stdin-password dont seem to work. I'm preforming these commands on ubuntu 14.04 locate adcli /var/cache/apt/archives/adcli_0.7.5-1_amd64.deb shell: bash password like: 678yuihjkbnmBNM adcli preset-computer \ > --domain=matdc03.mathadtest.xxxxxx.ca \ > --domain-realm=MATHADTEST.XXXXXX.CA \ > --domain-controller=matdc03.mathadtest.xxxxxx.ca \ > --login-user=s8weber \ > --os-name=linux-gnu \ > --stdin-password \ > --verbose \ > debian-auth.salt.math.xxxxxx.ca <<< "PASSWPRD" * Using domain name: matdc03.mathadtest.xxxxxx.ca * Calculated computer account name from fqdn: MBP * Using domain realm: matdc03.mathadtest.xxxxxx.ca * Sending netlogon pings to domain controller: cldap://10.27.4.22 * Received NetLogon info from: MATDC03.mathadtest.xxxxxx.ca * Wrote out krb5.conf snippet to /tmp/adcli-krb5-y1KfHr/krb5.d/adcli-krb5-conf-pVyVyt ! Couldn't authenticate as: s8weber@MATHADTEST.XXXXXX.CA: Preauthentication failed adcli: couldn't connect to matdc03.mathadtest.xxxxxx.ca domain: Couldn't authenticate as: s8weber@MATHADTEST.XXXXXX.CA: Preauthentication failed echo PASSWPRD | adcli preset-computer \ > --domain=matdc03.mathadtest.xxxxxx.ca \ > --domain-realm=MATHADTEST.XXXXXX.CA \ > --domain-controller=matdc03.mathadtest.xxxxxx.ca \ > --login-user=s8weber \ > --os-name=linux-gnu \ > --stdin-password \ > --verbose \ > debian-auth.salt.math.xxxxxx.ca * Using domain name: matdc03.mathadtest.xxxxxx.ca * Calculated computer account name from fqdn: MBP * Using domain realm: matdc03.mathadtest.xxxxxx.ca * Sending netlogon pings to domain controller: cldap://10.27.4.22 * Received NetLogon info from: MATDC03.mathadtest.xxxxxx.ca * Wrote out krb5.conf snippet to /tmp/adcli-krb5-7qpIcI/krb5.d/adcli-krb5-conf-kfZ5qZ ! Couldn't authenticate as: s8weber@MATHADTEST.XXXXXX.CA: Preauthentication failed adcli: couldn't connect to matdc03.mathadtest.xxxxxx.ca domain: Couldn't authenticate as: s8weber@MATHADTEST.XXXXXX.CA: Preauthentication failed entering my password manually is success adcli preset-computer \172 > --domain=matdc03.mathadtest.xxxxxx.ca \ > --domain-realm=MATHADTEST.XXXXXX.CA \ > --domain-controller=matdc03.mathadtest.xxxxxx.ca \ > --login-user=s8weber \ > --os-name=linux-gnu \ > --verbose \ > debian-auth.salt.math.xxxxxx.ca * Using domain name: matdc03.mathadtest.xxxxxx.ca * Calculated computer account name from fqdn: MBP * Using domain realm: matdc03.mathadtest.xxxxxx.ca * Sending netlogon pings to domain controller: cldap://10.27.4.22 * Received NetLogon info from: MATDC03.mathadtest.xxxxxx.ca * Wrote out krb5.conf snippet to /tmp/adcli-krb5-L2JsKj/krb5.d/adcli-krb5-conf-OY5qHO Password for s8weber@MATHADTEST.XXXXXX.CA: * Authenticated as user: s8weber@MATHADTEST.XXXXXX.CA * Looked up short domain name: MATHADTEST * Using fully qualified name: mbp * Using domain name: matdc03.mathadtest.xxxxxx.ca * Using computer account name: MBP * Using domain realm: matdc03.mathadtest.xxxxxx.ca * Using fully qualified name: debian-auth.salt.math.xxxxxx.ca * Calculated computer account name from fqdn: DEBIAN-AUTH * Using default reset computer password * Using fully qualified name: mbp * Using domain name: matdc03.mathadtest.xxxxxx.ca * Using computer account name: MBP * Using domain realm: matdc03.mathadtest.xxxxxx.ca * Looked up short domain name: MATHADTEST * Found computer account for DEBIAN-AUTH$ at: CN=DEBIAN-AUTH,CN=Computers,DC=mathadtest,DC=xxxxxx,DC=ca ! The computer account DEBIAN-AUTH already exists adcli: presetting debian-auth.salt.math.xxxxxx.ca in matdc03.mathadtest.xxxxxx.ca domain failed: The computer account DEBIAN-AUTH already exists Am I missing something fundamental or is adcli at fault? Thanks.
You need to use 'echo -n | ....'
Created attachment 123916 [details] [review] [PATCH] Remove \n from stdin password This patch removes a trailing new-line character from the password given via stdin, this should fix all typical command-libe use-case.
Comment on attachment 123916 [details] [review] [PATCH] Remove \n from stdin password Review of attachment 123916 [details] [review]: ----------------------------------------------------------------- Are there no cases where \n is in a valid AD password? If so, this patch has no tradeoffs. Just double checking. ::: tools/tools.c @@ +250,5 @@ > > } else if (res == 0) { > buffer[offset] = '\0'; > + /* remove new line character */ > + if (offset > 0 && buffer[offset - 1] == '\n') { Should this remove \r\n?
(In reply to Stef Walter from comment #3) > Comment on attachment 123916 [details] [review] [review] > [PATCH] Remove \n from stdin password > > Review of attachment 123916 [details] [review] [review]: > ----------------------------------------------------------------- > > Are there no cases where \n is in a valid AD password? If so, this patch has > no tradeoffs. Just double checking. According to https://msdn.microsoft.com/en-us/library/bb726984.aspx "Valid characters for passwords are letters, numbers, and symbols." > > ::: tools/tools.c > @@ +250,5 @@ > > > > } else if (res == 0) { > > buffer[offset] = '\0'; > > + /* remove new line character */ > > + if (offset > 0 && buffer[offset - 1] == '\n') { > > Should this remove \r\n? I'll add a check for \r\n as well although I doubt that we see this often with Unix/Linux shell usage. But if the password is stored in a file with \r\n linebreaks this will help.
Created attachment 123942 [details] [review] [PATCH] Remove \n or \r\n from stdin password New version which can remove \r\n as well.
Wonderful. Merged into master.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.