res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(),
expression='sAMAccountName=%s' % ldb.binary_encode(ctx.samname),
attrs=["msDS-krbTgtLink", "objectSID"])
if len(res) == 0:
return
res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(),
expression='sAMAccountName=%s' % ldb.binary_encode(ctx.samname),
attrs=["msDS-krbTgtLink", "objectSID"])
if len(res) == 0:
return
- creds = Credentials()
- creds.guess(ctx.lp)
- try:
- creds.set_machine_account(ctx.lp)
- creds.set_kerberos_state(ctx.creds.get_kerberos_state())
- machine_samdb = SamDB(url="ldap://%s" % ctx.server,
- session_info=system_session(),
- credentials=creds, lp=ctx.lp)
- except:
- pass
- else:
- token_res = machine_samdb.search(scope=ldb.SCOPE_BASE, base="", attrs=["tokenGroups"])
- if token_res[0]["tokenGroups"][0] \
- == res[0]["objectSID"][0]:
- raise DCJoinException("Not removing account %s which "
- "looks like a Samba DC account "
- "maching the password we already have. "
- "To override, remove secrets.ldb and secrets.tdb"
- % ctx.samname)
+ if not force:
+ creds = Credentials()
+ creds.guess(ctx.lp)
+ try:
+ creds.set_machine_account(ctx.lp)
+ creds.set_kerberos_state(ctx.creds.get_kerberos_state())
+ machine_samdb = SamDB(url="ldap://%s" % ctx.server,
+ session_info=system_session(),
+ credentials=creds, lp=ctx.lp)
+ except:
+ pass
+ else:
+ token_res = machine_samdb.search(scope=ldb.SCOPE_BASE, base="", attrs=["tokenGroups"])
+ if token_res[0]["tokenGroups"][0] \
+ == res[0]["objectSID"][0]:
+ raise DCJoinException("Not removing account %s which "
+ "looks like a Samba DC account "
+ "maching the password we already have. "
+ "To override, remove secrets.ldb and secrets.tdb"
+ % ctx.samname)