s4:join python code - perform a fallback password set operation over libnet

Windows 2000 DCs allow LDAP password set operations only with the help of SSL. Given the fact that this technique is hard to setup it is easier to use SAMR over "libnet". Reviewed-By: Andrew Bartlett <abartlet@samba.org>
author: Matthias Dieter Wallnöfer <mdw@samba.org> 2011-11-14 17:53:39 +0100
committer: Andrew Bartlett <abartlet@samba.org> 2012-02-09 00:27:08 +0100
commit: fa1c71382d4f89d9f6c45287a20b1817e08d098d (patch)
tree: 392239141c378eb94554a2ab884eb87bc54cba73 /source4
parent: 36e5526685b92cea6e5a1b389737574213cd98ab (diff)
download: samba-fa1c71382d4f89d9f6c45287a20b1817e08d098d.tar.gz
samba-fa1c71382d4f89d9f6c45287a20b1817e08d098d.tar.bz2
samba-fa1c71382d4f89d9f6c45287a20b1817e08d098d.zip
1 files changed, 18 insertions, 4 deletions
diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py
index 5f8a107a37..dc09b46059 100644
--- a/source4/scripting/python/samba/join.py
+++ b/source4/scripting/python/samba/join.py
@@ -487,11 +487,25 @@ class dc_join(object):
                                                            "servicePrincipalName")
             ctx.samdb.modify(m)
 
+            # The account password set operation should normally be done over
+            # LDAP. Windows 2000 DCs however allow this only with SSL
+            # connections which are hard to set up and otherwise refuse with
+            # ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet
+            # over SAMR.
             print "Setting account password for %s" % ctx.samname
-            ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" % ldb.binary_encode(ctx.samname),
-                                  ctx.acct_pass,
-                                  force_change_at_next_login=False,
-                                  username=ctx.samname)
+            try:
+                ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))"
+                                      % ldb.binary_encode(ctx.samname),
+                                      ctx.acct_pass,
+                                      force_change_at_next_login=False,
+                                      username=ctx.samname)
+            except ldb.LdbError, (num, _):
+                if num != ldb.ERR_UNWILLING_TO_PERFORM:
+                    pass
+                ctx.net.set_password(account_name=ctx.samname,
+                                     domain_name=ctx.domain_name,
+                                     newpassword=ctx.acct_pass)
+
             res = ctx.samdb.search(base=ctx.acct_dn, scope=ldb.SCOPE_BASE, attrs=["msDS-keyVersionNumber"])
             ctx.key_version_number = int(res[0]["msDS-keyVersionNumber"][0])
author	Matthias Dieter Wallnöfer <mdw@samba.org>	2011-11-14 17:53:39 +0100
committer	Andrew Bartlett <abartlet@samba.org>	2012-02-09 00:27:08 +0100
commit	fa1c71382d4f89d9f6c45287a20b1817e08d098d (patch)
tree	392239141c378eb94554a2ab884eb87bc54cba73 /source4
parent	36e5526685b92cea6e5a1b389737574213cd98ab (diff)
download	samba-fa1c71382d4f89d9f6c45287a20b1817e08d098d.tar.gz samba-fa1c71382d4f89d9f6c45287a20b1817e08d098d.tar.bz2 samba-fa1c71382d4f89d9f6c45287a20b1817e08d098d.zip