From f3710320cef475ebac561882c8fdaf8e51c8b7c3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 20 May 2014 10:15:31 +1200 Subject: [PATCH] s4-winbind: Use winbindd in the AD DC by default (Including changes to knownfail to match the new winbindd in use in each environment) Change-Id: I9e08086eba98e95e05a99afef28315e2857aae56 Signed-off-by: Andrew Bartlett Reviewed-by: Kamen Mazdrashki Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Fri Jul 4 05:19:54 CEST 2014 on sn-devel-104 --- docs-xml/smbdotconf/base/serverservices.xml | 2 +- lib/param/loadparm.c | 2 +- selftest/knownfail | 43 +++++++---------------------- selftest/target/Samba4.pm | 17 ++++++------ source3/param/loadparm.c | 2 +- 5 files changed, 22 insertions(+), 44 deletions(-) diff --git a/docs-xml/smbdotconf/base/serverservices.xml b/docs-xml/smbdotconf/base/serverservices.xml index 677ae6ab765..e02e29d409c 100644 --- a/docs-xml/smbdotconf/base/serverservices.xml +++ b/docs-xml/smbdotconf/base/serverservices.xml @@ -13,6 +13,6 @@ -. -s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns +s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns -s3fs, +smb diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 5a0ef8824a1..c8f34e709d4 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2214,7 +2214,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, "max connections", "0"); lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver"); - lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns"); + lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns"); lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true"); /* the winbind method for domain controllers is for both RODC auth forwarding and for trusted domains */ diff --git a/selftest/knownfail b/selftest/knownfail index 48abca08f3e..624a5ae4bb8 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -247,18 +247,6 @@ ^samba.blackbox.wbinfo\(dc:local\).wbinfo -I against dc ^samba.blackbox.wbinfo\(dc:local\).wbinfo --trusted-domains against dc ^samba.blackbox.wbinfo\(dc:local\).wbinfo --all-domains against dc -^samba.blackbox.wbinfo\(s4member:local\).wbinfo -N against s4member -^samba.blackbox.wbinfo\(s4member:local\).wbinfo -I against s4member -^samba.blackbox.wbinfo\(s4member:local\).wbinfo --trusted-domains against s4member -^samba.blackbox.wbinfo\(s4member:local\).wbinfo --all-domains against s4member -^samba.blackbox.wbinfo\(rodc:local\).wbinfo -N against rodc -^samba.blackbox.wbinfo\(rodc:local\).wbinfo -I against rodc -^samba.blackbox.wbinfo\(rodc:local\).wbinfo --trusted-domains against rodc -^samba.blackbox.wbinfo\(rodc:local\).wbinfo --all-domains against rodc -^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -N against promoted_dc -^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -I against promoted_dc -^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --trusted-domains against promoted_dc -^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --all-domains against promoted_dc # # This makes less sense when not running against an AD DC # @@ -276,12 +264,17 @@ # # These do not work against winbindd in member mode for unknown reasons # +^samba4.winbind.struct.domain_info\(s4member:local\) +^samba4.winbind.struct.getdcname\(s4member:local\) +^samba4.winbind.struct.lookup_name_sid\(s4member:local\) +^samba.blackbox.wbinfo\(s4member:local\).wbinfo -r against s4member\(s4member:local\) +^samba.blackbox.wbinfo\(s4member:local\).wbinfo --user-sids against s4member\(s4member:local\) ^samba4.winbind.struct.getpwent\(plugin_s4_dc:local\) +^samba.wbinfo_simple.\(s4member:local\).--user-groups +^samba.nss.test using winbind\(s4member\) # # These just happen to fail for some reason (probably because they run against the s4 winbind) # -^samba4.winbind.pac.pac\(s4member:local\) -^samba4.winbind.struct.show_sequence\(s4member:local\) ^samba4.winbind.struct.getdcname\(s3member:local\) ^samba4.winbind.struct.lookup_name_sid\(s3member:local\) ^samba.wbinfo_simple.\(dc:local\).--all-domains.wbinfo\(dc:local\) @@ -291,28 +284,12 @@ ^samba.wbinfo_simple.\(dc:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(dc:local\) ^samba.wbinfo_simple.\(dc:local\).--change-secret --domain=SAMBADOMAIN.wbinfo\(dc:local\) ^samba.wbinfo_simple.\(dc:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(dc:local\) -^samba.wbinfo_simple.\(s4member:local\).--all-domains.wbinfo\(s4member:local\) -^samba.wbinfo_simple.\(s4member:local\).--trusted-domains.wbinfo\(s4member:local\) -^samba.wbinfo_simple.\(s4member:local\).--online-status.wbinfo\(s4member:local\) -^samba.wbinfo_simple.\(s4member:local\).--online-status --domain=BUILTIN.wbinfo\(s4member:local\) -^samba.wbinfo_simple.