samba/sme10/samba-v4-6-fix-net-ads-keytab-handling.patch

From e73223b0edc62a6e89f68fe5f0a3c56cd14322de Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 13 Mar 2017 17:30:37 +0100
Subject: [PATCH 1/5] testprogs: Correctly expand shell parameters

The old behaviour is:

  for var in $*
  do
    echo "$var"
  done

And you get this:

$ sh test.sh 1 2 '3 4'
1
2
3
4

Changing it to:

  for var in "$@"
  do
    echo "$var"
  done

will correctly expand to:

$ sh test.sh 1 2 '3 4'
1
2
3 4

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 15 05:26:17 CET 2017 on sn-devel-144

(cherry picked from commit acad0adc2977ca26df44e5b22d8b8e991177af71)
---
 testprogs/blackbox/subunit.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/testprogs/blackbox/subunit.sh b/testprogs/blackbox/subunit.sh
index 0791d775d27..5c81ce20a11 100755
--- a/testprogs/blackbox/subunit.sh
+++ b/testprogs/blackbox/subunit.sh
@@ -78,7 +78,7 @@ subunit_skip_test () {
 testit () {
        name="$1"
        shift
-       cmdline="$*"
+       cmdline="$@"
        subunit_start_test "$name"
        output=`$cmdline 2>&1`
        status=$?
@@ -93,7 +93,7 @@ testit () {
 testit_expect_failure () {
        name="$1"
        shift
-       cmdline="$*"
+       cmdline="$@"
        subunit_start_test "$name"
        output=`$cmdline 2>&1`
        status=$?
-- 
2.12.0


From 7a729d0c4ff2e423bd500f6e0acd91f2ba766b68 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 13 Mar 2017 16:11:39 +0100
Subject: [PATCH 2/5] krb5_wrap: Print a warning for an invalid keytab name

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit a6a527e1e83a979ef035c49a087b5e79599c10a4)
---
 lib/krb5_wrap/krb5_samba.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 10b42dec53f..fd8e4a96071 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1187,6 +1187,8 @@ krb5_error_code smb_krb5_kt_open(krb5_context context,
                goto open_keytab;
        }
 
+       DBG_WARNING("ERROR: Invalid keytab name: %s\n", keytab_name_req);
+
        return KRB5_KT_BADNAME;
 
 open_keytab:
-- 
2.12.0


From 8efd7f6c759a65ab83d7ec679915ea2a0d3752f3 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 13 Mar 2017 16:24:52 +0100
Subject: [PATCH 3/5] s3:libads: Correctly handle the keytab kerberos methods

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit ca2d8f3161c647c425c8c1eaaac1837c2e97faad)
---
 source3/libads/kerberos_keytab.c | 69 +++++++++++++++++++++++++++++++++-------
 1 file changed, 57 insertions(+), 12 deletions(-)

diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 3c73b089bbb..96df10fcf65 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -34,6 +34,57 @@
 
 #ifdef HAVE_ADS
 
+/* This MAX_NAME_LEN is a constant defined in krb5.h */
+#ifndef MAX_KEYTAB_NAME_LEN
+#define MAX_KEYTAB_NAME_LEN 1100
+#endif
+
+static krb5_error_code ads_keytab_open(krb5_context context,
+                                      krb5_keytab *keytab)
+{
+       char keytab_str[MAX_KEYTAB_NAME_LEN] = {0};
+       const char *keytab_name = NULL;
+       krb5_error_code ret = 0;
+
+       switch (lp_kerberos_method()) {
+       case KERBEROS_VERIFY_SYSTEM_KEYTAB:
+       case KERBEROS_VERIFY_SECRETS_AND_KEYTAB:
+               ret = krb5_kt_default_name(context,
+                                          keytab_str,
+                                          sizeof(keytab_str) - 2);
+               if (ret != 0) {
+                       DBG_WARNING("Failed to get default keytab name");
+                       goto out;
+               }
+               keytab_name = keytab_str;
+               break;
+       case KERBEROS_VERIFY_DEDICATED_KEYTAB:
+               keytab_name = lp_dedicated_keytab_file();
+               break;
+       default:
+               DBG_ERR("Invalid kerberos method set (%d)\n",
+                       lp_kerberos_method());
+               ret = KRB5_KT_BADNAME;
+               goto out;
+       }
+
+       if (keytab_name == NULL || keytab_name[0] == '\0') {
+               DBG_ERR("Invalid keytab name\n");
+               ret = KRB5_KT_BADNAME;
+               goto out;
+       }
+
+       ret = smb_krb5_kt_open(context, keytab_name, true, keytab);
+       if (ret != 0) {
+               DBG_WARNING("smb_krb5_kt_open failed (%s)\n",
+                           error_message(ret));
+               goto out;
+       }
+
+out:
+       return ret;
+}
+
 /**********************************************************************
  Adds a single service principal, i.e. 'host' to the system keytab
 ***********************************************************************/
@@ -75,10 +126,8 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
                return -1;
        }
 
