Update radcli gem with latest adcli code #23
Comments
|
Hi @wiad |
|
I am actually pretty rubbish at ruby and much prefer to install and use pre-packaged (rpm) rubygems, so I don't feel really comfortable with it. I will check with a colleague of mine who is much better versed in ruby. |
|
The radcli library has been updated with the latest adcli release, version 0.9.0 from September 3, 2019. rubgem: https://rubygems.org/gems/radcli/versions/1.1.0 |
|
This happened in nightly now -- would y'all mind testing it if possible? |
|
Sure, i can. |
|
Yes. You should also be able to just use the rpm directly on any install: https://yum.theforeman.org/plugins/nightly/el8/x86_64/rubygem-radcli-1.1.0-1.el8.x86_64.rpm |
|
New Microsoft patches for Active Directory will prohibit the use of unsigned and simple binds. The use of GSSAPI, which radcli/adcli uses, is registered as an unsigned auth request. There is a discussion about this regarding SSSD which uses adcli for renewing machine account passwords.
https://www.mail-archive.com/[email protected]&q=subject:%22%5C%5BSSSD%5C-users%5C%5D+Re%5C%3A+How+do+new+LDAP+security+recommendations+from+MS+affect+sssd+clients%5C%3F%22&o=oldest
Long story short, using SPNEGO instead of GSSAPI fixes this and adcli is patched to try SPNEGO since a couple of weeks back:
https://gitlab.freedesktop.org/realmd/adcli/commit/a6f795ba3d6048b32d7863468688bf7f42b2cafd
So it would be nice if the
rubygem-radcliwas rebuilt with the latest adcli code. There is also other stuff from radcli which would be nice to get (for example #20).The text was updated successfully, but these errors were encountered: