search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:net registry: fix violation of coding conventions
[Samba/bb.git] / wintest / test-s4-howto.py
blobfdbb18196c89601f4b7bb5b8f9df0d679873caae
1 #!/usr/bin/env python
2
3 '''automated testing of the steps of the Samba4 HOWTO'''
4
5 import sys, os
6 import wintest, pexpect, time, subprocess
7
8 def set_krb5_conf(t):
9 t.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf')
10
11 def build_s4(t):
12 '''build samba4'''
13 t.info('Building s4')
14 t.chdir('${SOURCETREE}')
15 t.putenv('CC', 'ccache gcc')
16 t.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C')
17 t.run_cmd('make -j')
18 t.run_cmd('rm -rf ${PREFIX}')
19 t.run_cmd('make -j install')
20
21
22 def provision_s4(t, func_level="2008"):
23 '''provision s4 as a DC'''
24 t.info('Provisioning s4')
25 t.chdir('${PREFIX}')
26 t.del_files(["var", "private"])
27 t.run_cmd("rm -f etc/smb.conf")
28 provision=['sbin/provision',
29 '--realm=${LCREALM}',
30 '--domain=${DOMAIN}',
31 '--adminpass=${PASSWORD1}',
32 '--server-role=domain controller',
33 '--function-level=%s' % func_level,
34 '-d${DEBUGLEVEL}',
35 '--option=interfaces=${INTERFACE}',
36 '--host-ip=${INTERFACE_IP}',
37 '--option=bind interfaces only=yes',
38 '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf',
39 '${USE_NTVFS}',
40 '--dns-backend=${NAMESERVER_BACKEND}',
41 '${ALLOW_DNS_UPDATES}',
42 '${DNS_RECURSIVE_QUERIES}',
43 '${DNS_FORWARDER}']
44 if t.getvar('INTERFACE_IPV6'):
45 provision.append('--host-ip6=${INTERFACE_IPV6}')
46 t.run_cmd(provision)
47 t.run_cmd('bin/samba-tool user add testallowed ${PASSWORD1}')
48 t.run_cmd('bin/samba-tool user add testdenied ${PASSWORD1}')
49 t.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed')
50
51
52 def start_s4(t):
53 '''startup samba4'''
54 t.info('Starting Samba4')
55 t.chdir("${PREFIX}")
56 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
57 t.run_cmd(['sbin/samba',
58 '--option', 'panic action=gnome-terminal -e "gdb --pid %d"'])
59 t.port_wait("${INTERFACE_IP}", 139)
60
61 def test_smbclient(t):
62 '''test smbclient against localhost'''
63 t.info('Testing smbclient')
64 smbclient = t.getvar("smbclient")
65 t.chdir('${PREFIX}')
66 t.cmd_contains("%s --version" % (smbclient), ["Version 4.0"])
67 t.retry_cmd('%s -L ${INTERFACE_IP} -U%%' % (smbclient), ["netlogon", "sysvol", "IPC Service"])
68 child = t.pexpect_spawn('%s //${INTERFACE_IP}/netlogon -Uadministrator%%${PASSWORD1}' % (smbclient))
69 child.expect("smb:")
70 child.sendline("dir")
71 child.expect("blocks available")
72 child.sendline("mkdir testdir")
73 child.expect("smb:")
74 child.sendline("cd testdir")
75 child.expect('testdir')
76 child.sendline("cd ..")
