summaryrefslogtreecommitdiff
path: root/python
diff options
context:
space:
mode:
authorSamuel Cabrero <scabrero@zentyal.com>2013-10-24 17:37:06 +0200
committerAndrew Bartlett <abartlet@samba.org>2013-10-25 00:39:21 +0200
commitd3aee80928dc7ccde9441309bf946c2503f7714a (patch)
tree64092bc6c39450bd136a7a867bb02c28ee26a412 /python
parent4cf4ed1c3e655a8df19c6d1c8004903f6e944ff3 (diff)
downloadsamba-d3aee80928dc7ccde9441309bf946c2503f7714a.tar.gz
s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Oct 25 00:39:21 CEST 2013 on sn-devel-104
Diffstat (limited to 'python')
-rw-r--r--python/samba/join.py11
1 files changed, 7 insertions, 4 deletions
diff --git a/python/samba/join.py b/python/samba/join.py
index 9cac8f5ed25..f8ede5df5b4 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -612,15 +612,18 @@ class dc_join(object):
"DNSNAME" : ctx.dnshostname}))
for changetype, msg in recs:
assert changetype == ldb.CHANGETYPE_NONE
+ dns_acct_dn = msg["dn"]
print "Adding DNS account %s with dns/ SPN" % msg["dn"]
# Remove dns password (we will set it as a modify, as we can't do clearTextPassword over LDAP)
del msg["clearTextPassword"]
# Remove isCriticalSystemObject for similar reasons, it cannot be set over LDAP
del msg["isCriticalSystemObject"]
+ # Disable account until password is set
+ msg["userAccountControl"] = str(samba.dsdb.UF_NORMAL_ACCOUNT |
+ samba.dsdb.UF_ACCOUNTDISABLE)
try:
ctx.samdb.add(msg)
- dns_acct_dn = msg["dn"]
except ldb.LdbError, (num, _):
if num != ldb.ERR_ENTRY_ALREADY_EXISTS:
raise
@@ -630,7 +633,7 @@ class dc_join(object):
# connections which are hard to set up and otherwise refuse with
# ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet
# over SAMR.
- print "Setting account password for %s" % ctx.samname
+ print "Setting account password for dns-%s" % ctx.myname
try:
ctx.samdb.setpassword("(&(objectClass=user)(samAccountName=dns-%s))"
% ldb.binary_encode(ctx.myname),
@@ -639,8 +642,8 @@ class dc_join(object):
username=ctx.samname)
except ldb.LdbError, (num, _):
if num != ldb.ERR_UNWILLING_TO_PERFORM:
- pass
- ctx.net.set_password(account_name="dns-" % ctx.myname,
+ raise
+ ctx.net.set_password(account_name="dns-%s" % ctx.myname,
domain_name=ctx.domain_name,
newpassword=ctx.dnspass)