-       ret = smb_krb5_kt_open(context, NULL, True, &keytab);
-       if (ret) {
-               DEBUG(1, ("smb_krb5_kt_open failed (%s)\n",
-                         error_message(ret)));
+       ret = ads_keytab_open(context, &keytab);
+       if (ret != 0) {
                goto out;
        }
 
@@ -262,10 +311,8 @@ int ads_keytab_flush(ADS_STRUCT *ads)
                return ret;
        }
 
-       ret = smb_krb5_kt_open(context, NULL, True, &keytab);
-       if (ret) {
-               DEBUG(1, ("smb_krb5_kt_open failed (%s)\n",
-                         error_message(ret)));
+       ret = ads_keytab_open(context, &keytab);
+       if (ret != 0) {
                goto out;
        }
 
@@ -447,10 +494,8 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
        DEBUG(3, (__location__ ": Searching for keytab entries to preserve "
                  "and update.\n"));
 
-       ret = smb_krb5_kt_open(context, NULL, True, &keytab);
-       if (ret) {
-               DEBUG(1, ("smb_krb5_kt_open failed (%s)\n",
-                         error_message(ret)));
+       ret = ads_keytab_open(context, &keytab);
+       if (ret != 0) {
                goto done;
        }
 
-- 
2.12.0


From d755048c0797e1c88382d63ae90e6ca0dceebb71 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 13 Mar 2017 17:28:58 +0100
Subject: [PATCH 4/5] param: Allow to specify kerberos method on the
 commandline

We support --option for our tools but you cannot set an option where the
value of the option includes a space.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 12d26899a45ce5d05ac4279fa5915318daa4f2e0)
---
 lib/param/param_table.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/param/param_table.c b/lib/param/param_table.c
index 4b5234a7c9e..9a944ef19b3 100644
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -202,9 +202,13 @@ static const struct enum_list enum_smbd_profiling_level[] = {
 static const struct enum_list enum_kerberos_method[] = {
        {KERBEROS_VERIFY_SECRETS, "default"},
        {KERBEROS_VERIFY_SECRETS, "secrets only"},
+       {KERBEROS_VERIFY_SECRETS, "secretsonly"},
        {KERBEROS_VERIFY_SYSTEM_KEYTAB, "system keytab"},
+       {KERBEROS_VERIFY_SYSTEM_KEYTAB, "systemkeytab"},
        {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicated keytab"},
+       {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicatedkeytab"},
        {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secrets and keytab"},
+       {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secretsandkeytab"},
        {-1, NULL}
 };
 
-- 
2.12.0


From 1916ab4c51bdde58480259d4b45dbcf9c0c46842 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 13 Mar 2017 16:34:05 +0100
Subject: [PATCH 5/5] testprogs: Test 'net ads join' with a dedicated keytab

This checks that a 'net ads join' can create the keytab and make sure we
will not regress in future.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 00e22fe3f63f986978d946e063e19e615cb00ab3)
---
 testprogs/blackbox/test_net_ads.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh
index 8e915cdcf1f..99b886f53eb 100755
--- a/testprogs/blackbox/test_net_ads.sh
+++ b/testprogs/blackbox/test_net_ads.sh
@@ -35,6 +35,15 @@ testit "testjoin" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed +
 
 testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
 
+# Test with kerberos method = secrets and keytab
+dedicated_keytab_file="$PREFIX_ABS/test_net_ads_dedicated_krb5.keytab"
+testit "join (decicated keytab)" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
+
+testit "testjoin (dedicated keytab)" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
+
+testit "leave (dedicated keytab)" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+rm -f $dedicated_keytab_file
+
 testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
 
 testit "join+kerberos" $VALGRIND $net_tool ads join -kU$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
-- 
2.12.0

