mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4:provision - switch to "clearTextPassword" for setting passwords
This is the default password set/change attribute for s4 specific purposes (otherwise in respect to Windows it's "unicodePwd"). We move away from "userPassword" since on Windows it's not activated by default - and s4 will follow soon.
This commit is contained in:
parent
d1d585e208
commit
bd5039546e
@ -818,7 +818,7 @@ def secretsdb_setup_dns(secretsdb, setup_path, names, private_dir,
|
|||||||
"REALM": realm,
|
"REALM": realm,
|
||||||
"DNSDOMAIN": dnsdomain,
|
"DNSDOMAIN": dnsdomain,
|
||||||
"DNS_KEYTAB": dns_keytab_path,
|
"DNS_KEYTAB": dns_keytab_path,
|
||||||
"DNSPASS_B64": b64encode(dnspass),
|
"DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
|
||||||
"HOSTNAME": names.hostname,
|
"HOSTNAME": names.hostname,
|
||||||
"DNSNAME" : '%s.%s' % (names.netbiosname.lower(), names.dnsdomain.lower())
|
"DNSNAME" : '%s.%s' % (names.netbiosname.lower(), names.dnsdomain.lower())
|
||||||
})
|
})
|
||||||
@ -967,7 +967,7 @@ def setup_self_join(samdb, names,
|
|||||||
"INVOCATIONID": invocationid,
|
"INVOCATIONID": invocationid,
|
||||||
"NETBIOSNAME": names.netbiosname,
|
"NETBIOSNAME": names.netbiosname,
|
||||||
"DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain),
|
"DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain),
|
||||||
"MACHINEPASS_B64": b64encode(machinepass),
|
"MACHINEPASS_B64": b64encode(machinepass.encode('utf-16-le')),
|
||||||
"DOMAINSID": str(domainsid),
|
"DOMAINSID": str(domainsid),
|
||||||
"DCRID": str(next_rid),
|
"DCRID": str(next_rid),
|
||||||
"SAMBA_VERSION_STRING": version,
|
"SAMBA_VERSION_STRING": version,
|
||||||
@ -1250,8 +1250,8 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp, names,
|
|||||||
"DOMAINDN": names.domaindn,
|
"DOMAINDN": names.domaindn,
|
||||||
"DOMAINSID": str(domainsid),
|
"DOMAINSID": str(domainsid),
|
||||||
"CONFIGDN": names.configdn,
|
"CONFIGDN": names.configdn,
|
||||||
"ADMINPASS_B64": b64encode(adminpass),
|
"ADMINPASS_B64": b64encode(adminpass.encode('utf-16-le')),
|
||||||
"KRBTGTPASS_B64": b64encode(krbtgtpass),
|
"KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le'))
|
||||||
})
|
})
|
||||||
|
|
||||||
logger.info("Setting up self join")
|
logger.info("Setting up self join")
|
||||||
|
@ -102,6 +102,6 @@ accountExpires: 9223372036854775807
|
|||||||
sAMAccountName: dns-${HOSTNAME}
|
sAMAccountName: dns-${HOSTNAME}
|
||||||
servicePrincipalName: DNS/${DNSNAME}
|
servicePrincipalName: DNS/${DNSNAME}
|
||||||
servicePrincipalName: DNS/${DNSDOMAIN}
|
servicePrincipalName: DNS/${DNSDOMAIN}
|
||||||
userPassword:: ${DNSPASS_B64}
|
clearTextPassword:: ${DNSPASS_B64}
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
|
|
||||||
|
@ -18,7 +18,7 @@ sAMAccountName: ${NETBIOSNAME}$
|
|||||||
# The "servicePrincipalName" updates are now handled by the "samba_spnupdate"
|
# The "servicePrincipalName" updates are now handled by the "samba_spnupdate"
|
||||||
# script
|
# script
|
||||||
userAccountControl: 532480
|
userAccountControl: 532480
|
||||||
userPassword:: ${MACHINEPASS_B64}
|
clearTextPassword:: ${MACHINEPASS_B64}
|
||||||
objectSID: ${DOMAINSID}-${DCRID}
|
objectSID: ${DOMAINSID}-${DCRID}
|
||||||
|
|
||||||
# Here are missing the objects for the NTFRS subscription since we don't
|
# Here are missing the objects for the NTFRS subscription since we don't
|
||||||
|
@ -45,7 +45,7 @@ objectSid: ${DOMAINSID}-500
|
|||||||
adminCount: 1
|
adminCount: 1
|
||||||
accountExpires: 9223372036854775807
|
accountExpires: 9223372036854775807
|
||||||
sAMAccountName: Administrator
|
sAMAccountName: Administrator
|
||||||
userPassword:: ${ADMINPASS_B64}
|
clearTextPassword:: ${ADMINPASS_B64}
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
|
|
||||||
dn: CN=Guest,CN=Users,${DOMAINDN}
|
dn: CN=Guest,CN=Users,${DOMAINDN}
|
||||||
@ -70,7 +70,7 @@ adminCount: 1
|
|||||||
accountExpires: 9223372036854775807
|
accountExpires: 9223372036854775807
|
||||||
sAMAccountName: krbtgt
|
sAMAccountName: krbtgt
|
||||||
servicePrincipalName: kadmin/changepw
|
servicePrincipalName: kadmin/changepw
|
||||||
userPassword:: ${KRBTGTPASS_B64}
|
clearTextPassword:: ${KRBTGTPASS_B64}
|
||||||
isCriticalSystemObject: TRUE
|
isCriticalSystemObject: TRUE
|
||||||
|
|
||||||
# Add other groups
|
# Add other groups
|
||||||
|
Loading…
Reference in New Issue
Block a user