diff options
author | Samuel Cabrero <scabrero@zentyal.com> | 2013-10-24 17:37:06 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2013-10-25 00:39:21 +0200 |
commit | d3aee80928dc7ccde9441309bf946c2503f7714a (patch) | |
tree | 64092bc6c39450bd136a7a867bb02c28ee26a412 /python | |
parent | 4cf4ed1c3e655a8df19c6d1c8004903f6e944ff3 (diff) | |
download | samba-d3aee80928dc7ccde9441309bf946c2503f7714a.tar.gz |
s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 25 00:39:21 CEST 2013 on sn-devel-104
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/join.py | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/python/samba/join.py b/python/samba/join.py index 9cac8f5ed25..f8ede5df5b4 100644 --- a/python/samba/join.py +++ b/python/samba/join.py @@ -612,15 +612,18 @@ class dc_join(object): "DNSNAME" : ctx.dnshostname})) for changetype, msg in recs: assert changetype == ldb.CHANGETYPE_NONE + dns_acct_dn = msg["dn"] print "Adding DNS account %s with dns/ SPN" % msg["dn"] # Remove dns password (we will set it as a modify, as we can't do clearTextPassword over LDAP) del msg["clearTextPassword"] # Remove isCriticalSystemObject for similar reasons, it cannot be set over LDAP del msg["isCriticalSystemObject"] + # Disable account until password is set + msg["userAccountControl"] = str(samba.dsdb.UF_NORMAL_ACCOUNT | + samba.dsdb.UF_ACCOUNTDISABLE) try: ctx.samdb.add(msg) - dns_acct_dn = msg["dn"] except ldb.LdbError, (num, _): if num != ldb.ERR_ENTRY_ALREADY_EXISTS: raise @@ -630,7 +633,7 @@ class dc_join(object): # connections which are hard to set up and otherwise refuse with # ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet # over SAMR. - print "Setting account password for %s" % ctx.samname + print "Setting account password for dns-%s" % ctx.myname try: ctx.samdb.setpassword("(&(objectClass=user)(samAccountName=dns-%s))" % ldb.binary_encode(ctx.myname), @@ -639,8 +642,8 @@ class dc_join(object): username=ctx.samname) except ldb.LdbError, (num, _): if num != ldb.ERR_UNWILLING_TO_PERFORM: - pass - ctx.net.set_password(account_name="dns-" % ctx.myname, + raise + ctx.net.set_password(account_name="dns-%s" % ctx.myname, domain_name=ctx.domain_name, newpassword=ctx.dnspass) |