mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4:provision - switch to "clearTextPassword" for setting passwords
This is the default password set/change attribute for s4 specific purposes (otherwise in respect to Windows it's "unicodePwd"). We move away from "userPassword" since on Windows it's not activated by default - and s4 will follow soon.
This commit is contained in:
parent
d1d585e208
commit
bd5039546e
@ -818,7 +818,7 @@ def secretsdb_setup_dns(secretsdb, setup_path, names, private_dir,
|
||||
"REALM": realm,
|
||||
"DNSDOMAIN": dnsdomain,
|
||||
"DNS_KEYTAB": dns_keytab_path,
|
||||
"DNSPASS_B64": b64encode(dnspass),
|
||||
"DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
|
||||
"HOSTNAME": names.hostname,
|
||||
"DNSNAME" : '%s.%s' % (names.netbiosname.lower(), names.dnsdomain.lower())
|
||||
})
|
||||
@ -967,7 +967,7 @@ def setup_self_join(samdb, names,
|
||||
"INVOCATIONID": invocationid,
|
||||
"NETBIOSNAME": names.netbiosname,
|
||||
"DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain),
|
||||
"MACHINEPASS_B64": b64encode(machinepass),
|
||||
"MACHINEPASS_B64": b64encode(machinepass.encode('utf-16-le')),
|
||||
"DOMAINSID": str(domainsid),
|
||||
"DCRID": str(next_rid),
|
||||
"SAMBA_VERSION_STRING": version,
|
||||
@ -1250,8 +1250,8 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names,
|
||||
"DOMAINDN": names.domaindn,
|
||||
"DOMAINSID": str(domainsid),
|
||||
"CONFIGDN": names.configdn,
|
||||
"ADMINPASS_B64": b64encode(adminpass),
|
||||
"KRBTGTPASS_B64": b64encode(krbtgtpass),
|
||||
"ADMINPASS_B64": b64encode(adminpass.encode('utf-16-le')),
|
||||
"KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le'))
|
||||
})
|
||||
|
||||
logger.info("Setting up self join")
|
||||
|
@ -102,6 +102,6 @@ accountExpires: 9223372036854775807
|
||||
sAMAccountName: dns-${HOSTNAME}
|
||||
servicePrincipalName: DNS/${DNSNAME}
|
||||
servicePrincipalName: DNS/${DNSDOMAIN}
|
||||
userPassword:: ${DNSPASS_B64}
|
||||
clearTextPassword:: ${DNSPASS_B64}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
|
@ -18,7 +18,7 @@ sAMAccountName: ${NETBIOSNAME}$
|
||||
# The "servicePrincipalName" updates are now handled by the "samba_spnupdate"
|
||||
# script
|
||||
userAccountControl: 532480
|
||||
userPassword:: ${MACHINEPASS_B64}
|
||||
clearTextPassword:: ${MACHINEPASS_B64}
|
||||
objectSID: ${DOMAINSID}-${DCRID}
|
||||
|
||||
# Here are missing the objects for the NTFRS subscription since we don't
|
||||
|
@ -45,7 +45,7 @@ objectSid: ${DOMAINSID}-500
|
||||
adminCount: 1
|
||||
accountExpires: 9223372036854775807
|
||||
sAMAccountName: Administrator
|
||||
userPassword:: ${ADMINPASS_B64}
|
||||
clearTextPassword:: ${ADMINPASS_B64}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Guest,CN=Users,${DOMAINDN}
|
||||
@ -70,7 +70,7 @@ adminCount: 1
|
||||
accountExpires: 9223372036854775807
|
||||
sAMAccountName: krbtgt
|
||||
servicePrincipalName: kadmin/changepw
|
||||
userPassword:: ${KRBTGTPASS_B64}
|
||||
clearTextPassword:: ${KRBTGTPASS_B64}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
# Add other groups
|
||||
|
Loading…
Reference in New Issue
Block a user