From: Andreas Schneider <asn@samba.org>
Date: Mon, 29 Mar 2021 11:16:28 +0000 (+0200)
Subject: s3:utils: The 'net ads keytab' commands should use machine credentials
X-Git-Tag: tevent-0.11.0~1345
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=140007bfe1795e5bc5bca43238b6be03e0693f9e;p=thirdparty%2Fsamba.git

s3:utils: The 'net ads keytab' commands should use machine credentials

If the user doesn't specify a username/password on the command line, we
should use the machine credentials to connect to AD. This is how it is
used by default and we should be able to retrieve SPNs.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 30 06:48:18 UTC 2021 on sn-devel-184
---

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index bc42ddda9cb..5300dfbef80 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -3030,6 +3030,10 @@ static int net_ads_keytab_flush(struct net_context *c, int argc, const char **ar
 		return 0;
 	}
 
+	if (!c->opt_user_specified && c->opt_password == NULL) {
+		net_use_krb_machine_account(c);
+	}
+
 	if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
 		return -1;
 	}
@@ -3058,6 +3062,11 @@ static int net_ads_keytab_add(struct net_context *c,
 	}
 
 	d_printf(_("Processing principals to add...\n"));
+
+	if (!c->opt_user_specified && c->opt_password == NULL) {
+		net_use_krb_machine_account(c);
+	}
+
 	if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
 		return -1;
 	}
@@ -3096,6 +3105,10 @@ static int net_ads_keytab_create(struct net_context *c, int argc, const char **a
 		return 0;
 	}
 
+	if (!c->opt_user_specified && c->opt_password == NULL) {
+		net_use_krb_machine_account(c);
+	}
+
 	if (!ADS_ERR_OK(ads_startup(c, true, &ads))) {
 		return -1;
 	}