3 Usage: test_net.sh DC_SERVER DC_USERNAME DC_PASSWORD BASEDIR
13 HOSTNAME
=$
(dd if=/dev
/urandom bs
=1 count
=32 2>/dev
/null |
sha1sum | cut
-b 1-10)
17 WORKDIR
=$
(mktemp
-d -p .
)
18 WORKDIR
=$
(basename $WORKDIR)
19 cp -a client
/* $WORKDIR/
20 sed -ri "s@(dir|directory) = (.*)/client/@\1 = \2/$WORKDIR/@" $WORKDIR/client.conf
21 sed -ri "s/netbios name = .*/netbios name = $HOSTNAME/" $WORKDIR/client.conf
22 rm -f $WORKDIR/private
/secrets.tdb
27 net_tool
="$BINDIR/net --configfile=$BASEDIR/$WORKDIR/client.conf --option=security=ads"
30 . $
(dirname $0)/subunit.sh
31 .
"$(dirname "${0}")/common_test_fns.inc"
33 ldbadd
=$
(system_or_builddir_binary ldbadd
"${BINDIR}")
34 ldbmodify
=$
(system_or_builddir_binary ldbmodify
"${BINDIR}")
35 ldbdel
=$
(system_or_builddir_binary ldbdel
"${BINDIR}")
36 ldbsearch
=$
(system_or_builddir_binary ldbsearch
"${BINDIR}")
38 testit
"join" $VALGRIND $net_tool ads
join -U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
40 workgroup
=$
(awk '/workgroup =/ { print $NR }' "${BASEDIR}/${WORKDIR}/client.conf")
41 testit
"local krb5.conf created" \
43 "${BASEDIR}/${WORKDIR}/lockdir/smb_krb5/krb5.conf.${workgroup}" ||
44 failed
=$
((failed
+ 1))
46 testit
"testjoin" $VALGRIND $net_tool ads testjoin
-P --use-kerberos=required || failed
=$
(expr $failed + 1)
48 netbios
=$
(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut
-f2 -d= |
awk '{$1=$1};1')
50 testit
"test setspn list $netbios" $VALGRIND $net_tool ads setspn list
$netbios -U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
52 testit_expect_failure
"test setspn add illegal windows spn ($spn)" $VALGRIND $net_tool ads setspn add
$spn -U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
54 spn
="foo/somehost.domain.com"
55 testit
"test setspn add ($spn)" $VALGRIND $net_tool ads setspn add
$spn -U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
57 found
=$
($net_tool ads setspn list
-U$DC_USERNAME%$DC_PASSWORD |
grep $spn |
wc -l)
58 testit
"test setspn list shows the newly added spn ($spn)" test $found -eq 1 || failed
=$
(expr $failed + 1)
60 up_spn
=$
(echo $spn |
tr '[:lower:]' '[:upper:]')
61 testit_expect_failure
"test setspn add existing (case-insensitive) spn ($spn)" $VALGRIND $net_tool ads setspn add
$up_spn -U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
63 testit
"test setspn delete existing (case-insensitive) ($spn)" $VALGRIND $net_tool ads setspn delete
$spn -U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
65 found
=$
($net_tool ads setspn list
-U$DC_USERNAME%$DC_PASSWORD |
grep $spn |
wc -l)
66 testit
"test setspn list shows the newly deleted spn ($spn) is gone" test $found -eq 0 || failed
=$
(expr $failed + 1)
68 testit
"changetrustpw" $VALGRIND $net_tool ads changetrustpw || failed
=$
(expr $failed + 1)
70 testit
"leave" $VALGRIND $net_tool ads leave
-U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
72 # Test with kerberos method = secrets and keytab
73 dedicated_keytab_file
="$BASEDIR/$WORKDIR/test_net_ads_dedicated_krb5.keytab"
74 testit
"join (dedicated keytab)" $VALGRIND $net_tool ads
join -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
76 testit
"testjoin (dedicated keytab)" $VALGRIND $net_tool ads testjoin
-P --use-kerberos=required || failed
=$
(expr $failed + 1)
78 netbios
=$
(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut
-f2 -d= |
awk '{$1=$1};1')
79 uc_netbios
=$
(echo $netbios |
tr '[:lower:]' '[:upper:]')
80 lc_realm
=$
(echo $REALM |
tr '[:upper:]' '[:lower:]')
81 fqdn
="$netbios.$lc_realm"
83 krb_princ
="primary/instance@$REALM"
84 testit
"test (dedicated keytab) add a fully qualified krb5 principal" $VALGRIND $net_tool ads keytab add
$krb_princ -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
86 found
=$
($net_tool ads keytab list
-U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" |
grep $krb_princ |
wc -l)
88 testit
"test (dedicated keytab) at least one fully qualified krb5 principal that was added is present in keytab" test $found -gt 1 || failed
=$
(expr $failed + 1)
90 machinename
="machine123"
91 testit
"test (dedicated keytab) add a kerberos principal created from machinename to keytab" $VALGRIND $net_tool ads keytab add
