s3:libsmb: make use of cli_{session_setup,rpc_pipe_open_with}_creds() in passchange.c
[Samba.git] / wintest / test-s4-howto.py
blobe290b07732d2eecfa61b1bce79d5afff430cda21
1 #!/usr/bin/env python
3 '''automated testing of the steps of the Samba4 HOWTO'''
5 import sys, os
6 import wintest, pexpect, time, subprocess
8 def set_krb5_conf(t):
9 t.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf')
11 def build_s4(t):
12 '''build samba4'''
13 t.info('Building s4')
14 t.chdir('${SOURCETREE}')
15 t.putenv('CC', 'ccache gcc')
16 t.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C')
17 t.run_cmd('make -j')
18 t.run_cmd('rm -rf ${PREFIX}')
19 t.run_cmd('make -j install')
22 def provision_s4(t, func_level="2008"):
23 '''provision s4 as a DC'''
24 t.info('Provisioning s4')
25 t.chdir('${PREFIX}')
26 t.del_files(["var", "private"])
27 t.run_cmd("rm -f etc/smb.conf")
28 provision=['bin/samba-tool',
29 'domain',
30 'provision',
31 '--realm=${LCREALM}',
32 '--domain=${DOMAIN}',
33 '--adminpass=${PASSWORD1}',
34 '--server-role=domain controller',
35 '--function-level=%s' % func_level,
36 '-d${DEBUGLEVEL}',
37 '--option=interfaces=${INTERFACE}',
38 '--host-ip=${INTERFACE_IP}',
39 '--option=bind interfaces only=yes',
40 '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf',
41 '--dns-backend=${NAMESERVER_BACKEND}',
42 '${DNS_FORWARDER}']
43 if t.getvar('USE_NTVFS'):
44 provision.append('${USE_NTVFS}')
46 if t.getvar('INTERFACE_IPV6'):
47 provision.append('--host-ip6=${INTERFACE_IPV6}')
48 t.run_cmd(provision)
49 t.run_cmd('bin/samba-tool user add testallowed ${PASSWORD1}')
50 t.run_cmd('bin/samba-tool user add testdenied ${PASSWORD1}')
51 t.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed')
54 def start_s4(t):
55 '''startup samba4'''
56 t.info('Starting Samba4')
57 t.chdir("${PREFIX}")
58 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
59 t.run_cmd(['sbin/samba',
60 '--option', 'panic action=gnome-terminal -e "gdb --pid %d"', '--option', 'max protocol=nt1'])
61 t.port_wait("${INTERFACE_IP}", 139)
63 def test_smbclient(t):
64 '''test smbclient against localhost'''
65 t.info('Testing smbclient')
66 smbclient = t.getvar("smbclient")
67 t.chdir('${PREFIX}')
68 t.cmd_contains("%s --version" % (smbclient), ["Version 4.1"])
69 t.retry_cmd('%s -L ${INTERFACE_IP} -U%%' % (smbclient), ["netlogon", "sysvol", "IPC Service"])
70 child = t.pexpect_spawn('%s //${INTERFACE_IP}/netlogon -Uadministrator%%${PASSWORD1}' % (smbclient))
71 child.expect("smb:")
72 child.sendline("dir")
73 child.expect("blocks available")
74 child.sendline("mkdir testdir")
75 child.expect("smb:")
76 child.sendline("cd testdir")
77 child.expect('testdir')
78 child.sendline("cd ..")