1	jpp	1.1	From e73223b0edc62a6e89f68fe5f0a3c56cd14322de Mon Sep 17 00:00:00 2001
2			From: Andreas Schneider <asn@samba.org>
3			Date: Mon, 13 Mar 2017 17:30:37 +0100
4			Subject: [PATCH 1/5] testprogs: Correctly expand shell parameters
5
6			The old behaviour is:
7
8			for var in $*
9			do
10			echo "$var"
11			done
12
13			And you get this:
14
15			$ sh test.sh 1 2 '3 4'
16			1
17			2
18			3
19			4
20
21			Changing it to:
22
23			for var in "$@"
24			do
25			echo "$var"
26			done
27
28			will correctly expand to:
29
30			$ sh test.sh 1 2 '3 4'
31			1
32			2
33			3 4
34
35			Signed-off-by: Andreas Schneider <asn@samba.org>
36			Reviewed-by: Jeremy Allison <jra@samba.org>
37
38			Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
39			Autobuild-Date(master): Wed Mar 15 05:26:17 CET 2017 on sn-devel-144
40
41			(cherry picked from commit acad0adc2977ca26df44e5b22d8b8e991177af71)
42			---
43			testprogs/blackbox/subunit.sh \| 4 ++--
44			1 file changed, 2 insertions(+), 2 deletions(-)
45
46			diff --git a/testprogs/blackbox/subunit.sh b/testprogs/blackbox/subunit.sh
47			index 0791d775d27..5c81ce20a11 100755
48			--- a/testprogs/blackbox/subunit.sh
49			+++ b/testprogs/blackbox/subunit.sh
50			@@ -78,7 +78,7 @@ subunit_skip_test () {
51			testit () {
52			name="$1"
53			shift
54			- cmdline="$*"
55			+ cmdline="$@"
56			subunit_start_test "$name"
57			output=`$cmdline 2>&1`
58			status=$?
59			@@ -93,7 +93,7 @@ testit () {
60			testit_expect_failure () {
61			name="$1"
62			shift
63			- cmdline="$*"
64			+ cmdline="$@"
65			subunit_start_test "$name"
66			output=`$cmdline 2>&1`
67			status=$?
68			--
69			2.12.0
70
71
72			From 7a729d0c4ff2e423bd500f6e0acd91f2ba766b68 Mon Sep 17 00:00:00 2001
73			From: Andreas Schneider <asn@samba.org>
74			Date: Mon, 13 Mar 2017 16:11:39 +0100
75			Subject: [PATCH 2/5] krb5_wrap: Print a warning for an invalid keytab name
76
77			Signed-off-by: Andreas Schneider <asn@samba.org>
78			Reviewed-by: Andrew Bartlet <abartlet@samba.org>
79			(cherry picked from commit a6a527e1e83a979ef035c49a087b5e79599c10a4)
80			---
81			lib/krb5_wrap/krb5_samba.c \| 2 ++
82			1 file changed, 2 insertions(+)
83
84			diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
85			index 10b42dec53f..fd8e4a96071 100644
86			--- a/lib/krb5_wrap/krb5_samba.c
87			+++ b/lib/krb5_wrap/krb5_samba.c
88			@@ -1187,6 +1187,8 @@ krb5_error_code smb_krb5_kt_open(krb5_context context,
89			goto open_keytab;
90			}
91
92			+ DBG_WARNING("ERROR: Invalid keytab name: %s\n", keytab_name_req);
93			+
94			return KRB5_KT_BADNAME;
95
96			open_keytab:
97			--
98			2.12.0
99
100
101			From 8efd7f6c759a65ab83d7ec679915ea2a0d3752f3 Mon Sep 17 00:00:00 2001
102			From: Andreas Schneider <asn@samba.org>
103			Date: Mon, 13 Mar 2017 16:24:52 +0100
104			Subject: [PATCH 3/5] s3:libads: Correctly handle the keytab kerberos methods
105
106			Signed-off-by: Andreas Schneider <asn@samba.org>
107			Reviewed-by: Andrew Bartlet <abartlet@samba.org>
108			(cherry picked from commit ca2d8f3161c647c425c8c1eaaac1837c2e97faad)
109			---
110			source3/libads/kerberos_keytab.c \| 69 +++++++++++++++++++++++++++++++++-------
111			1 file changed, 57 insertions(+), 12 deletions(-)
112
113			diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
114			index 3c73b089bbb..96df10fcf65 100644
