s4:provision - switch to "clearTextPassword" for setting passwords

This is the default password set/change attribute for s4 specific purposes
(otherwise in respect to Windows it's "unicodePwd"). We move away from
"userPassword" since on Windows it's not activated by default - and s4 will
follow soon.

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index ce3fa17766d68b2e429d4cd7025c5e20b79e91a6..1db1ae34b7ce0f2df1f10d20fdde6838f1256d8b 100644 (file)
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -818,7 +818,7 @@ def secretsdb_setup_dns(secretsdb, setup_path, names, private_dir,
             "REALM": realm,
             "DNSDOMAIN": dnsdomain,
             "DNS_KEYTAB": dns_keytab_path,
-            "DNSPASS_B64": b64encode(dnspass),
+            "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
             "HOSTNAME": names.hostname,
             "DNSNAME" : '%s.%s' % (names.netbiosname.lower(), names.dnsdomain.lower())
             })
@@ -967,7 +967,7 @@ def setup_self_join(samdb, names,
               "INVOCATIONID": invocationid,
               "NETBIOSNAME": names.netbiosname,
               "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain),
-              "MACHINEPASS_B64": b64encode(machinepass),
+              "MACHINEPASS_B64": b64encode(machinepass.encode('utf-16-le')),
               "DOMAINSID": str(domainsid),
               "DCRID": str(next_rid),
               "SAMBA_VERSION_STRING": version,
@@ -1250,8 +1250,8 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names,
                 "DOMAINDN": names.domaindn,
                 "DOMAINSID": str(domainsid),
                 "CONFIGDN": names.configdn,
-                "ADMINPASS_B64": b64encode(adminpass),
-                "KRBTGTPASS_B64": b64encode(krbtgtpass),
+                "ADMINPASS_B64": b64encode(adminpass.encode('utf-16-le')),
+                "KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le'))
                 })
 
             logger.info("Setting up self join")

diff --git a/source4/setup/provision_dns_add.ldif b/source4/setup/provision_dns_add.ldif
index a0a8187030d79d83d423381dc3b0df4a3ad4c743..04898e2079e3afb1e42ee43af529942fd6c53440 100644 (file)
--- a/source4/setup/provision_dns_add.ldif
+++ b/source4/setup/provision_dns_add.ldif
@@ -102,6 +102,6 @@ accountExpires: 9223372036854775807
 sAMAccountName: dns-${HOSTNAME}
 servicePrincipalName: DNS/${DNSNAME}
 servicePrincipalName: DNS/${DNSDOMAIN}
-userPassword:: ${DNSPASS_B64}
+clearTextPassword:: ${DNSPASS_B64}
 isCriticalSystemObject: TRUE
 

diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index c1f553c851f021b08965473c1f88919735edba07..7bd393ced48af709714f7a834dcdc3943c0fcaa4 100644 (file)
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -18,7 +18,7 @@ sAMAccountName: ${NETBIOSNAME}$
 # The "servicePrincipalName" updates are now handled by the "samba_spnupdate"
 # script
 userAccountControl: 532480
-userPassword:: ${MACHINEPASS_B64}
+clearTextPassword:: ${MACHINEPASS_B64}
 objectSID: ${DOMAINSID}-${DCRID}
 
 # Here are missing the objects for the NTFRS subscription since we don't

diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index b85523b426a74a96b464adf66392d95ee922a32c..022f81d8480b8fab689867ef40bb7f0c8257ea01 100644 (file)
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -45,7 +45,7 @@ objectSid: ${DOMAINSID}-500
 adminCount: 1
 accountExpires: 9223372036854775807
 sAMAccountName: Administrator
-userPassword:: ${ADMINPASS_B64}
+clearTextPassword:: ${ADMINPASS_B64}
 isCriticalSystemObject: TRUE
 
 dn: CN=Guest,CN=Users,${DOMAINDN}
@@ -70,7 +70,7 @@ adminCount: 1
 accountExpires: 9223372036854775807
 sAMAccountName: krbtgt
 servicePrincipalName: kadmin/changepw
-userPassword:: ${KRBTGTPASS_B64}
+clearTextPassword:: ${KRBTGTPASS_B64}
 isCriticalSystemObject: TRUE
 
 # Add other groups