summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2013-02-28 22:59:48 +1100
committerJeremy Allison <jra@samba.org>2013-03-06 14:46:43 -0800
commitc66632046d62786dd19c8978847bfc6470da4e89 (patch)
treeff68c27b439f2d761a000bbc11d0e887c0dda584
parent166288b162e7b658b48bc908c71f635928edc5b5 (diff)
downloadsamba-c66632046d62786dd19c8978847bfc6470da4e89.tar.gz
samba-c66632046d62786dd19c8978847bfc6470da4e89.tar.bz2
samba-c66632046d62786dd19c8978847bfc6470da4e89.zip
net ads join: Add support for specifying the machine account password
This allows a predictable password to be specified, just like --machinepass does on samba-tool domain join. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r--docs-xml/manpages/net.8.xml7
-rw-r--r--source3/utils/net_ads.c11
2 files changed, 17 insertions, 1 deletions
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 01044e1045..0cdadea9e2 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -194,7 +194,8 @@ the remote server using <command>/bin/date</command>. </para>
</refsect2>
<refsect2>
-<title>[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]</title>
+<title>[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN]
+[createcomputer=OU] [machinepass=PASS] [options]</title>
<para>
Join a domain. If the account already exists on the server, and
@@ -220,6 +221,10 @@ a '/'. Please note that '\' is used for escape by both the shell
and ldap, so it may need to be doubled or quadrupled to pass through,
and it is not used as a delimiter.
</para>
+<para>
+[PASS] (ADS only) Set a specific password on the computer account
+being created by the join.
+</para>
</refsect2>
<refsect2>
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 013884d176..569994362d 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -1315,6 +1315,8 @@ static int net_ads_join_usage(struct net_context *c, int argc, const char **argv
" E.g. \"createcomputer=Computers/Servers/Unix\"\n"
" NB: A backslash '\\' is used as escape at multiple levels and may\n"
" need to be doubled or even quadrupled. It is not used as a separator.\n"));
+ d_printf(_(" machinepass=PASS Set the machine password to a specific value during the join.\n"
+ " The deault password is random.\n"));
d_printf(_(" osName=string Set the operatingSystem attribute during the join.\n"));
d_printf(_(" osVer=string Set the operatingSystemVersion attribute during the join.\n"
" NB: osName and osVer must be specified together for either to take effect.\n"
@@ -1421,6 +1423,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
WERROR werr = WERR_SETUP_NOT_JOINED;
bool createupn = false;
const char *machineupn = NULL;
+ const char *machine_password = NULL;
const char *create_in_ou = NULL;
int i;
const char *os_name = NULL;
@@ -1482,6 +1485,13 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
goto fail;
}
}
+ else if ( !strncasecmp_m(argv[i], "machinepass", strlen("machinepass")) ) {
+ if ( (machine_password = get_string_param(argv[i])) == NULL ) {
+ d_fprintf(stderr, _("Please supply a valid password to set as trust account password.\n"));
+ werr = WERR_INVALID_PARAM;
+ goto fail;
+ }
+ }
else {
domain = argv[i];
}
@@ -1511,6 +1521,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv)
r->in.dc_name = c->opt_host;
r->in.admin_account = c->opt_user_name;
r->in.admin_password = net_prompt_pass(c, c->opt_user_name);
+ r->in.machine_password = machine_password;
r->in.debug = true;
r->in.use_kerberos = c->opt_kerberos;
r->in.modify_config = modify_config;