$machinename'$' -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
92 search_str
="$machinename\$@$REALM"
93 found
=$
($net_tool ads keytab list
-U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" |
grep $search_str |
wc -l)
94 testit
"test (dedicated keytab) at least one krb5 principal created from $machinename added is present in keytab" test $found -gt 1 || failed
=$
(expr $failed + 1)
97 testit
"test (dedicated keytab) add a $service service to keytab" $VALGRIND $net_tool ads keytab add
$service -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
99 search_str
="$service/$fqdn@$REALM"
100 found
=$
($net_tool ads keytab list
-U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" |
grep $search_str |
wc -l)
101 testit
"test (dedicated keytab) at least one (long form) krb5 principal created from service added is present in keytab" test $found -gt 1 || failed
=$
(expr $failed + 1)
103 search_str
="$service/$uc_netbios@$REALM"
104 found
=$
($net_tool ads keytab list
-U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" |
grep $search_str |
wc -l)
105 testit
"test (dedicated keytab) at least one (shorter form) krb5 principal created from service added is present in keytab" test $found -gt 1 || failed
=$
(expr $failed + 1)
107 spn_service
="random_srv"
108 spn_host
="somehost.subdomain.domain"
111 windows_spn
="$spn_service/$spn_host"
112 testit
"test (dedicated keytab) add a $windows_spn windows style SPN to keytab" $VALGRIND $net_tool ads keytab add
$windows_spn -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
114 search_str
="$spn_service/$spn_host@$REALM"
115 found
=$
($net_tool ads keytab list
-U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" |
grep $search_str |
wc -l)
116 testit
"test (dedicated keytab) at least one krb5 principal created from windown SPN added is present in keytab" test $found -gt 1 || failed
=$
(expr $failed + 1)
118 windows_spn
="$spn_service/$spn_host:$spn_port"
119 testit
"test (dedicated keytab) add a $windows_spn windows style SPN to keytab" $VALGRIND $net_tool ads keytab add
$windows_spn -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
121 search_str
="$spn_service/$spn_host@$REALM"
122 found
=$
($net_tool ads keytab list
-U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" |
grep $search_str |
wc -l)
123 testit
"test (dedicated keytab) at least one krb5 principal created from windown SPN (with port) added is present in keytab" test $found -gt 1 || failed
=$
(expr $failed + 1)
125 # keytab add shouldn't have written spn to AD
126 found
=$
($net_tool ads setspn list
-U$DC_USERNAME%$DC_PASSWORD |
grep $service |
wc -l)
127 testit
"test (dedicated keytab) spn is not written to AD (using keytab add)" test $found -eq 0 || failed
=$
(expr $failed + 1)
129 ad_service
="writetoad"
130 testit
"test (dedicated keytab) add a $ad_service service to keytab (using add_update_ads" $VALGRIND $net_tool ads keytab add_update_ads
$ad_service -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
132 found
=$
($net_tool ads setspn list
-U$DC_USERNAME%$DC_PASSWORD |
grep $ad_service |
wc -l)
133 testit
"test (dedicated keytab) spn is written to AD (using keytab add_update_ads)" test $found -eq 2 || failed
=$
(expr $failed + 1)
135 # test existence in keytab of service (previously added) pulled from SPN post
136 # 'keytab create' is now present in keytab file
137 testit
"test (dedicated keytab) keytab created succeeds" $VALGRIND $net_tool ads keytab create
-U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
138 found
=$
($net_tool ads keytab list
-U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" |
grep $ad_service |
wc -l)
139 testit
"test (dedicated keytab) spn service that exists in AD (created via add_update_ads) is added to keytab file" test $found -gt 1 || failed
=$
(expr $failed + 1)
141 found_ad
=$
($net_tool ads setspn list
-U$DC_USERNAME%$DC_PASSWORD |
grep $service |
wc -l)
142 found_keytab
=$
($net_tool ads keytab list
-U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" |
grep $service |
wc -l)
143 # test after create that a spn that exists in the keytab but shouldn't
144 # be written to the AD.