79 child.sendline("rmdir testdir")
82 def create_shares(t):
83 '''create some test shares'''
84 t.info("Adding test shares")
85 t.chdir('${PREFIX}')
86 t.write_file("etc/smb.conf", '''
87 [test]
88 path = ${PREFIX}/test
89 read only = no
90 [profiles]
91 path = ${PREFIX}/var/profiles
92 read only = no
93 ''',
94 mode='a')
95 t.run_cmd("mkdir -p test")
96 t.run_cmd("mkdir -p var/profiles")
99 def test_dns(t):
100 '''test that DNS is OK'''
101 t.info("Testing DNS")
102 t.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
103 ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
104 t.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.",
105 ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
106 t.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
107 ['${HOSTNAME}.${LCREALM} has address'])
109 def test_kerberos(t):
110 '''test that kerberos is OK'''
111 t.info("Testing kerberos")
112 t.run_cmd("kdestroy")
113 t.kinit("administrator@${REALM}", "${PASSWORD1}")
114 # this copes with the differences between MIT and Heimdal klist
115 t.cmd_contains("klist", ["rincipal", "administrator@${REALM}"])
118 def test_dyndns(t):
119 '''test that dynamic DNS is working'''
120 t.chdir('${PREFIX}')
121 t.run_cmd("sbin/samba_dnsupdate --fail-immediately")
122 if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
123 t.rndc_cmd("flush")
126 def run_winjoin(t, vm):
127 '''join a windows box to our domain'''
128 t.setwinvars(vm)
130 t.run_winjoin(t, "${LCREALM}")
132 def test_winjoin(t, vm):
133 t.info("Checking the windows join is OK")
134 smbclient = t.getvar("smbclient")
135 t.chdir('${PREFIX}')
136 t.port_wait("${WIN_IP}", 139)
137 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"], retries=100)
138 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
139 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
140 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
141 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
142 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}")
143 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
144 child.expect("The command completed successfully")
147 def run_dcpromo(t, vm):
148 '''run a dcpromo on windows'''
149 t.setwinvars(vm)
151 t.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo")
152 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True, set_noexpire=True)
153 child.sendline("copy /Y con answers.txt")
154 child.sendline('''
155 [DCINSTALL]
156 RebootOnSuccess=Yes
157 RebootOnCompletion=Yes
158 ReplicaOrNewDomain=Replica
159 ReplicaDomainDNSName=${LCREALM}
160 SiteName=Default-First-Site-Name
161 InstallDNS=No
162 ConfirmGc=Yes
163 CreateDNSDelegation=No
164 UserDomain=${LCREALM}
165 UserName=${LCREALM}\\administrator
166 Password=${PASSWORD1}
167 DatabasePath="C:\Windows\NTDS"
168 LogPath="C:\Windows\NTDS"
169 SYSVOLPath="C:\Windows\SYSVOL"
170 SafeModeAdminPassword=${PASSWORD1}
171 \x1a
172 ''')
173 child.expect("copied.")
174 child.expect("C:")
175 child.expect("C:")
176 child.sendline("dcpromo /answer:answers.txt")
177 i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout=240)
178 if i == 1 or i == 2:
179 child.sendline("echo off")
180 child.sendline("echo START DCPROMO log")
181 child.sendline("more c:\windows\debug\dcpromoui.log")
182 child.sendline("echo END DCPROMO log")
183 child.expect("END DCPROMO")
184 raise Exception("dcpromo failed")
185 t.wait_reboot()
188 def test_dcpromo(t, vm):
189 '''test that dcpromo worked'''
190 t.info("Checking the dcpromo join is OK")
191 smbclient = t.getvar("smbclient")
192 t.chdir('${PREFIX}')
193 t.port_wait("${WIN_IP}", 139)
194 t.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${NAMED_INTERFACE_IP}",
195 ['${WIN_HOSTNAME}.${LCREALM} has address'],
196 retries=30, delay=10, casefold=True)
197 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
198 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
199 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
201 t.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
202 t.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
204 t.kinit("administrator@${REALM}", "${PASSWORD1}")
206 # the first replication will transfer the dnsHostname attribute
207 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"])
209 for nc in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
210 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
