summaryrefslogtreecommitdiff
path: root/source4/scripting
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2011-11-14 17:53:39 +0100
committerAndrew Bartlett <abartlet@samba.org>2012-02-09 00:27:08 +0100
commitfa1c71382d4f89d9f6c45287a20b1817e08d098d (patch)
tree392239141c378eb94554a2ab884eb87bc54cba73 /source4/scripting
parent36e5526685b92cea6e5a1b389737574213cd98ab (diff)
downloadsamba-fa1c71382d4f89d9f6c45287a20b1817e08d098d.tar.gz
samba-fa1c71382d4f89d9f6c45287a20b1817e08d098d.tar.bz2
samba-fa1c71382d4f89d9f6c45287a20b1817e08d098d.zip
s4:join python code - perform a fallback password set operation over libnet
Windows 2000 DCs allow LDAP password set operations only with the help of SSL. Given the fact that this technique is hard to setup it is easier to use SAMR over "libnet". Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/scripting')
-rw-r--r--source4/scripting/python/samba/join.py22
1 files changed, 18 insertions, 4 deletions
diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py
index 5f8a107a37..dc09b46059 100644
--- a/source4/scripting/python/samba/join.py
+++ b/source4/scripting/python/samba/join.py
@@ -487,11 +487,25 @@ class dc_join(object):
"servicePrincipalName")
ctx.samdb.modify(m)
+ # The account password set operation should normally be done over
+ # LDAP. Windows 2000 DCs however allow this only with SSL
+ # connections which are hard to set up and otherwise refuse with
+ # ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet
+ # over SAMR.
print "Setting account password for %s" % ctx.samname
- ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" % ldb.binary_encode(ctx.samname),
- ctx.acct_pass,
- force_change_at_next_login=False,
- username=ctx.samname)
+ try:
+ ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))"
+ % ldb.binary_encode(ctx.samname),
+ ctx.acct_pass,
+ force_change_at_next_login=False,
+ username=ctx.samname)
+ except ldb.LdbError, (num, _):
+ if num != ldb.ERR_UNWILLING_TO_PERFORM:
+ pass
+ ctx.net.set_password(account_name=ctx.samname,
+ domain_name=ctx.domain_name,
+ newpassword=ctx.acct_pass)
+
res = ctx.samdb.search(base=ctx.acct_dn, scope=ldb.SCOPE_BASE, attrs=["msDS-keyVersionNumber"])
ctx.key_version_number = int(res[0]["msDS-keyVersionNumber"][0])