diff options
| author | Günther Deschner <gd@samba.org> | 2016-03-10 18:03:47 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2016-03-14 16:19:23 +0100 |
| commit | df8f79cc9d44ad7b2caa6b86b7ebde7bb1fd4c8c (patch) | |
| tree | 94e6cdcd45741408237691a835d70cbc1d595f6c | |
| parent | c61b111e6fa3e138d4d9cf5038b69644248e834a (diff) | |
| download | samba-df8f79cc9d44ad7b2caa6b86b7ebde7bb1fd4c8c.tar.gz | |
s3:libnet:libnet_join: always try to create machineaccount via LDAP first.
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
| -rw-r--r-- | source3/libnet/libnet_join.c | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 9757d799469..6b9be5e153d 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -2371,16 +2371,36 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, r->out.dns_domain_name, r->out.netbios_domain_name, NULL, smbXcli_conn_remote_sockaddr(cli->conn)); - if (r->out.domain_is_ad && r->in.account_ou && + if (r->out.domain_is_ad && !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) { + const char *initial_account_ou = r->in.account_ou; + + /* + * we want to create the msDS-SupportedEncryptionTypes attribute + * as early as possible so always try an LDAP create as the user + * first. We copy r->in.account_ou because it may be changed + * during the machine pre-creation. + */ + ads_status = libnet_join_connect_ads_user(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { return WERR_DEFAULT_JOIN_REQUIRED; } ads_status = libnet_join_precreate_machine_acct(mem_ctx, r); - if (!ADS_ERR_OK(ads_status)) { + if (ADS_ERR_OK(ads_status)) { + + /* + * LDAP object create succeeded, now go to the rpc + * password set routines + */ + + r->in.join_flags &= ~WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE; + goto rpc_join; + } + + if (initial_account_ou != NULL) { libnet_join_set_error_string(mem_ctx, r, "failed to precreate account in ou %s: %s", r->in.account_ou, @@ -2388,10 +2408,12 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, return WERR_DEFAULT_JOIN_REQUIRED; } - r->in.join_flags &= ~WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE; + DEBUG(5, ("failed to precreate account in ou %s: %s", + r->in.account_ou, ads_errstr(ads_status))); } #endif /* HAVE_ADS */ + rpc_join: if ((r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE) && (r->in.join_flags & WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED)) { status = libnet_join_joindomain_rpc_unsecure(mem_ctx, r, cli); |