search

abbra / freeipa

Mirror of FreeIPA, an integrated security information management solution
http://www.freeipa.org
GNU General Public License v3.0
2 stars 1 forks source link

gcinstance: preconfigure service principal aliases for GC as expected… #38

Closed abbra closed 4 years ago

abbra commented 4 years ago

… by MS-DRSR

AD DCs expect RPC service principal name to exist for the machine account of the domain controller they talk to. Since in FreeIPA case Kerberos principals for host/ and cifs/ are separate, we need to add RPC/... alias to cifs/... principal.

There are other service principal names for GC that are expected to exist according to MS-DRSR 2.2.3 and 2.2.4 sections. Refactor GC instance code to include all of them.

Signed-off-by: Alexander Bokovoy abokovoy@redhat.com

abbra commented 4 years ago

/azp rerun

azure-pipelines[bot] commented 4 years ago
Command 'rerun' is not supported by Azure Pipelines.

Supported commands
  • help:
    • Get descriptions, examples and documentation about supported commands
    • Example: help "command_name"
  • list:
    • List all pipelines for this repository using a comment.
    • Example: "list"
  • run:
    • Run all pipelines or specific pipelines for this repository using a comment. Use this command by itself to trigger all related pipelines, or specify specific pipelines to run.
    • Example: "run" or "run pipeline_name, pipeline_name, pipeline_name"
  • where:
    • Report back the Azure DevOps orgs that are related to this repository and org
    • Example: "where"

See additional documentation.
abbra commented 4 years ago

/azp run

azure-pipelines[bot] commented 4 years ago
Azure Pipelines successfully started running 1 pipeline(s).
abbra commented 4 years ago

/azp run

azure-pipelines[bot] commented 4 years ago
Azure Pipelines successfully started running 1 pipeline(s).
abbra commented 4 years ago

tox tests are currently failing due to new pytest 6.0 release which is incompatible with some of IPA pytest code. Stas is working on the fixes.

abbra commented 4 years ago

Now it works during uninstallation. @flo-renaud, please let me know if you find other issues tomorrow -- otherwise I'll merge this manually due to Tox failures preventing automated merge.

flo-renaud commented 4 years ago

@abbra thanks for the commit, LGTM. The aliases are consistent with the description in https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/894d0999-7d79-4e81-a407-7bcf6522b0a7 and https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/41efc56e-0007-4e88-bafe-d7af61efd91f

abbra commented 4 years ago

Merged manually after updating to master.