diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2011-11-14 17:53:39 +0100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-02-09 00:27:08 +0100 |
commit | fa1c71382d4f89d9f6c45287a20b1817e08d098d (patch) | |
tree | 392239141c378eb94554a2ab884eb87bc54cba73 /source4/scripting | |
parent | 36e5526685b92cea6e5a1b389737574213cd98ab (diff) | |
download | samba-fa1c71382d4f89d9f6c45287a20b1817e08d098d.tar.gz samba-fa1c71382d4f89d9f6c45287a20b1817e08d098d.tar.bz2 samba-fa1c71382d4f89d9f6c45287a20b1817e08d098d.zip |
s4:join python code - perform a fallback password set operation over libnet
Windows 2000 DCs allow LDAP password set operations only with the help of SSL.
Given the fact that this technique is hard to setup it is easier to use SAMR
over "libnet".
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/scripting')
-rw-r--r-- | source4/scripting/python/samba/join.py | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py index 5f8a107a37..dc09b46059 100644 --- a/source4/scripting/python/samba/join.py +++ b/source4/scripting/python/samba/join.py @@ -487,11 +487,25 @@ class dc_join(object): "servicePrincipalName") ctx.samdb.modify(m) + # The account password set operation should normally be done over + # LDAP. Windows 2000 DCs however allow this only with SSL + # connections which are hard to set up and otherwise refuse with + # ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet + # over SAMR. print "Setting account password for %s" % ctx.samname - ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" % ldb.binary_encode(ctx.samname), - ctx.acct_pass, - force_change_at_next_login=False, - username=ctx.samname) + try: + ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" + % ldb.binary_encode(ctx.samname), + ctx.acct_pass, + force_change_at_next_login=False, + username=ctx.samname) + except ldb.LdbError, (num, _): + if num != ldb.ERR_UNWILLING_TO_PERFORM: + pass + ctx.net.set_password(account_name=ctx.samname, + domain_name=ctx.domain_name, + newpassword=ctx.acct_pass) + res = ctx.samdb.search(base=ctx.acct_dn, scope=ldb.SCOPE_BASE, attrs=["msDS-keyVersionNumber"]) ctx.key_version_number = int(res[0]["msDS-keyVersionNumber"][0]) |