211 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
213 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
214 [ "INBOUND NEIGHBORS",
215 "${BASEDN}",
216 "Last attempt .* was successful",
217 "CN=Configuration,${BASEDN}",
218 "Last attempt .* was successful",
219 "CN=Configuration,${BASEDN}", # cope with either order
220 "Last attempt .* was successful",
221 "OUTBOUND NEIGHBORS",
222 "${BASEDN}",
223 "Last success",
224 "CN=Configuration,${BASEDN}",
225 "Last success",
226 "CN=Configuration,${BASEDN}",
227 "Last success"],
228 ordered=True,
229 regex=True)
231 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
232 [ "INBOUND NEIGHBORS",
233 "${BASEDN}",
234 "Last attempt .* was successful",
235 "CN=Configuration,${BASEDN}",
236 "Last attempt .* was successful",
237 "CN=Configuration,${BASEDN}",
238 "Last attempt .* was successful",
239 "OUTBOUND NEIGHBORS",
240 "${BASEDN}",
241 "Last success",
242 "CN=Configuration,${BASEDN}",
243 "Last success",
244 "CN=Configuration,${BASEDN}",
245 "Last success" ],
246 ordered=True,
247 regex=True)
249 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
250 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
252 retries = 10
253 i = child.expect(["The command completed successfully", "The network path was not found"])
254 while i == 1 and retries > 0:
255 child.expect("C:")
256 time.sleep(2)
257 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
258 i = child.expect(["The command completed successfully", "The network path was not found"])
259 retries -=1
261 t.run_net_time(child)
263 t.info("Checking if showrepl is happy")
264 child.sendline("repadmin /showrepl")
265 child.expect("${BASEDN}")
266 child.expect("was successful")
267 child.expect("CN=Configuration,${BASEDN}")
268 child.expect("was successful")
269 child.expect("CN=Schema,CN=Configuration,${BASEDN}")
270 child.expect("was successful")
272 t.info("Checking if new users propogate to windows")
273 t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
274 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
275 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
277 t.info("Checking if new users on windows propogate to samba")
278 child.sendline("net user test3 ${PASSWORD3} /add")
279 while True:
280 i = child.expect(["The command completed successfully",
281 "The directory service was unable to allocate a relative identifier"])
282 if i == 0:
283 break
284 time.sleep(2)
286 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
287 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
289 t.info("Checking propogation of user deletion")
290 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
291 child.sendline("net user test3 /del")
292 child.expect("The command completed successfully")
294 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
295 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
296 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
297 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
298 t.vm_poweroff("${WIN_VM}")
301 def run_dcpromo_rodc(t, vm):
302 '''run a RODC dcpromo to join a windows DC to the samba domain'''
303 t.setwinvars(vm)
304 t.info("Joining a w2k8 box to the domain as a RODC")
305 t.vm_poweroff("${WIN_VM}", checkfail=False)
306 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
307 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True)
308 child.sendline("copy /Y con answers.txt")
309 child.sendline('''
310 [DCInstall]
311 ReplicaOrNewDomain=ReadOnlyReplica
312 ReplicaDomainDNSName=${LCREALM}
313 PasswordReplicationDenied="BUILTIN\Administrators"
314 PasswordReplicationDenied="BUILTIN\Server Operators"
315 PasswordReplicationDenied="BUILTIN\Backup Operators"
316 PasswordReplicationDenied="BUILTIN\Account Operators"
317 PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group"
318 PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group"
319 DelegatedAdmin="${DOMAIN}\\Administrator"
320 SiteName=Default-First-Site-Name
321 InstallDNS=No
322 ConfirmGc=Yes
323 CreateDNSDelegation=No
324 UserDomain=${LCREALM}
325 UserName=${LCREALM}\\administrator
326 Password=${PASSWORD1}
327 DatabasePath="C:\Windows\NTDS"
328 LogPath="C:\Windows\NTDS"
329 SYSVOLPath="C:\Windows\SYSVOL"
330 SafeModeAdminPassword=${PASSWORD1}
331 RebootOnCompletion=No
332 \x1a
333 ''')
334 child.expect("copied.")
