traffic_replay: set gensec features to encrypt credentials

While running traffic_replay script against windows dc, it will fail
with a `LDAP_UNWILLING_TO_PERFORM` error for adding user.

Windows requires the credentials to be encrypted before sending.
`set_gensec_features` will fix it.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/script/traffic_replay b/script/traffic_replay
index 0e97d0a64afeb20f2a1323922f9f81e9840e6433..df86115a48f10b20dca700ff49f1542025c36459 100755 (executable)
--- a/script/traffic_replay
+++ b/script/traffic_replay
@@ -25,6 +25,7 @@ import shutil
 
 sys.path.insert(0, "bin/python")
 
+from samba import gensec
 from samba.emulate import traffic
 import samba.getopt as options
 
@@ -134,6 +135,7 @@ def main():
         print_err("Removing user and machine accounts")
         lp    = sambaopts.get_loadparm()
         creds = credopts.get_credentials(lp)
+        creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
         ldb   = traffic.openLdb(host, creds, lp)
         traffic.clean_up_accounts(ldb, opts.instance_id)
         exit(0)
@@ -155,6 +157,7 @@ def main():
 
     lp = sambaopts.get_loadparm()
     creds = credopts.get_credentials(lp)
+    creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
 
     domain = opts.workgroup
     if domain: