selftest:Samba4: allow dcerpc auth level connect:lsarpc = yes in chgdcpass

This is required to explore the details of security context multiplexing
using lsa_GetUserName().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 20f7a2839a21ba022f812a18f8893d010c7c83d4..a44ad32007434ae187835ee7076d7e5516b6067a 100755 (executable)
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -2046,10 +2046,14 @@ sub provision_chgdcpass($$)
        my ($self, $prefix) = @_;
 
        print "PROVISIONING CHGDCPASS...\n";
-       my $extra_provision_options = ["--use-ntvfs"];
        # This environment disallows the use of this password
        # (and also removes the default AD complexity checks)
        my $unacceptable_password = "widk3Dsle32jxdBdskldsk55klASKQ";
+       my $extra_smb_conf = "
+       check password script = sed -e '/$unacceptable_password/{;q1}; /$unacceptable_password/!{q0}'
+       allow dcerpc auth level connect:lsarpc = yes
+";
+       my $extra_provision_options = ["--use-ntvfs"];
        push (@{$extra_provision_options}, "--dns-backend=BIND9_DLZ");
        my $ret = $self->provision($prefix,
                                   "domain controller",
@@ -2060,7 +2064,7 @@ sub provision_chgdcpass($$)
                                   "chgDCpass1",
                                   undef,
                                   undef,
-                                  "check password script = sed -e '/$unacceptable_password/{;q1}; /$unacceptable_password/!{q0}'\n",
+                                  $extra_smb_conf,
                                   "",
                                   $extra_provision_options);
        unless (defined $ret) {