From fa1c71382d4f89d9f6c45287a20b1817e08d098d Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Mon, 14 Nov 2011 17:53:39 +0100 Subject: s4:join python code - perform a fallback password set operation over libnet Windows 2000 DCs allow LDAP password set operations only with the help of SSL. Given the fact that this technique is hard to setup it is easier to use SAMR over "libnet". Reviewed-By: Andrew Bartlett --- source4/scripting/python/samba/join.py | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) (limited to 'source4') diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py index 5f8a107a37..dc09b46059 100644 --- a/source4/scripting/python/samba/join.py +++ b/source4/scripting/python/samba/join.py @@ -487,11 +487,25 @@ class dc_join(object): "servicePrincipalName") ctx.samdb.modify(m) + # The account password set operation should normally be done over + # LDAP. Windows 2000 DCs however allow this only with SSL + # connections which are hard to set up and otherwise refuse with + # ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet + # over SAMR. print "Setting account password for %s" % ctx.samname - ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" % ldb.binary_encode(ctx.samname), - ctx.acct_pass, - force_change_at_next_login=False, - username=ctx.samname) + try: + ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" + % ldb.binary_encode(ctx.samname), + ctx.acct_pass, + force_change_at_next_login=False, + username=ctx.samname) + except ldb.LdbError, (num, _): + if num != ldb.ERR_UNWILLING_TO_PERFORM: + pass + ctx.net.set_password(account_name=ctx.samname, + domain_name=ctx.domain_name, + newpassword=ctx.acct_pass) + res = ctx.samdb.search(base=ctx.acct_dn, scope=ldb.SCOPE_BASE, attrs=["msDS-keyVersionNumber"]) ctx.key_version_number = int(res[0]["msDS-keyVersionNumber"][0]) -- cgit