r15597: more ads join fixes -- we can only set the PWDNOEXP and DES_ONLY acb flags on the setuserinfo(), not the createuser info call

(This used to be commit d933ac273db5977fb41954175bdc228b688bfd6e)

1 files changed, 9 insertions, 7 deletions

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index b1790ea898..90738f2031 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -917,7 +917,7 @@ static NTSTATUS join_create_machine( TALLOC_CTX *mem_ctx, struct cli_state *cli,
 	uint32 user_rid;
 	uint32 num_rids, *name_types, *user_rids;
 	uint32 flags = 0x3e8;
-	uint32 acb_info = ACB_WSTRUST | ACB_PWNOEXP;
+	uint32 acb_info = ACB_WSTRUST;
 	uchar pwbuf[516];
 	SAM_USERINFO_CTR ctr;
 	SAM_USER_INFO_24 p24;
@@ -949,9 +949,7 @@ static NTSTATUS join_create_machine( TALLOC_CTX *mem_ctx, struct cli_state *cli,
 	strlower_m(acct_name);
 	const_acct_name = acct_name;
 
-#ifndef ENCTYPE_ARCFOUR_HMAC
-	acb_info |= ACB_USE_DES_KEY_ONLY;
-#endif
+	/* Don't try to set any acb_info flags other than ACB_WSTRUST */
 
 	status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
 			acct_name, acb_info, 0xe005000b, &user_pol, &user_rid);
@@ -1026,10 +1024,14 @@ static NTSTATUS join_create_machine( TALLOC_CTX *mem_ctx, struct cli_state *cli,
 	ctr.switch_value = 16;
 	ctr.info.id16 = &p16;
 
-	init_sam_user_info16(&p16, acb_info);
+	/* Fill in the additional account flags now */
 
-	/* Ignoring the return value is necessary for joining a domain
-	   as a normal user with "Add workstation to domain" privilege. */
+	acb_info |= ACB_PWNOEXP;
+#ifndef ENCTYPE_ARCFOUR_HMAC
+	acb_info |= ACB_USE_DES_KEY_ONLY;
+#endif
+
+	init_sam_user_info16(&p16, acb_info);
 
 	status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16, 
 					&cli->user_session_key, &ctr);