77 child.sendline("rmdir testdir")
78
79
80 def create_shares(t):
81 '''create some test shares'''
82 t.info("Adding test shares")
83 t.chdir('${PREFIX}')
84 t.write_file("etc/smb.conf", '''
85 [test]
86 path = ${PREFIX}/test
87 read only = no
88 [profiles]
89 path = ${PREFIX}/var/profiles
90 read only = no
91 ''',
92 mode='a')
93 t.run_cmd("mkdir -p test")
94 t.run_cmd("mkdir -p var/profiles")
95
96
97 def test_dns(t):
98 '''test that DNS is OK'''
99 t.info("Testing DNS")
100 t.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
101 ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
102 t.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.",
103 ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
104 t.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
105 ['${HOSTNAME}.${LCREALM} has address'])
106
107 def test_kerberos(t):
108 '''test that kerberos is OK'''
109 t.info("Testing kerberos")
110 t.run_cmd("kdestroy")
111 t.kinit("administrator@${REALM}", "${PASSWORD1}")
112 # this copes with the differences between MIT and Heimdal klist
113 t.cmd_contains("klist", ["rincipal", "administrator@${REALM}"])
114
115
116 def test_dyndns(t):
117 '''test that dynamic DNS is working'''
118 t.chdir('${PREFIX}')
119 t.run_cmd("sbin/samba_dnsupdate --fail-immediately")
120 if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
121 t.rndc_cmd("flush")
122
123
124 def run_winjoin(t, vm):
125 '''join a windows box to our domain'''
126 t.setwinvars(vm)
127
128 t.run_winjoin(t, "${LCREALM}")
129
130 def test_winjoin(t, vm):
131 t.info("Checking the windows join is OK")
132 smbclient = t.getvar("smbclient")
133 t.chdir('${PREFIX}')
134 t.port_wait("${WIN_IP}", 139)
135 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"], retries=100)
136 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
137 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
138 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
139 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
140 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}")
141 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
142 child.expect("The command completed successfully")
143
144
145 def run_dcpromo(t, vm):
146 '''run a dcpromo on windows'''
147 t.setwinvars(vm)
148
149 t.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo")
150 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True, set_noexpire=True)
151 child.sendline("copy /Y con answers.txt")
152 child.sendline('''
153 [DCINSTALL]
154 RebootOnSuccess=Yes
155 RebootOnCompletion=Yes
156 ReplicaOrNewDomain=Replica
157 ReplicaDomainDNSName=${LCREALM}
158 SiteName=Default-First-Site-Name
159 InstallDNS=No
160 ConfirmGc=Yes
161 CreateDNSDelegation=No
162 UserDomain=${LCREALM}
163 UserName=${LCREALM}\\administrator
164 Password=${PASSWORD1}
165 DatabasePath="C:\Windows\NTDS"
166 LogPath="C:\Windows\NTDS"
167 SYSVOLPath="C:\Windows\SYSVOL"
168 SafeModeAdminPassword=${PASSWORD1}
169 \x1a
170 ''')
171 child.expect("copied.")
172 child.expect("C:")
173 child.expect("C:")
174 child.sendline("dcpromo /answer:answers.txt")
175 i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout=120)
176 if i == 1 or i == 2:
177 child.sendline("echo off")
178 child.sendline("echo START DCPROMO log")
179 child.sendline("more c:\windows\debug\dcpromoui.log")
180 child.sendline("echo END DCPROMO log")
181 child.expect("END DCPROMO")
182 raise Exception("dcpromo failed")
183 t.wait_reboot()
184
185
186 def test_dcpromo(t, vm):
187 '''test that dcpromo worked'''
188 t.info("Checking the dcpromo join is OK")
189 smbclient = t.getvar("smbclient")
190 t.chdir('${PREFIX}')
191 t.port_wait("${WIN_IP}", 139)
192 t.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${INTERFACE_IP}",
193 ['${WIN_HOSTNAME}.${LCREALM} has address'],
194 retries=30, delay=10, casefold=True)
195 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
196 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
197 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
198
199 t.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
200 t.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
201
202 t.kinit("administrator@${REALM}", "${PASSWORD1}")
203
204 # the first replication will transfer the dnsHostname attribute
205 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"])
206
207 for nc in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
208 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
209 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
210
211 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
212 [ "INBOUND NEIGHBORS",