115			--- a/source3/libads/kerberos_keytab.c
116			+++ b/source3/libads/kerberos_keytab.c
117			@@ -34,6 +34,57 @@
118
119			#ifdef HAVE_ADS
120
121			+/* This MAX_NAME_LEN is a constant defined in krb5.h */
122			+#ifndef MAX_KEYTAB_NAME_LEN
123			+#define MAX_KEYTAB_NAME_LEN 1100
124			+#endif
125			+
126			+static krb5_error_code ads_keytab_open(krb5_context context,
127			+ krb5_keytab *keytab)
128			+{
129			+ char keytab_str[MAX_KEYTAB_NAME_LEN] = {0};
130			+ const char *keytab_name = NULL;
131			+ krb5_error_code ret = 0;
132			+
133			+ switch (lp_kerberos_method()) {
134			+ case KERBEROS_VERIFY_SYSTEM_KEYTAB:
135			+ case KERBEROS_VERIFY_SECRETS_AND_KEYTAB:
136			+ ret = krb5_kt_default_name(context,
137			+ keytab_str,
138			+ sizeof(keytab_str) - 2);
139			+ if (ret != 0) {
140			+ DBG_WARNING("Failed to get default keytab name");
141			+ goto out;
142			+ }
143			+ keytab_name = keytab_str;
144			+ break;
145			+ case KERBEROS_VERIFY_DEDICATED_KEYTAB:
146			+ keytab_name = lp_dedicated_keytab_file();
147			+ break;
148			+ default:
149			+ DBG_ERR("Invalid kerberos method set (%d)\n",
150			+ lp_kerberos_method());
151			+ ret = KRB5_KT_BADNAME;
152			+ goto out;
153			+ }
154			+
155			+ if (keytab_name == NULL \|\| keytab_name[0] == '\0') {
156			+ DBG_ERR("Invalid keytab name\n");
157			+ ret = KRB5_KT_BADNAME;
158			+ goto out;
159			+ }
160			+
161			+ ret = smb_krb5_kt_open(context, keytab_name, true, keytab);
162			+ if (ret != 0) {
163			+ DBG_WARNING("smb_krb5_kt_open failed (%s)\n",
164			+ error_message(ret));
165			+ goto out;
166			+ }
167			+
168			+out:
169			+ return ret;
170			+}
171			+
172			/**********************************************************************
173			Adds a single service principal, i.e. 'host' to the system keytab
174			***********************************************************************/
175			@@ -75,10 +126,8 @@ int ads_keytab_add_entry(ADS_STRUCT ads, const char srvPrinc)
176			return -1;
177			}
178
179			- ret = smb_krb5_kt_open(context, NULL, True, &keytab);
180			- if (ret) {
181			- DEBUG(1, ("smb_krb5_kt_open failed (%s)\n",
182			- error_message(ret)));
183			+ ret = ads_keytab_open(context, &keytab);
184			+ if (ret != 0) {
185			goto out;
186			}
187
188			@@ -262,10 +311,8 @@ int ads_keytab_flush(ADS_STRUCT *ads)
189			return ret;
190			}
191
192			- ret = smb_krb5_kt_open(context, NULL, True, &keytab);
193			- if (ret) {
194			- DEBUG(1, ("smb_krb5_kt_open failed (%s)\n",
195			- error_message(ret)));
196			+ ret = ads_keytab_open(context, &keytab);
197			+ if (ret != 0) {
198			goto out;
199			}
200
201			@@ -447,10 +494,8 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
202			DEBUG(3, (__location__ ": Searching for keytab entries to preserve "
203			"and update.\n"));
204
205			- ret = smb_krb5_kt_open(context, NULL, True, &keytab);
206			- if (ret) {
207			- DEBUG(1, ("smb_krb5_kt_open failed (%s)\n",
208			- error_message(ret)));
209			+ ret = ads_keytab_open(context, &keytab);
210			+ if (ret != 0) {
211			goto done;
212			}
213
214			--
215			2.12.0
216
217
218			From d755048c0797e1c88382d63ae90e6ca0dceebb71 Mon Sep 17 00:00:00 2001
219			From: Andreas Schneider <asn@samba.org>
220			Date: Mon, 13 Mar 2017 17:28:58 +0100
