git.samba.org / mdw / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 36e5526)
s4:join python code - perform a fallback password set operation over libnet
authorMatthias Dieter Wallnöfer <mdw@samba.org>
Mon, 14 Nov 2011 16:53:39 +0000 (17:53 +0100)
committerAndrew Bartlett <abartlet@samba.org>
Wed, 8 Feb 2012 23:27:08 +0000 (00:27 +0100)
Windows 2000 DCs allow LDAP password set operations only with the help of SSL.
Given the fact that this technique is hard to setup it is easier to use SAMR
over "libnet".

Reviewed-By: Andrew Bartlett <abartlet@samba.org>
source4/scripting/python/samba/join.py patch | blob | history

diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py
index 5f8a107a37ead97bd1b22d7dd90385191a1cf1b1..dc09b46059b0b14fb55d77d01277ece106ec0a60 100644 (file)
--- a/source4/scripting/python/samba/join.py
+++ b/source4/scripting/python/samba/join.py
@@ -487,11 +487,25 @@ class dc_join(object):
                                                            "servicePrincipalName")
             ctx.samdb.modify(m)
 
+            # The account password set operation should normally be done over
+            # LDAP. Windows 2000 DCs however allow this only with SSL
+            # connections which are hard to set up and otherwise refuse with
+            # ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet
+            # over SAMR.
             print "Setting account password for %s" % ctx.samname
-            ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" % ldb.binary_encode(ctx.samname),
-                                  ctx.acct_pass,
-                                  force_change_at_next_login=False,
-                                  username=ctx.samname)
+            try:
+                ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))"
+                                      % ldb.binary_encode(ctx.samname),
+                                      ctx.acct_pass,
+                                      force_change_at_next_login=False,
+                                      username=ctx.samname)
+            except ldb.LdbError, (num, _):
+                if num != ldb.ERR_UNWILLING_TO_PERFORM:
+                    pass
+                ctx.net.set_password(account_name=ctx.samname,
+                                     domain_name=ctx.domain_name,
+                                     newpassword=ctx.acct_pass)
+
             res = ctx.samdb.search(base=ctx.acct_dn, scope=ldb.SCOPE_BASE, attrs=["msDS-keyVersionNumber"])
             ctx.key_version_number = int(res[0]["msDS-keyVersionNumber"][0])
 
Unnamed repository; edit this file to name it for gitweb.