\(s4member:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(s4member:local\) -^samba.wbinfo_simple.\(s4member:local\).--change-secret --domain=SAMBADOMAIN.wbinfo\(s4member:local\) -^samba.blackbox.wbinfo\(dc:local\).wbinfo -N against dc\(dc:local\) ^samba.blackbox.wbinfo\(dc:local\).wbinfo -I against dc\(dc:local\) ^samba.blackbox.wbinfo\(dc:local\).wbinfo --trusted-domains against dc\(dc:local\) ^samba.blackbox.wbinfo\(dc:local\).wbinfo --all-domains against dc\(dc:local\) -^samba.blackbox.wbinfo\(s4member:local\).wbinfo -N against s4member\(s4member:local\) -^samba.blackbox.wbinfo\(s4member:local\).wbinfo -I against s4member\(s4member:local\) -^samba.blackbox.wbinfo\(s4member:local\).wbinfo --trusted-domains against s4member\(s4member:local\) -^samba.blackbox.wbinfo\(s4member:local\).wbinfo --all-domains against s4member\(s4member:local\) -^samba.blackbox.wbinfo\(rodc:local\).wbinfo -N against rodc\(rodc:local\) -^samba.blackbox.wbinfo\(rodc:local\).wbinfo -I against rodc\(rodc:local\) -^samba.blackbox.wbinfo\(rodc:local\).wbinfo --trusted-domains against rodc\(rodc:local\) -^samba.blackbox.wbinfo\(rodc:local\).wbinfo --all-domains against rodc\(rodc:local\) -^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -N against promoted_dc\(promoted_dc:local\) -^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -I against promoted_dc\(promoted_dc:local\) -^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --trusted-domains against promoted_dc\(promoted_dc:local\) -^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --all-domains against promoted_dc\(promoted_dc:local\) +# +# These do not work against winbindd in member mode for unknown reasons +# ^samba.blackbox.wbinfo\(s3member:local\).wbinfo -U against s3member\(s3member:local\) ^samba.blackbox.wbinfo\(s3member:local\).wbinfo -U check for sane mapping\(s3member:local\) ^samba.blackbox.wbinfo\(s3member:local\).wbinfo -G against s3member\(s3member:local\) diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 5548ce5d67e..412fbff6f00 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -1276,7 +1276,8 @@ sub provision_dc($$) my ($self, $prefix) = @_; print "PROVISIONING DC..."; - my $extra_conf_options = "netbios aliases = localDC1-a"; + my $extra_conf_options = "netbios aliases = localDC1-a + server services = +winbind -winbindd"; my $ret = $self->provision($prefix, "domain controller", "localdc", @@ -1328,8 +1329,7 @@ sub provision_fl2003dc($$) my ($self, $prefix) = @_; print "PROVISIONING DC..."; - my $extra_conf_options = "allow dns updates = nonsecure and secure - server services = +winbindd -winbind"; + my $extra_conf_options = "allow dns updates = nonsecure and secure"; my $ret = $self->provision($prefix, "domain controller", "dc6", @@ -1527,8 +1527,6 @@ sub provision_plugin_s4_dc($$) queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p lpq cache time = 0 print notify backchannel = yes - - server services = +winbindd -winbind "; my $extra_smbconf_shares = " @@ -1603,6 +1601,7 @@ sub provision_chgdcpass($$) print "PROVISIONING CHGDCPASS..."; my $extra_provision_options = undef; push (@{$extra_provision_options}, "--dns-backend=BIND9_DLZ"); + my $extra_conf_options = "server services = +winbind -winbindd"; my $ret = $self->provision($prefix, "domain controller", "chgdcpass", @@ -1610,7 +1609,7 @@ sub provision_chgdcpass($$) "chgdcpassword.samba.example.com", "2008", "chgDCpass1", - undef, "", "", + undef, $extra_conf_options, "", $extra_provision_options); return undef unless(defined $ret); @@ -1619,8 +1618,10 @@ sub provision_chgdcpass($$) return undef; } - # Remove secrets.tdb from this environment to test that we still start up - # on systems without the new matching secrets.tdb records + # Remove secrets.tdb from this environment to test that we + # still start up on systems without the new matching + # secrets.tdb records. For this reason we don't run winbindd + # in this environment unless (unlink("$ret->{PRIVATEDIR}/secrets.tdb") || unlink("$ret->{PRIVATEDIR}/secrets.ntdb")) { warn("Unable to remove $ret->{PRIVATEDIR}/secrets.tdb added during provision"); return undef; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 4814d25e6d2..6e64482ee3e 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -969,7 +969,7 @@ static void init_globals(bool reinit_globals) string_set(Globals.ctx, &Globals.ncalrpc_dir, get_dyn_NCALRPCDIR()); - Globals.server_services = (const char **)str_list_make_v3(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns", NULL); + Globals.server_services = (const char **)str_list_make_v3(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL); Globals.dcerpc_endpoint_servers = (const char **)str_list_make_v3(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL); -- 2.11.4.GIT