new AD requirem
I wonder if Microsoft changed the behaviour since early this year? I've
seen mailing list posts stating that a simple ldapsearch with gssapi
would succeed, even with the server enforcing rules on signing enabled,
but still log the 2889 event. But I don't see that now.
This works and does not produ
26 matches
Mail list logo
