s4-samldb: also set a password on the krbtgt_NNNN account

when we setup the krbtgt_NNNN account using the DCPROMO_OID control,
we also need to set an initial password for this account

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

1 files changed, 11 insertions, 0 deletions

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 269952a896..06f70a5311 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -361,6 +361,7 @@ static int samldb_rodc_add(struct samldb_ctx *ac)
 	struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
 	unsigned krbtgt_number, i_start, i;
 	int ret;
+	char *newpass;
 
 	/* find a unused msDC-SecondaryKrbTgtNumber */
 	i_start = generate_random() & 0xFFFF;
@@ -402,6 +403,16 @@ found:
 		return ldb_operr(ldb);
 	}
 
+	newpass = generate_random_password(ac, 128, 255);
+	if (newpass == NULL) {
+		return ldb_operr(ldb);
+	}
+
+	ret = ldb_msg_add_steal_string(ac->msg, "clearTextPassword", newpass);
+	if (ret != LDB_SUCCESS) {
+		return ldb_operr(ldb);
+	}
+
 	return samldb_next_step(ac);
 }