selftest:Samba4: allow dcerpc auth level connect:lsarpc = yes in chgdcpass

This is required to explore the details of security context multiplexing
using lsa_GetUserName().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

1 files changed, 6 insertions, 2 deletions

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 20f7a2839a2..a44ad320074 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -2046,10 +2046,14 @@ sub provision_chgdcpass($$)
 	my ($self, $prefix) = @_;
 
 	print "PROVISIONING CHGDCPASS...\n";
-	my $extra_provision_options = ["--use-ntvfs"];
 	# This environment disallows the use of this password
 	# (and also removes the default AD complexity checks)
 	my $unacceptable_password = "widk3Dsle32jxdBdskldsk55klASKQ";
+	my $extra_smb_conf = "
+	check password script = sed -e '/$unacceptable_password/{;q1}; /$unacceptable_password/!{q0}'
+	allow dcerpc auth level connect:lsarpc = yes
+";
+	my $extra_provision_options = ["--use-ntvfs"];
 	push (@{$extra_provision_options}, "--dns-backend=BIND9_DLZ");
 	my $ret = $self->provision($prefix,
 				   "domain controller",
@@ -2060,7 +2064,7 @@ sub provision_chgdcpass($$)
 				   "chgDCpass1",
 				   undef,
 				   undef,
-				   "check password script = sed -e '/$unacceptable_password/{;q1}; /$unacceptable_password/!{q0}'\n",
+				   $extra_smb_conf,
 				   "",
 				   $extra_provision_options);
 	unless (defined $ret) {