s4-net: use an encrypted ldap session when setting passwords

this allows for "net setpassword -H ldap://server -Uusername%password USERNAME"
to set a password remotely on a windows DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/scripting/python/samba/netcmd/setpassword.py b/source4/scripting/python/samba/netcmd/setpassword.py
index d4451d4d8f9a11f38c40ff8c14928d348f388ceb..e01fa23ab90219921337cd593c7830ed3cad4680 100644 (file)
--- a/source4/scripting/python/samba/netcmd/setpassword.py
+++ b/source4/scripting/python/samba/netcmd/setpassword.py
@@ -25,6 +25,7 @@ from samba.netcmd import Command, CommandError, Option
 from getpass import getpass
 from samba.auth import system_session
 from samba.samdb import SamDB
+from samba import gensec
 
 class cmd_setpassword(Command):
     """(Re)sets the password on a user account"""
@@ -64,6 +65,8 @@ class cmd_setpassword(Command):
         lp = sambaopts.get_loadparm()
         creds = credopts.get_credentials(lp)
 
+        creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
+
         samdb = SamDB(url=H, session_info=system_session(),
                       credentials=creds, lp=lp)