The Samba-Bugzilla – Attachment 9361 Details for
Bug 9091
When replicating DNS for bind9_dlz we need to create the server-DNS account remotely
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patches cherry-picked from master for 4.1
0001-s4-dns-dlz_bind9-Create-dns-HOSTNAME-account-disable.patch (text/plain), 2.86 KB, created by
Andrew Bartlett
on 2013-11-04 08:54:39 UTC
(
hide
)
Description:
patches cherry-picked from master for 4.1
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2013-11-04 08:54:39 UTC
Size:
2.86 KB
patch
obsolete
>From b636eb2635a9e32769b06a6deb6a27418561f68d Mon Sep 17 00:00:00 2001 >From: Samuel Cabrero <scabrero@zentyal.com> >Date: Thu, 24 Oct 2013 17:37:06 +0200 >Subject: [PATCH] s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled > >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Fri Oct 25 00:39:21 CEST 2013 on sn-devel-104 > >(cherry picked from commit d3aee80928dc7ccde9441309bf946c2503f7714a) >--- > python/samba/join.py | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > >diff --git a/python/samba/join.py b/python/samba/join.py >index fcdd4ec..7d2f913 100644 >--- a/python/samba/join.py >+++ b/python/samba/join.py >@@ -606,15 +606,18 @@ class dc_join(object): > "DNSNAME" : ctx.dnshostname})) > for changetype, msg in recs: > assert changetype == ldb.CHANGETYPE_NONE >+ dns_acct_dn = msg["dn"] > print "Adding DNS account %s with dns/ SPN" % msg["dn"] > > # Remove dns password (we will set it as a modify, as we can't do clearTextPassword over LDAP) > del msg["clearTextPassword"] > # Remove isCriticalSystemObject for similar reasons, it cannot be set over LDAP > del msg["isCriticalSystemObject"] >+ # Disable account until password is set >+ msg["userAccountControl"] = str(samba.dsdb.UF_NORMAL_ACCOUNT | >+ samba.dsdb.UF_ACCOUNTDISABLE) > try: > ctx.samdb.add(msg) >- dns_acct_dn = msg["dn"] > except ldb.LdbError, (num, _): > if num != ldb.ERR_ENTRY_ALREADY_EXISTS: > raise >@@ -624,7 +627,7 @@ class dc_join(object): > # connections which are hard to set up and otherwise refuse with > # ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet > # over SAMR. >- print "Setting account password for %s" % ctx.samname >+ print "Setting account password for dns-%s" % ctx.myname > try: > ctx.samdb.setpassword("(&(objectClass=user)(samAccountName=dns-%s))" > % ldb.binary_encode(ctx.myname), >@@ -633,8 +636,8 @@ class dc_join(object): > username=ctx.samname) > except ldb.LdbError, (num, _): > if num != ldb.ERR_UNWILLING_TO_PERFORM: >- pass >- ctx.net.set_password(account_name="dns-" % ctx.myname, >+ raise >+ ctx.net.set_password(account_name="dns-%s" % ctx.myname, > domain_name=ctx.domain_name, > newpassword=ctx.dnspass) > >-- >1.8.3.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 9091
:
8371
|
9185
|
9188
|
9189
|
9210
| 9361 |
9362