Attachment #9997 for bug #49193

(-)a/base/univention-server/server_password_change (-2 / +2 lines)

Lines 196-202 run-parts --verbose --arg localchange --regex '^univention-samba4' -- /usr/lib/u	Link Here

196

# if samba-tool user setpassword fails, reset the old password.

196

# if samba-tool user setpassword fails, reset the old password.

197

if [ $? != 0 ]; then

197

if [ $? != 0 ]; then

198

	revert_password_change

198

	revert_password_change

199

	FAIL "resetting old server password for $ldap_hostdn, because samba could not set the new password locally."

199

	FAIL "Failed to set new password in samba, machine password set back to old password for $ldap_hostdn."

200

fi

200

fi

201

202

# The password is changed on the master now, but it is not clear if

202

# The password is changed on the master now, but it is not clear if

Lines 218-224 do	Link Here

218

		# changes that would only worsen the situation. Instead, try to rollback.

218

		# changes that would only worsen the situation. Instead, try to rollback.

219

		# Reset the old password with UDM and give up.

219

		# Reset the old password with UDM and give up.

220

		revert_password_change

220

		revert_password_change

221

		FAIL "resetting old server password for $ldap_hostdn, because access to local LDAP did not work with the new password"

221

		FAIL "Access to local LDAP did not work with the new password, machine password set back to old password for $ldap_hostdn."

222

fi

222

fi

223

	trial_counter=$(( trial_counter - 1))

223

	trial_counter=$(( trial_counter - 1))

224

done

224

done

(-)a/services/univention-samba4/server_password_change.d/univention-samba4 (+3 lines)

Lines 50-55 set_machine_secret() {	Link Here

	%EOF

	%EOF

	if [ "$?" -ne "0" ]; then

	if [ "$?" -ne "0" ]; then

		echo "ERROR: Storing new password in samba secrets.ldb failed."

		install -m 0600 /etc/krb5.keytab.SAVE /etc/krb5.keytab

		install -m 0600 /etc/krb5.keytab.SAVE /etc/krb5.keytab

		exit 1

		exit 1

fi

fi

Lines 63-68 if [ "$1" = "localchange" ]; then	Link Here

	## if samba-tool user setpassword fails, revert changes to secrets.ldb and krb5.keytab

	## if samba-tool user setpassword fails, revert changes to secrets.ldb and krb5.keytab

	if [ "$?" -ne "0" ]; then

	if [ "$?" -ne "0" ]; then

		echo "ERROR: Changing machine password in Samba failed."

		echo "INFO: Restoring secrets.ldb and krb5.keytab."

		old_password=$(tail -n 1 /etc/machine.secret.old | sed -n 's/^[0-9]*: //p')

		old_password=$(tail -n 1 /etc/machine.secret.old | sed -n 's/^[0-9]*: //p')

		ldbmodify -H /var/lib/samba/private/secrets.ldb <<-%EOF

		ldbmodify -H /var/lib/samba/private/secrets.ldb <<-%EOF

		dn: flatname=${windows_domain},cn=Primary Domains

		dn: flatname=${windows_domain},cn=Primary Domains

Return to bug 49193