145 testit
"test spn service doensn't exist in AD but is present in keytab file after keytab create" test $found_ad -eq 0 -a $found_keytab -gt 1 || failed
=$
(expr $failed + 1)
147 # SPN parser is very basic but does detect some illegal combination
149 windows_spn
="$spn_service/$spn_host:"
150 testit_expect_failure
"test (dedicated keytab) fail to parse windows spn with missing port" $VALGRIND $net_tool ads keytab add
$windows_spn -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
152 windows_spn
="$spn_service/$spn_host/"
153 testit_expect_failure
"test (dedicated keytab) fail to parse windows spn with missing servicename" $VALGRIND $net_tool ads keytab add
$windows_spn -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
155 # now delete the keytab entries again...
157 krb_princ
="primary/instance@$REALM"
158 testit
"test (dedicated keytab) delete a fully qualified krb5 principal" $VALGRIND $net_tool ads keytab delete
$krb_princ -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
160 found
=`$net_tool ads keytab list -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" | grep $krb_princ | wc -l`
162 testit
"test (dedicated keytab) fully qualified krb5 principal was deleted and is no longer present in keytab" test $found -eq 0 || failed
=$
(expr $failed + 1)
164 machinename
="machine123"
165 testit
"test (dedicated keytab) delete a kerberos principle created from machinename from keytab" $VALGRIND $net_tool ads keytab delete
$machinename'$' -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
166 search_str
="$machinename\$@$REALM"
167 found
=`$net_tool ads keytab list -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" | grep $search_str | wc -l`
168 testit
"test (dedicated keytab) krb5 principal created from $machinename was deleted and is no longer present in keytab" test $found -eq 0 || failed
=$
(expr $failed + 1)
171 testit
"test (dedicated keytab) delete a $service service to keytab" $VALGRIND $net_tool ads keytab delete
$service -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
173 search_str
="$service"
174 found
=`$net_tool ads keytab list -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" | grep $search_str | wc -l`
175 testit
"test (dedicated keytab) krb5 principal created from service was deleted and is no longer present in keytab" test $found -eq 0 || failed
=$
(expr $failed + 1)
177 spn_service
="random_srv"
178 spn_host
="somehost.subdomain.domain"
181 windows_spn
="$spn_service/$spn_host"
182 testit
"test (dedicated keytab) delete a $windows_spn windows style SPN from keytab" $VALGRIND $net_tool ads keytab delete
$windows_spn -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
184 search_str
="$spn_service/$spn_host@$REALM"
185 found
=`$net_tool ads keytab list -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" | grep $search_str | wc -l`
186 testit
"test (dedicated keytab) krb5 principal created from windown SPN was deleted and is no longer present in keytab" test $found -eq 0 || failed
=$
(expr $failed + 1)
188 windows_spn
="$spn_service/$spn_host:$spn_port"
189 testit
"test (dedicated keytab) delete a $windows_spn windows style SPN to keytab" $VALGRIND $net_tool ads keytab delete
$windows_spn -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
191 search_str
="$spn_service/$spn_host@$REALM"
192 found
=`$net_tool ads keytab list -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" | grep $search_str | wc -l`
193 testit
"test (dedicated keytab) krb5 principal created from windown SPN (with port) was deleted and is no longer present in keytab" test $found -eq 0 || failed
=$
(expr $failed + 1)
195 # keytab add shouldn't have written spn to AD
196 found
=$
($net_tool ads setspn list
-U$DC_USERNAME%$DC_PASSWORD |
