Attachment 9210 Details for Bug 9091 – Create dns account disabled

[patch] Create dns account disabled

38_fix_domain_join (text/plain), 2.35 KB, created by Samuel Cabrero on 2013-09-12 20:28:29 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Samuel Cabrero

Created: 2013-09-12 20:28:29 UTC

Size: 2.35 KB

patch

obsolete

>Index: samba4-4.1.0rc3/python/samba/join.py
>===================================================================
>--- samba4-4.1.0rc3.orig/python/samba/join.py	2013-09-06 11:39:57.000000000 +0200
>+++ samba4-4.1.0rc3/python/samba/join.py	2013-09-12 19:39:57.811534315 +0200
>@@ -606,15 +606,18 @@
>                                                                  "DNSNAME" : ctx.dnshostname}))
>             for changetype, msg in recs:
>                 assert changetype == ldb.CHANGETYPE_NONE
>+                dns_acct_dn = msg["dn"]
>                 print "Adding DNS account %s with dns/ SPN" % msg["dn"]
> 
>                 # Remove dns password (we will set it as a modify, as we can't do clearTextPassword over LDAP)
>                 del msg["clearTextPassword"]
>                 # Remove isCriticalSystemObject for similar reasons, it cannot be set over LDAP
>                 del msg["isCriticalSystemObject"]
>+                # Disable account until password is set
>+                msg["userAccountControl"] = str(samba.dsdb.UF_NORMAL_ACCOUNT |
>+                                                samba.dsdb.UF_ACCOUNTDISABLE)
>                 try:
>                     ctx.samdb.add(msg)
>-                    dns_acct_dn = msg["dn"]
>                 except ldb.LdbError, (num, _):
>                     if num != ldb.ERR_ENTRY_ALREADY_EXISTS:
>                         raise
>@@ -624,7 +627,7 @@
>             # connections which are hard to set up and otherwise refuse with
>             # ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet
>             # over SAMR.
>-            print "Setting account password for %s" % ctx.samname
>+            print "Setting account password for dns-%s" % ctx.myname
>             try:
>                 ctx.samdb.setpassword("(&(objectClass=user)(samAccountName=dns-%s))"
>                                       % ldb.binary_encode(ctx.myname),
>@@ -633,8 +636,8 @@
>                                       username=ctx.samname)
>             except ldb.LdbError, (num, _):
>                 if num != ldb.ERR_UNWILLING_TO_PERFORM:
>-                    pass
>-                ctx.net.set_password(account_name="dns-" % ctx.myname,
>+                    raise
>+                ctx.net.set_password(account_name="dns-%s" % ctx.myname,
>                                      domain_name=ctx.domain_name,
>                                      newpassword=ctx.dnspass)
>

Flags:

abartlet: review-

Actions: View

Attachments on bug 9091: 8371 | 9185 | 9188 | 9189 | 9210 | 9361 | 9362