From bd5039546e520b6d6897a658bc0a358f0511f7c7 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 9 Nov 2010 13:22:00 +0100 Subject: s4:provision - switch to "clearTextPassword" for setting passwords This is the default password set/change attribute for s4 specific purposes (otherwise in respect to Windows it's "unicodePwd"). We move away from "userPassword" since on Windows it's not activated by default - and s4 will follow soon. --- source4/scripting/python/samba/provision.py | 8 ++++---- source4/setup/provision_dns_add.ldif | 2 +- source4/setup/provision_self_join.ldif | 2 +- source4/setup/provision_users.ldif | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index ce3fa17766..1db1ae34b7 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -818,7 +818,7 @@ def secretsdb_setup_dns(secretsdb, setup_path, names, private_dir, "REALM": realm, "DNSDOMAIN": dnsdomain, "DNS_KEYTAB": dns_keytab_path, - "DNSPASS_B64": b64encode(dnspass), + "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')), "HOSTNAME": names.hostname, "DNSNAME" : '%s.%s' % (names.netbiosname.lower(), names.dnsdomain.lower()) }) @@ -967,7 +967,7 @@ def setup_self_join(samdb, names, "INVOCATIONID": invocationid, "NETBIOSNAME": names.netbiosname, "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain), - "MACHINEPASS_B64": b64encode(machinepass), + "MACHINEPASS_B64": b64encode(machinepass.encode('utf-16-le')), "DOMAINSID": str(domainsid), "DCRID": str(next_rid), "SAMBA_VERSION_STRING": version, @@ -1250,8 +1250,8 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names, "DOMAINDN": names.domaindn, "DOMAINSID": str(domainsid), "CONFIGDN": names.configdn, - "ADMINPASS_B64": b64encode(adminpass), - "KRBTGTPASS_B64": b64encode(krbtgtpass), + "ADMINPASS_B64": b64encode(adminpass.encode('utf-16-le')), + "KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le')) }) logger.info("Setting up self join") diff --git a/source4/setup/provision_dns_add.ldif b/source4/setup/provision_dns_add.ldif index a0a8187030..04898e2079 100644 --- a/source4/setup/provision_dns_add.ldif +++ b/source4/setup/provision_dns_add.ldif @@ -102,6 +102,6 @@ accountExpires: 9223372036854775807 sAMAccountName: dns-${HOSTNAME} servicePrincipalName: DNS/${DNSNAME} servicePrincipalName: DNS/${DNSDOMAIN} -userPassword:: ${DNSPASS_B64} +clearTextPassword:: ${DNSPASS_B64} isCriticalSystemObject: TRUE diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index c1f553c851..7bd393ced4 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -18,7 +18,7 @@ sAMAccountName: ${NETBIOSNAME}$ # The "servicePrincipalName" updates are now handled by the "samba_spnupdate" # script userAccountControl: 532480 -userPassword:: ${MACHINEPASS_B64} +clearTextPassword:: ${MACHINEPASS_B64} objectSID: ${DOMAINSID}-${DCRID} # Here are missing the objects for the NTFRS subscription since we don't diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index b85523b426..022f81d848 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -45,7 +45,7 @@ objectSid: ${DOMAINSID}-500 adminCount: 1 accountExpires: 9223372036854775807 sAMAccountName: Administrator -userPassword:: ${ADMINPASS_B64} +clearTextPassword:: ${ADMINPASS_B64} isCriticalSystemObject: TRUE dn: CN=Guest,CN=Users,${DOMAINDN} @@ -70,7 +70,7 @@ adminCount: 1 accountExpires: 9223372036854775807 sAMAccountName: krbtgt servicePrincipalName: kadmin/changepw -userPassword:: ${KRBTGTPASS_B64} +clearTextPassword:: ${KRBTGTPASS_B64} isCriticalSystemObject: TRUE # Add other groups -- cgit