s4:provision - switch to "clearTextPassword" for setting passwords

This is the default password set/change attribute for s4 specific purposes
(otherwise in respect to Windows it's "unicodePwd"). We move away from
"userPassword" since on Windows it's not activated by default - and s4 will
follow soon.

4 files changed, 8 insertions, 8 deletions

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index ce3fa17766..1db1ae34b7 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -818,7 +818,7 @@ def secretsdb_setup_dns(secretsdb, setup_path, names, private_dir,
             "REALM": realm,
             "DNSDOMAIN": dnsdomain,
             "DNS_KEYTAB": dns_keytab_path,
-            "DNSPASS_B64": b64encode(dnspass),
+            "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
             "HOSTNAME": names.hostname,
             "DNSNAME" : '%s.%s' % (names.netbiosname.lower(), names.dnsdomain.lower())
             })
@@ -967,7 +967,7 @@ def setup_self_join(samdb, names,
               "INVOCATIONID": invocationid,
               "NETBIOSNAME": names.netbiosname,
               "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain),
-              "MACHINEPASS_B64": b64encode(machinepass),
+              "MACHINEPASS_B64": b64encode(machinepass.encode('utf-16-le')),
               "DOMAINSID": str(domainsid),
               "DCRID": str(next_rid),
               "SAMBA_VERSION_STRING": version,
@@ -1250,8 +1250,8 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names,
                 "DOMAINDN": names.domaindn,
                 "DOMAINSID": str(domainsid),
                 "CONFIGDN": names.configdn,
-                "ADMINPASS_B64": b64encode(adminpass),
-                "KRBTGTPASS_B64": b64encode(krbtgtpass),
+                "ADMINPASS_B64": b64encode(adminpass.encode('utf-16-le')),
+                "KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le'))
                 })
 
             logger.info("Setting up self join")
diff --git a/source4/setup/provision_dns_add.ldif b/source4/setup/provision_dns_add.ldif
index a0a8187030..04898e2079 100644
--- a/source4/setup/provision_dns_add.ldif
+++ b/source4/setup/provision_dns_add.ldif
@@ -102,6 +102,6 @@ accountExpires: 9223372036854775807
 sAMAccountName: dns-${HOSTNAME}
 servicePrincipalName: DNS/${DNSNAME}
 servicePrincipalName: DNS/${DNSDOMAIN}
-userPassword:: ${DNSPASS_B64}
+clearTextPassword:: ${DNSPASS_B64}
 isCriticalSystemObject: TRUE
 
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index c1f553c851..7bd393ced4 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -18,7 +18,7 @@ sAMAccountName: ${NETBIOSNAME}$
 # The "servicePrincipalName" updates are now handled by the "samba_spnupdate"
 # script
 userAccountControl: 532480
-userPassword:: ${MACHINEPASS_B64}
+clearTextPassword:: ${MACHINEPASS_B64}
 objectSID: ${DOMAINSID}-${DCRID}
 
 # Here are missing the objects for the NTFRS subscription since we don't
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index b85523b426..022f81d848 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -45,7 +45,7 @@ objectSid: ${DOMAINSID}-500
 adminCount: 1
 accountExpires: 9223372036854775807
 sAMAccountName: Administrator
-userPassword:: ${ADMINPASS_B64}
+clearTextPassword:: ${ADMINPASS_B64}
 isCriticalSystemObject: TRUE
 
 dn: CN=Guest,CN=Users,${DOMAINDN}
@@ -70,7 +70,7 @@ adminCount: 1
 accountExpires: 9223372036854775807
 sAMAccountName: krbtgt
 servicePrincipalName: kadmin/changepw
-userPassword:: ${KRBTGTPASS_B64}
+clearTextPassword:: ${KRBTGTPASS_B64}
 isCriticalSystemObject: TRUE
 
 # Add other groups