grep $service |
wc -l)
197 testit
"test (dedicated keytab) spn is not written to AD (using keytab add)" test $found -eq 0 || failed
=$
(expr $failed + 1)
199 ad_service
="writetoad"
200 testit
"test (dedicated keytab) delete a $ad_service service from keytab (used add_update_ads)" $VALGRIND $net_tool ads keytab delete
$ad_service -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
202 search_str
="$ad_service"
203 found
=`$net_tool ads keytab list -U$DC_USERNAME%$DC_PASSWORD --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" | grep $search_str | wc -l`
204 testit
"test (dedicated keytab) spn is written to AD (using keytab add_update_ads) was deleted and is no longer present in keytab" test $found -eq 0 || failed
=$
(expr $failed + 1)
206 found
=$
($net_tool ads setspn list
-U$DC_USERNAME%$DC_PASSWORD |
grep $ad_service |
wc -l)
207 testit
"test (dedicated keytab) spn is written to AD (using keytab add_update_ads) is still in ad after deletion from keytab" test $found -eq 2 || failed
=$
(expr $failed + 1)
209 testit
"changetrustpw (dedicated keytab)" $VALGRIND $net_tool ads changetrustpw || failed
=$
(expr $failed + 1)
211 testit
"leave (dedicated keytab)" $VALGRIND $net_tool ads leave
-U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
213 # if there is no keytab, try and create it
214 if [ ! -f $dedicated_keytab_file ]; then
215 if [ $
(command -v ktutil
) ] >/dev
/null
; then
216 printf "addent -password -p $DC_USERNAME@$REALM -k 1 -e rc4-hmac\n$DC_PASSWORD\nwkt $dedicated_keytab_file\n" | ktutil
220 if [ -f $dedicated_keytab_file ]; then
221 testit
"keytab list (dedicated keytab)" $VALGRIND $net_tool ads keytab list
--option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
222 testit
"keytab list keytab specified on cmdline" $VALGRIND $net_tool ads keytab list
$dedicated_keytab_file || failed
=$
(expr $failed + 1)
225 rm -f $dedicated_keytab_file
227 testit_expect_failure
"testjoin(not joined)" $VALGRIND $net_tool ads testjoin
-P --use-kerberos=required || failed
=$
(expr $failed + 1)
229 testit
"join+kerberos" $VALGRIND $net_tool ads
join -U$DC_USERNAME%$DC_PASSWORD --use-kerberos=required || failed
=$
(expr $failed + 1)
231 testit
"testjoin" $VALGRIND $net_tool ads testjoin
-P --use-kerberos=required || failed
=$
(expr $failed + 1)
233 testit
"leave+kerberos" $VALGRIND $net_tool ads leave
-U$DC_USERNAME%$DC_PASSWORD --use-kerberos=required || failed
=$
(expr $failed + 1)
235 testit_expect_failure
"testjoin(not joined)" $VALGRIND $net_tool ads testjoin
-P --use-kerberos=required || failed
=$
(expr $failed + 1)
237 testit
"join+server" $VALGRIND $net_tool ads
join -U$DC_USERNAME%$DC_PASSWORD -S$DC_SERVER || failed
=$
(expr $failed + 1)
239 testit
"leave+server" $VALGRIND $net_tool ads leave
-U$DC_USERNAME%$DC_PASSWORD -S$DC_SERVER || failed
=$
(expr $failed + 1)
241 testit_expect_failure
"join+invalid_server" $VALGRIND $net_tool ads
join -U$DC_USERNAME%$DC_PASSWORD -SINVALID || failed
=$
(expr $failed + 1)
243 testit
"join+server" $VALGRIND $net_tool ads
join -U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
245 testit_expect_failure
"leave+invalid_server" $VALGRIND $net_tool ads leave
-U$DC_USERNAME%$DC_PASSWORD -SINVALID || failed
=$
(expr $failed + 1)
247 testit
"testjoin user+password" $VALGRIND $net_tool ads testjoin
-U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
249 testit
"leave+keep_account" $VALGRIND $net_tool ads leave
-U$DC_USERNAME%$DC_PASSWORD --keep-account || failed
=$
(expr $failed + 1)
251 base_dn
="DC=addom,DC=samba,DC=example,DC=com"
252 computers_dn
="CN=Computers,$base_dn"
253 testit
"ldb check for existence of machine account" $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap
://$SERVER.
