s3:net_ads: require kerberos if we use ads_krb5_set_password() in ads_user_add()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 5fc8a4d1f9662225f8082c01c2c2af1fd8016df3..b4b474d7c3a23546938f3f1dfe571668c60defa6 100644 (file)
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -977,6 +977,20 @@ static int ads_user_add(struct net_context *c, int argc, const char **argv)
                return net_ads_user_usage(c, argc, argv);
        }
 
+       if (argc > 1) {
+               /*
+                * We rely on ads_krb5_set_password() to
+                * set the password below.
+                *
+                * We could pass the password to
+                * ads_add_user_acct()
+                * and set the unicodePwd attribute there...
+                */
+               cli_credentials_set_kerberos_state(c->creds,
+                                                  CRED_USE_KERBEROS_REQUIRED,
+                                                  CRED_SPECIFIED);
+       }
+
        status = ads_startup(c, false, tmp_ctx, &ads);
        if (!ADS_ERR_OK(status)) {
                goto done;