From 96e55cb1324992607f0abac4b1d63db6beb5341b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 18 Nov 2010 18:48:03 +1100 Subject: s4-join: initially disable the machine account enable after a password is set --- source4/scripting/python/samba/join.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'source4/scripting') diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py index 1ead9261d8..8db00bc47d 100644 --- a/source4/scripting/python/samba/join.py +++ b/source4/scripting/python/samba/join.py @@ -309,7 +309,7 @@ class dc_join: "objectClass": "computer", "displayname": ctx.samname, "samaccountname" : ctx.samname, - "userAccountControl" : str(ctx.userAccountControl), + "userAccountControl" : str(ctx.userAccountControl | samba.dsdb.UF_ACCOUNTDISABLE), "dnshostname" : ctx.dnshostname} if ctx.behavior_version >= samba.dsdb.DS_DOMAIN_FUNCTION_2008: rec['msDS-SupportedEncryptionTypes'] = str(samba.dsdb.ENC_ALL_TYPES) @@ -404,6 +404,13 @@ class dc_join: res = ctx.samdb.search(base=ctx.acct_dn, scope=ldb.SCOPE_BASE, attrs=["msDS-keyVersionNumber"]) ctx.key_version_number = int(res[0]["msDS-keyVersionNumber"][0]) + print("Enabling account") + m = ldb.Message() + m.dn = ldb.Dn(ctx.samdb, ctx.acct_dn) + m["userAccountControl"] = ldb.MessageElement(str(ctx.userAccountControl), + ldb.FLAG_MOD_REPLACE, + "userAccountControl") + ctx.samdb.modify(m) def join_provision(ctx): '''provision the local SAM''' -- cgit