$REALM --scope=base
-b "cn=$HOSTNAME,$computers_dn" || failed
=$
(expr $failed + 1)
255 dns_alias1
="${netbios}_alias1.other.${lc_realm}"
256 dns_alias2
="${netbios}_alias2.other2.${lc_realm}"
257 testit
"join" $VALGRIND $net_tool --option=additionaldnshostnames
=$dns_alias1,$dns_alias2 ads
join -U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
259 testit
"testjoin" $VALGRIND $net_tool ads testjoin || failed
=$
(expr $failed + 1)
261 testit_grep
"check dNSHostName" $fqdn $VALGRIND $net_tool ads search
-P samaccountname
=$netbios\$ dNSHostName || failed
=$
(expr $failed + 1)
262 testit_grep
"check SPN" ${uc_netbios}.
${lc_realm} $VALGRIND $net_tool ads search
-P samaccountname
=$netbios\$ servicePrincipalName || failed
=$
(expr $failed + 1)
264 testit_grep
"dns alias SPN" $dns_alias1 $VALGRIND $net_tool ads search
-P samaccountname
=$netbios\$ servicePrincipalName || failed
=$
(expr $failed + 1)
265 testit_grep
"dns alias SPN" $dns_alias2 $VALGRIND $net_tool ads search
-P samaccountname
=$netbios\$ servicePrincipalName || failed
=$
(expr $failed + 1)
267 testit_grep
"dns alias addl" $dns_alias1 $VALGRIND $net_tool ads search
-P samaccountname
=$netbios\$ msDS-AdditionalDnsHostName || failed
=$
(expr $failed + 1)
268 testit_grep
"dns alias addl" $dns_alias2 $VALGRIND $net_tool ads search
-P samaccountname
=$netbios\$ msDS-AdditionalDnsHostName || failed
=$
(expr $failed + 1)
270 # Test binary msDS-AdditionalDnsHostName like ones added by Windows DC
271 short_alias_file
="$BASEDIR/$WORKDIR/short_alias_file"
272 printf 'short_alias\0$' >$short_alias_file
273 cat >$BASEDIR/$WORKDIR/tmpldbmodify
<<EOF
274 dn: CN=$HOSTNAME,$computers_dn
276 add: msDS-AdditionalDnsHostName
277 msDS-AdditionalDnsHostName:< file://$short_alias_file
280 testit
"add binary msDS-AdditionalDnsHostName" $VALGRIND $ldbmodify -k yes -U$DC_USERNAME%$DC_PASSWORD -H ldap
://$SERVER.
$REALM $BASEDIR/$WORKDIR/tmpldbmodify || failed
=$
(expr $failed + 1)
282 testit_grep
"addl short alias" short_alias
$ldbsearch --show-binary -U$DC_USERNAME%$DC_PASSWORD -H ldap
://$SERVER.
$REALM --scope=base
-b "CN=$HOSTNAME,CN=Computers,$base_dn" msDS-AdditionalDnsHostName || failed
=$
(expr $failed + 1)
284 rm -f $BASEDIR/$WORKDIR/tmpldbmodify
$short_alias_file
286 dedicated_keytab_file
="$BASEDIR/$WORKDIR/test_dns_aliases_dedicated_krb5.keytab"
288 testit
"dns alias create_keytab" $VALGRIND $net_tool ads keytab create
--option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
290 testit_grep
"dns alias1 check keytab" "host/${dns_alias1}@$REALM" $net_tool ads keytab list
--option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
291 testit_grep
"dns alias2 check keytab" "host/${dns_alias2}@$REALM" $net_tool ads keytab list
--option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
292 testit_grep
"addl short check keytab" "host/short_alias@$REALM" $net_tool ads keytab list
--option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
294 rm -f $dedicated_keytab_file
297 testit
"leave" $VALGRIND $net_tool ads leave
-U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
299 # netbios aliases tests
300 testit
"join nb_alias" $VALGRIND $net_tool --option=netbiosaliases
=nb_alias1
,nb_alias2 ads
join -U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
302 testit
"testjoin nb_alias" $VALGRIND $net_tool ads testjoin || failed
=$
(expr $failed + 1)
304 testit_grep
"nb_alias check dNSHostName" $fqdn $VALGRIND $net_tool ads search
-P samaccountname
=$netbios\$ dNSHostName || failed
=$
(expr $failed + 1)
305 testit_grep
"nb_alias check main SPN" ${uc_netbios}.