335 child.sendline("dcpromo /answer:answers.txt")
336 i = child.expect(["You must restart this computer", "failed", "could not be located in this domain"], timeout=120)
337 if i != 0:
338 child.sendline("echo off")
339 child.sendline("echo START DCPROMO log")
340 child.sendline("more c:\windows\debug\dcpromoui.log")
341 child.sendline("echo END DCPROMO log")
342 child.expect("END DCPROMO")
343 raise Exception("dcpromo failed")
344 child.sendline("shutdown -r -t 0")
345 t.wait_reboot()
349 def test_dcpromo_rodc(t, vm):
350 '''test the RODC dcpromo worked'''
351 t.info("Checking the w2k8 RODC join is OK")
352 smbclient = t.getvar("smbclient")
353 t.chdir('${PREFIX}')
354 t.port_wait("${WIN_IP}", 139)
355 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
356 child.sendline("ipconfig /registerdns")
357 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
358 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
359 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
360 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
361 child.expect("The command completed successfully")
363 t.info("Checking if showrepl is happy")
364 child.sendline("repadmin /showrepl")
365 child.expect("${BASEDN}")
366 child.expect("was successful")
367 child.expect("CN=Configuration,${BASEDN}")
368 child.expect("was successful")
369 child.expect("CN=Configuration,${BASEDN}")
370 child.expect("was successful")
372 for nc in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
373 t.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc, ["was successful"])
375 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}",
376 [ "INBOUND NEIGHBORS",
377 "OUTBOUND NEIGHBORS",
378 "${BASEDN}",
379 "Last attempt.*was successful",
380 "CN=Configuration,${BASEDN}",
381 "Last attempt.*was successful",
382 "CN=Configuration,${BASEDN}",
383 "Last attempt.*was successful" ],
384 ordered=True,
385 regex=True)
387 t.info("Checking if new users are available on windows")
388 t.run_cmd('bin/samba-tool user add test2 ${PASSWORD2}')
389 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
390 t.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN}", ["was successful"])
391 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
392 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
393 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
394 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
395 t.vm_poweroff("${WIN_VM}")
398 def prep_join_as_dc(t, vm):
399 '''start VM and shutdown Samba in preperation to join a windows domain as a DC'''
400 t.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool domain join DC")
401 t.chdir('${PREFIX}')
402 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
403 if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
404 t.rndc_cmd('flush')
405 t.run_cmd("rm -rf etc/smb.conf private")
406 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
407 t.get_ipconfig(child)
409 def join_as_dc(t, vm):
410 '''join a windows domain as a DC'''
411 t.setwinvars(vm)
412 t.info("Joining ${WIN_VM} as a second DC using samba-tool domain join DC")
413 t.port_wait("${WIN_IP}", 389)
414 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
416 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
417 t.run_cmd('bin/samba-tool domain join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
418 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
421 def test_join_as_dc(t, vm):
422 '''test the join of a windows domain as a DC'''
423 t.info("Checking the DC join is OK")
424 smbclient = t.getvar("smbclient")
425 t.chdir('${PREFIX}')
426 t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
427 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
428 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
430 t.info("Forcing kcc runs, and replication")
431 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
432 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
434 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
435 for nc in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
436 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
437 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
439 child.sendline("ipconfig /flushdns")
440 child.expect("Successfully flushed")
442 retries = 10
443 i = 1
444 while i == 1 and retries > 0:
445 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
446 i = child.expect(["The command completed successfully", "The network path was not found"])
447 child.expect("C:")
448 if i == 1:
449 time.sleep(2)
450 retries -=1
452 t.info("Checking if showrepl is happy")
453 child.sendline("repadmin /showrepl")
454 child.expect("${WIN_BASEDN}")
455 child.expect("was successful")
456 child.expect("CN=Configuration,${WIN_BASEDN}")
457 child.expect("was successful")
458 child.expect("CN=Configuration,${WIN_BASEDN}")
459 child.expect("was successful")
461 t.info("Checking if new users propogate to windows")
462 t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
463 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
464 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
466 t.info("Checking if new users on windows propogate to samba")
467 child.sendline("net user test3 ${PASSWORD3} /add")
468 child.expect("The command completed successfully")
469 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
470 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
472 t.info("Checking propogation of user deletion")
473 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}')
474 child.sendline("net user test3 /del")
475 child.expect("The command completed successfully")
477 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
478 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
479 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
480 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
482 t.run_cmd('bin/samba-tool domain demote -Uadministrator@${WIN_REALM}%${WIN_PASS}')
484 t.vm_poweroff("${WIN_VM}")
487 def join_as_rodc(t, vm):
488 '''join a windows domain as a RODC'''
489 t.setwinvars(vm)
490 t.info("Joining ${WIN_VM} as a RODC using samba-tool domain join DC")
491 t.port_wait("${WIN_IP}", 389)
492 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
493 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
494 t.run_cmd('bin/samba-tool domain join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
495 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
498 def test_join_as_rodc(t, vm):
499 '''test a windows domain RODC join'''
500 t.info("Checking the RODC join is OK")
501 smbclient = t.getvar("smbclient")
502 t.chdir('${PREFIX}')
503 t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
504 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
505 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
507 t.info("Forcing kcc runs, and replication")
508 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
509 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
511 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
512 for nc in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
513 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
515 retries = 10
516 i = 1
517 while i == 1 and retries > 0:
518 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
519 i = child.expect(["The command completed successfully", "The network path was not found"])
520 child.expect("C:")
521 if i == 1:
522 time.sleep(2)
523 retries -=1
525 t.info("Checking if showrepl is happy")
526 child.sendline("repadmin /showrepl")
527 child.expect("DSA invocationID")
529 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
530 [ "INBOUND NEIGHBORS",
531 "OUTBOUND NEIGHBORS",
532 "${WIN_BASEDN}",
533 "Last attempt .* was successful",
534 "CN=Configuration,${WIN_BASEDN}",
535 "Last attempt .* was successful",
536 "CN=Configuration,${WIN_BASEDN}",
537 "Last attempt .* was successful" ],
538 ordered=True,
539 regex=True)
541 t.info("Checking if new users on windows propogate to samba")
542 child.sendline("net user test3 ${PASSWORD3} /add")
543 child.expect("The command completed successfully")
544 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
545 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
547 # should this work?
548 t.info("Checking if new users propogate to windows")
549 t.cmd_contains('bin/samba-tool user add test2 ${PASSWORD2}', ['No RID Set DN'])
551 t.info("Checking propogation of user deletion")
552 child.sendline("net user test3 /del")
553 child.expect("The command completed successfully")
555 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
556 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