221			Subject: [PATCH 4/5] param: Allow to specify kerberos method on the
222			commandline
223
224			We support --option for our tools but you cannot set an option where the
225			value of the option includes a space.
226
227			Signed-off-by: Andreas Schneider <asn@samba.org>
228			Reviewed-by: Andrew Bartlet <abartlet@samba.org>
229			(cherry picked from commit 12d26899a45ce5d05ac4279fa5915318daa4f2e0)
230			---
231			lib/param/param_table.c \| 4 ++++
232			1 file changed, 4 insertions(+)
233
234			diff --git a/lib/param/param_table.c b/lib/param/param_table.c
235			index 4b5234a7c9e..9a944ef19b3 100644
236			--- a/lib/param/param_table.c
237			+++ b/lib/param/param_table.c
238			@@ -202,9 +202,13 @@ static const struct enum_list enum_smbd_profiling_level[] = {
239			static const struct enum_list enum_kerberos_method[] = {
240			{KERBEROS_VERIFY_SECRETS, "default"},
241			{KERBEROS_VERIFY_SECRETS, "secrets only"},
242			+ {KERBEROS_VERIFY_SECRETS, "secretsonly"},
243			{KERBEROS_VERIFY_SYSTEM_KEYTAB, "system keytab"},
244			+ {KERBEROS_VERIFY_SYSTEM_KEYTAB, "systemkeytab"},
245			{KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicated keytab"},
246			+ {KERBEROS_VERIFY_DEDICATED_KEYTAB, "dedicatedkeytab"},
247			{KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secrets and keytab"},
248			+ {KERBEROS_VERIFY_SECRETS_AND_KEYTAB, "secretsandkeytab"},
249			{-1, NULL}
250			};
251
252			--
253			2.12.0
254
255
256			From 1916ab4c51bdde58480259d4b45dbcf9c0c46842 Mon Sep 17 00:00:00 2001
257			From: Andreas Schneider <asn@samba.org>
258			Date: Mon, 13 Mar 2017 16:34:05 +0100
259			Subject: [PATCH 5/5] testprogs: Test 'net ads join' with a dedicated keytab
260
261			This checks that a 'net ads join' can create the keytab and make sure we
262			will not regress in future.
263
264			Signed-off-by: Andreas Schneider <asn@samba.org>
265			Reviewed-by: Andrew Bartlet <abartlet@samba.org>
266			(cherry picked from commit 00e22fe3f63f986978d946e063e19e615cb00ab3)
267			---
268			testprogs/blackbox/test_net_ads.sh \| 9 +++++++++
269			1 file changed, 9 insertions(+)
270
271			diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh
272			index 8e915cdcf1f..99b886f53eb 100755
273			--- a/testprogs/blackbox/test_net_ads.sh
274			+++ b/testprogs/blackbox/test_net_ads.sh
275			@@ -35,6 +35,15 @@ testit "testjoin" $VALGRIND $net_tool ads testjoin -kP \|\| failed=`expr $failed +
276
277			testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD \|\| failed=`expr $failed + 1`
278
279			+# Test with kerberos method = secrets and keytab
280			+dedicated_keytab_file="$PREFIX_ABS/test_net_ads_dedicated_krb5.keytab"
281			+testit "join (decicated keytab)" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" \|\| failed=`expr $failed + 1`
282			+
283			+testit "testjoin (dedicated keytab)" $VALGRIND $net_tool ads testjoin -kP \|\| failed=`expr $failed + 1`
284			+
285			+testit "leave (dedicated keytab)" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD \|\| failed=`expr $failed + 1`
286			+rm -f $dedicated_keytab_file
287			+
288			testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -kP \|\| failed=`expr $failed + 1`
289
290			testit "join+kerberos" $VALGRIND $net_tool ads join -kU$DC_USERNAME%$DC_PASSWORD \|\| failed=`expr $failed + 1`
291			--
292			2.12.0
293