${lc_realm} $VALGRIND $net_tool ads search
-P samaccountname
=$netbios\$ servicePrincipalName || failed
=$
(expr $failed + 1)
307 testit_grep
"nb_alias1 SPN" nb_alias1
$VALGRIND $net_tool ads search
-P samaccountname
=$netbios\$ servicePrincipalName || failed
=$
(expr $failed + 1)
308 testit_grep
"nb_alias2 SPN" nb_alias2
$VALGRIND $net_tool ads search
-P samaccountname
=$netbios\$ servicePrincipalName || failed
=$
(expr $failed + 1)
311 testit
"leave" $VALGRIND $net_tool ads leave
-U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
314 # Test createcomputer option of 'net ads join'
316 testit
"Create OU=Servers,$base_dn" $VALGRIND $ldbadd -U$DC_USERNAME%$DC_PASSWORD -H ldap
://$SERVER <<EOF
317 dn: OU=Servers,$base_dn
318 objectClass: organizationalUnit
321 testit
"join+createcomputer" $VALGRIND $net_tool ads
join -U$DC_USERNAME%$DC_PASSWORD createcomputer
=Servers || failed
=$
(expr $failed + 1)
323 testit
"ldb check for existence of machine account in OU=Servers" $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap
://$SERVER.
$REALM --scope=base
-b "cn=$HOSTNAME,OU=Servers,$base_dn" || failed
=$
(expr $failed + 1)
326 testit
"leave+createcomputer" $VALGRIND $net_tool ads leave
-U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
328 testit
"Remove OU=Servers" $VALGRIND $ldbdel -U$DC_USERNAME%$DC_PASSWORD -H ldap
://$SERVER "OU=Servers,$base_dn"
331 # Test createupn option of 'net ads join'
333 testit
"join+createupn" $VALGRIND $net_tool ads
join -U$DC_USERNAME%$DC_PASSWORD createupn
="host/test-$HOSTNAME@$REALM" || failed
=$
(expr $failed + 1)
335 testit_grep
"checkupn" "userPrincipalName: host/test-$HOSTNAME@$REALM" $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap
://$SERVER.
$REALM --scope=base
-b "CN=$HOSTNAME,CN=Computers,$base_dn" || failed
=$
(expr $failed + 1)
337 dedicated_keytab_file
="$BASEDIR/$WORKDIR/test_net_create_dedicated_krb5.keytab"
339 testit
"create_keytab" $VALGRIND $net_tool ads keytab create
--option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
341 testit_grep
"checkupn+keytab" "host/test-$HOSTNAME@$REALM" $net_tool ads keytab list
--option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
343 rm -f $dedicated_keytab_file
345 testit
"leave+createupn" $VALGRIND $net_tool ads leave
-U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
348 # Test dnshostname option of 'net ads join'
350 testit
"join+dnshostname" $VALGRIND $net_tool ads
join -U$DC_USERNAME%$DC_PASSWORD dnshostname
="alt.hostname.$HOSTNAME" || failed
=$
(expr $failed + 1)
352 testit_grep
"check dnshostname opt" "dNSHostName: alt.hostname.$HOSTNAME" $ldbsearch -U$DC_USERNAME%$DC_PASSWORD -H ldap
://$SERVER.
$REALM --scope=base
-b "CN=$HOSTNAME,CN=Computers,$base_dn" || failed
=$
(expr $failed + 1)
354 testit
"create_keytab+dnshostname" $VALGRIND $net_tool ads keytab create
--option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
356 testit_grep
"check dnshostname+keytab" "host/alt.hostname.$HOSTNAME@$REALM" $net_tool ads keytab list
--option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed
=$
(expr $failed + 1)
358 rm -f $dedicated_keytab_file
360 testit
"leave+dnshostname" $VALGRIND $net_tool ads leave
-U$DC_USERNAME%$DC_PASSWORD || failed
=$
(expr $failed + 1)
362 rm -rf $BASEDIR/$WORKDIR