Univention Bugzilla – Attachment 9377 Details for
Bug 45904
Critical: Check Kerberos authenticated DNS updates
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch draft
bug45904.patch (text/plain), 2.23 KB, created by
Arvid Requate
on 2018-02-05 19:48:04 CET
(
hide
)
Description:
patch draft
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2018-02-05 19:48:04 CET
Size:
2.23 KB
patch
obsolete
>diff --git a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/46_kerberos_ddns_update.py b/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/46_kerberos_ddns_update.py >index 01edd5dc21..27110ec4b2 100755 >--- a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/46_kerberos_ddns_update.py >+++ b/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/46_kerberos_ddns_update.py >@@ -36,6 +36,7 @@ import contextlib > > import univention.lib.admember > import univention.config_registry >+import univention.admin.uldap > from univention.management.console.modules.diagnostic import Critical > from univention.management.console.modules.diagnostic import util > >@@ -116,17 +117,36 @@ def check_dns_server_principal(hostname, domainname): > nsupdate(hostname, hostname, domainname) > > >+def is_s4_domain(config_registry): >+ ldap_hostdn = config_registry.get('ldap/hostdn') >+ (ldap_connection, position) = univention.admin.uldap.getMachineConnection() >+ filter_expression = '(univentionService=S4 Connector)' >+ res = ldap_connection.search(filter=filter_expression) >+ if res: >+ return True >+ return False >+ >+def has_service_samba_or_samba4(config_registry): >+ ldap_hostdn = config_registry.get('ldap/hostdn') >+ (ldap_connection, position) = univention.admin.uldap.getMachineConnection() >+ filter_expression = '(|(univentionService=Samba 3)(univentionService=Samba 4))' >+ res = ldap_connection.search(base=ldap_hostdn, filter=filter_expression) >+ if res: >+ return True >+ return False >+ > def check_nsupdate(config_registry): > server = get_server(config_registry) > hostname = config_registry.get('hostname') > domainname = config_registry.get('domainname') >- is_dc = config_registry.get('samba4/role') == 'DC' > >- try: >- check_dns_machine_principal(server, hostname, domainname) >- except UpdateError as error: >- yield error >+ if is_s4_domain() and has_service_samba_or_samba4(config_registry): >+ try: >+ check_dns_machine_principal(server, hostname, domainname) >+ except UpdateError as error: >+ yield error > >+ is_dc = config_registry.get('samba4/role') == 'DC' > if is_dc: > try: > check_dns_server_principal(hostname, domainname)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9377">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 45904
: 9377