s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled

Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Oct 25 00:39:21 CEST 2013 on sn-devel-104
author: Samuel Cabrero <scabrero@zentyal.com> 2013-10-24 17:37:06 +0200
committer: Andrew Bartlett <abartlet@samba.org> 2013-10-25 00:39:21 +0200
commit: d3aee80928dc7ccde9441309bf946c2503f7714a (patch)
tree: 64092bc6c39450bd136a7a867bb02c28ee26a412
parent: 4cf4ed1c3e655a8df19c6d1c8004903f6e944ff3 (diff)
download: samba-d3aee80928dc7ccde9441309bf946c2503f7714a.tar.gz
samba-d3aee80928dc7ccde9441309bf946c2503f7714a.tar.bz2
samba-d3aee80928dc7ccde9441309bf946c2503f7714a.zip
1 files changed, 7 insertions, 4 deletions
diff --git a/python/samba/join.py b/python/samba/join.py
index 9cac8f5ed2..f8ede5df5b 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -612,15 +612,18 @@ class dc_join(object):
                                                                  "DNSNAME" : ctx.dnshostname}))
             for changetype, msg in recs:
                 assert changetype == ldb.CHANGETYPE_NONE
+                dns_acct_dn = msg["dn"]
                 print "Adding DNS account %s with dns/ SPN" % msg["dn"]
 
                 # Remove dns password (we will set it as a modify, as we can't do clearTextPassword over LDAP)
                 del msg["clearTextPassword"]
                 # Remove isCriticalSystemObject for similar reasons, it cannot be set over LDAP
                 del msg["isCriticalSystemObject"]
+                # Disable account until password is set
+                msg["userAccountControl"] = str(samba.dsdb.UF_NORMAL_ACCOUNT |
+                                                samba.dsdb.UF_ACCOUNTDISABLE)
                 try:
                     ctx.samdb.add(msg)
-                    dns_acct_dn = msg["dn"]
                 except ldb.LdbError, (num, _):
                     if num != ldb.ERR_ENTRY_ALREADY_EXISTS:
                         raise
@@ -630,7 +633,7 @@ class dc_join(object):
             # connections which are hard to set up and otherwise refuse with
             # ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet
             # over SAMR.
-            print "Setting account password for %s" % ctx.samname
+            print "Setting account password for dns-%s" % ctx.myname
             try:
                 ctx.samdb.setpassword("(&(objectClass=user)(samAccountName=dns-%s))"
                                       % ldb.binary_encode(ctx.myname),
@@ -639,8 +642,8 @@ class dc_join(object):
                                       username=ctx.samname)
             except ldb.LdbError, (num, _):
                 if num != ldb.ERR_UNWILLING_TO_PERFORM:
-                    pass
-                ctx.net.set_password(account_name="dns-" % ctx.myname,
+                    raise
+                ctx.net.set_password(account_name="dns-%s" % ctx.myname,
                                      domain_name=ctx.domain_name,
                                      newpassword=ctx.dnspass)
author	Samuel Cabrero <scabrero@zentyal.com>	2013-10-24 17:37:06 +0200
committer	Andrew Bartlett <abartlet@samba.org>	2013-10-25 00:39:21 +0200
commit	d3aee80928dc7ccde9441309bf946c2503f7714a (patch)
tree	64092bc6c39450bd136a7a867bb02c28ee26a412
parent	4cf4ed1c3e655a8df19c6d1c8004903f6e944ff3 (diff)
download	samba-d3aee80928dc7ccde9441309bf946c2503f7714a.tar.gz samba-d3aee80928dc7ccde9441309bf946c2503f7714a.tar.bz2 samba-d3aee80928dc7ccde9441309bf946c2503f7714a.zip