join.py: Do not expose the old machine password over NTLM if -k yes was set

This makes the test for a valid machine account stricter (as a kerberos error could cause this to fail and so skip the validation), but we never wish to use NTLM if the administrator disabled it on the command line Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
author: Andrew Bartlett <abartlet@samba.org> 2017-04-10 16:10:00 +1200
committer: Andrew Bartlett <abartlet@samba.org> 2017-06-10 21:48:20 +0200
commit: 00de59a478301a00a33b420524cd52caf481854f (patch)
tree: 66b790e3e5abf95a10a32147534a4819f0647807 /python
parent: 970fdfae6a18bf11d423a72973c0f7b589e6f92a (diff)
download: samba-00de59a478301a00a33b420524cd52caf481854f.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/python/samba/join.py b/python/samba/join.py
index 6a924359407..3e70db08d2a 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -209,6 +209,7 @@ class dc_join(object):
         creds.guess(ctx.lp)
         try:
             creds.set_machine_account(ctx.lp)
+            creds.set_kerberos_state(ctx.creds.get_kerberos_state())
             machine_samdb = SamDB(url="ldap://%s" % ctx.server,
                                   session_info=system_session(),
                                 credentials=creds, lp=ctx.lp)
author	Andrew Bartlett <abartlet@samba.org>	2017-04-10 16:10:00 +1200
committer	Andrew Bartlett <abartlet@samba.org>	2017-06-10 21:48:20 +0200
commit	00de59a478301a00a33b420524cd52caf481854f (patch)
tree	66b790e3e5abf95a10a32147534a4819f0647807 /python
parent	970fdfae6a18bf11d423a72973c0f7b589e6f92a (diff)
download	samba-00de59a478301a00a33b420524cd52caf481854f.tar.gz