selftest:Samba4: allow dcerpc auth level connect:lsarpc = yes in chgdcpass
authorStefan Metzmacher <metze@samba.org>
Thu, 22 Nov 2018 23:23:23 +0000 (00:23 +0100)
committerJeremy Allison <jra@samba.org>
Sat, 12 Jan 2019 02:13:40 +0000 (03:13 +0100)
This is required to explore the details of security context multiplexing
using lsa_GetUserName().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
selftest/target/Samba4.pm

index 20f7a28..a44ad32 100755 (executable)
@@ -2046,10 +2046,14 @@ sub provision_chgdcpass($$)
        my ($self, $prefix) = @_;
 
        print "PROVISIONING CHGDCPASS...\n";
-       my $extra_provision_options = ["--use-ntvfs"];
        # This environment disallows the use of this password
        # (and also removes the default AD complexity checks)
        my $unacceptable_password = "widk3Dsle32jxdBdskldsk55klASKQ";
+       my $extra_smb_conf = "
+       check password script = sed -e '/$unacceptable_password/{;q1}; /$unacceptable_password/!{q0}'
+       allow dcerpc auth level connect:lsarpc = yes
+";
+       my $extra_provision_options = ["--use-ntvfs"];
        push (@{$extra_provision_options}, "--dns-backend=BIND9_DLZ");
        my $ret = $self->provision($prefix,
                                   "domain controller",
@@ -2060,7 +2064,7 @@ sub provision_chgdcpass($$)
                                   "chgDCpass1",
                                   undef,
                                   undef,
-                                  "check password script = sed -e '/$unacceptable_password/{;q1}; /$unacceptable_password/!{q0}'\n",
+                                  $extra_smb_conf,
                                   "",
                                   $extra_provision_options);
        unless (defined $ret) {