557 t.vm_poweroff("${WIN_VM}")
560 def test_howto(t):
561 '''test the Samba4 howto'''
563 t.setvar("SAMBA_VERSION", "Version 4")
564 t.setvar("smbclient", "bin/smbclient4")
565 t.check_prerequesites()
567 # we don't need fsync safety in these tests
568 t.putenv('TDB_NO_FSYNC', '1')
570 if not t.skip("configure_bind"):
571 t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
572 if not t.skip("stop_bind"):
573 t.stop_bind()
575 if not t.skip("stop_vms"):
576 t.stop_vms()
578 if not t.skip("build"):
579 build_s4(t)
581 if not t.skip("provision"):
582 provision_s4(t)
584 set_krb5_conf(t)
586 if not t.skip("create-shares"):
587 create_shares(t)
589 if not t.skip("starts4"):
590 start_s4(t)
591 if not t.skip("smbclient"):
592 test_smbclient(t)
594 if not t.skip("configure_bind2"):
595 t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
596 if not t.skip("start_bind"):
597 t.start_bind()
599 if not t.skip("dns"):
600 test_dns(t)
601 if not t.skip("kerberos"):
602 test_kerberos(t)
603 if not t.skip("dyndns"):
604 test_dyndns(t)
606 if t.have_vm('WINDOWS7') and not t.skip("windows7"):
607 t.start_winvm("WINDOWS7")
608 t.test_remote_smbclient("WINDOWS7")
609 run_winjoin(t, "WINDOWS7")
610 test_winjoin(t, "WINDOWS7")
611 t.vm_poweroff("${WIN_VM}")
613 if t.have_vm('WINXP') and not t.skip("winxp"):
614 t.start_winvm("WINXP")
615 run_winjoin(t, "WINXP")
616 test_winjoin(t, "WINXP")
617 t.test_remote_smbclient("WINXP", "administrator", "${PASSWORD1}")
618 t.vm_poweroff("${WIN_VM}")
620 if t.have_vm('W2K3C') and not t.skip("win2k3_member"):
621 t.start_winvm("W2K3C")
622 run_winjoin(t, "W2K3C")
623 test_winjoin(t, "W2K3C")
624 t.test_remote_smbclient("W2K3C", "administrator", "${PASSWORD1}")
625 t.vm_poweroff("${WIN_VM}")
627 if t.have_vm('W2K8R2C') and not t.skip("dcpromo_rodc"):
628 t.info("Testing w2k8r2 RODC dcpromo")
629 t.start_winvm("W2K8R2C")
630 t.test_remote_smbclient('W2K8R2C')
631 run_dcpromo_rodc(t, "W2K8R2C")
632 test_dcpromo_rodc(t, "W2K8R2C")
634 if t.have_vm('W2K8R2B') and not t.skip("dcpromo_w2k8r2"):
635 t.info("Testing w2k8r2 dcpromo")
636 t.start_winvm("W2K8R2B")
637 t.test_remote_smbclient('W2K8R2B')
638 run_dcpromo(t, "W2K8R2B")
639 test_dcpromo(t, "W2K8R2B")
641 if t.have_vm('W2K8B') and not t.skip("dcpromo_w2k8"):
642 t.info("Testing w2k8 dcpromo")
643 t.start_winvm("W2K8B")
644 t.test_remote_smbclient('W2K8B')
645 run_dcpromo(t, "W2K8B")
646 test_dcpromo(t, "W2K8B")
648 if t.have_vm('W2K3B') and not t.skip("dcpromo_w2k3"):
649 t.info("Testing w2k3 dcpromo")
650 t.info("Changing to 2003 functional level")
651 provision_s4(t, func_level='2003')
652 create_shares(t)
653 start_s4(t)
654 test_smbclient(t)
655 t.restart_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
656 test_dns(t)
657 test_kerberos(t)
658 test_dyndns(t)
659 t.start_winvm("W2K3B")
660 t.test_remote_smbclient('W2K3B')
661 run_dcpromo(t, "W2K3B")
662 test_dcpromo(t, "W2K3B")
664 if t.have_vm('W2K8R2A') and not t.skip("join_w2k8r2"):
665 t.start_winvm("W2K8R2A")
666 prep_join_as_dc(t, "W2K8R2A")
667 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
668 join_as_dc(t, "W2K8R2A")
669 create_shares(t)
670 start_s4(t)
671 test_dyndns(t)
672 test_join_as_dc(t, "W2K8R2A")
674 if t.have_vm('W2K8R2A') and not t.skip("join_rodc"):
675 t.start_winvm("W2K8R2A")
676 prep_join_as_dc(t, "W2K8R2A")
677 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
678 join_as_rodc(t, "W2K8R2A")
679 create_shares(t)
680 start_s4(t)
681 test_dyndns(t)
682 test_join_as_rodc(t, "W2K8R2A")
684 if t.have_vm('W2K3A') and not t.skip("join_w2k3"):
685 t.start_winvm("W2K3A")
686 prep_join_as_dc(t, "W2K3A")
687 t.run_dcpromo_as_first_dc("W2K3A", func_level='2003')
688 join_as_dc(t, "W2K3A")
689 create_shares(t)
690 start_s4(t)
691 test_dyndns(t)
692 test_join_as_dc(t, "W2K3A")
694 t.info("Howto test: All OK")
697 def test_cleanup(t):
698 '''cleanup after tests'''
699 t.info("Cleaning up ...")
700 t.restore_resolv_conf()
701 if getattr(t, 'bind_child', False):
702 t.bind_child.kill()
705 if __name__ == '__main__':
706 t = wintest.wintest()
708 t.setup("test-s4-howto.py", "source4")
710 try:
711 test_howto(t)
712 except:
713 if not t.opts.nocleanup:
714 test_cleanup(t)
715 raise
717 if not t.opts.nocleanup:
718 test_cleanup(t)
719 t.info("S4 howto test: All OK")