213 "${BASEDN}",
214 "Last attempt .* was successful",
215 "CN=Configuration,${BASEDN}",
216 "Last attempt .* was successful",
217 "CN=Configuration,${BASEDN}", # cope with either order
218 "Last attempt .* was successful",
219 "OUTBOUND NEIGHBORS",
220 "${BASEDN}",
221 "Last success",
222 "CN=Configuration,${BASEDN}",
223 "Last success",
224 "CN=Configuration,${BASEDN}",
225 "Last success"],
226 ordered=True,
227 regex=True)
228
229 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
230 [ "INBOUND NEIGHBORS",
231 "${BASEDN}",
232 "Last attempt .* was successful",
233 "CN=Configuration,${BASEDN}",
234 "Last attempt .* was successful",
235 "CN=Configuration,${BASEDN}",
236 "Last attempt .* was successful",
237 "OUTBOUND NEIGHBORS",
238 "${BASEDN}",
239 "Last success",
240 "CN=Configuration,${BASEDN}",
241 "Last success",
242 "CN=Configuration,${BASEDN}",
243 "Last success" ],
244 ordered=True,
245 regex=True)
246
247 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
248 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
249
250 retries = 10
251 i = child.expect(["The command completed successfully", "The network path was not found"])
252 while i == 1 and retries > 0:
253 child.expect("C:")
254 time.sleep(2)
255 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
256 i = child.expect(["The command completed successfully", "The network path was not found"])
257 retries -=1
258
259 t.run_net_time(child)
260
261 t.info("Checking if showrepl is happy")
262 child.sendline("repadmin /showrepl")
263 child.expect("${BASEDN}")
264 child.expect("was successful")
265 child.expect("CN=Configuration,${BASEDN}")
266 child.expect("was successful")
267 child.expect("CN=Schema,CN=Configuration,${BASEDN}")
268 child.expect("was successful")
269
270 t.info("Checking if new users propogate to windows")
271 t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
272 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
273 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
274
275 t.info("Checking if new users on windows propogate to samba")
276 child.sendline("net user test3 ${PASSWORD3} /add")
277 while True:
278 i = child.expect(["The command completed successfully",
279 "The directory service was unable to allocate a relative identifier"])
280 if i == 0:
281 break
282 time.sleep(2)
283
284 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
285 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
286
287 t.info("Checking propogation of user deletion")
288 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
289 child.sendline("net user test3 /del")
290 child.expect("The command completed successfully")
291
292 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
293 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
294 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
295 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
296 t.vm_poweroff("${WIN_VM}")
297
298
299 def run_dcpromo_rodc(t, vm):
300 '''run a RODC dcpromo to join a windows DC to the samba domain'''
301 t.setwinvars(vm)
302 t.info("Joining a w2k8 box to the domain as a RODC")
303 t.vm_poweroff("${WIN_VM}", checkfail=False)
304 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
305 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True)
306 child.sendline("copy /Y con answers.txt")
307 child.sendline('''
308 [DCInstall]
309 ReplicaOrNewDomain=ReadOnlyReplica
310 ReplicaDomainDNSName=${LCREALM}
311 PasswordReplicationDenied="BUILTIN\Administrators"
312 PasswordReplicationDenied="BUILTIN\Server Operators"
313 PasswordReplicationDenied="BUILTIN\Backup Operators"
314 PasswordReplicationDenied="BUILTIN\Account Operators"
315 PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group"
316 PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group"
317 DelegatedAdmin="${DOMAIN}\\Administrator"
318 SiteName=Default-First-Site-Name
319 InstallDNS=No
320 ConfirmGc=Yes
321 CreateDNSDelegation=No
322 UserDomain=${LCREALM}
323 UserName=${LCREALM}\\administrator
324 Password=${PASSWORD1}
325 DatabasePath="C:\Windows\NTDS"
326 LogPath="C:\Windows\NTDS"
327 SYSVOLPath="C:\Windows\SYSVOL"
328 SafeModeAdminPassword=${PASSWORD1}
329 RebootOnCompletion=No
330 \x1a
331 ''')
332 child.expect("copied.")
333 child.sendline("dcpromo /answer:answers.txt")
334 i = child.expect(["You must restart this computer", "failed", "could not be located in this domain"], timeout=120)
335 if i != 0:
336 child.sendline("echo off")
337 child.sendline("echo START DCPROMO log")
338 child.sendline("more c:\windows\debug\dcpromoui.log")
339 child.sendline("echo END DCPROMO log")
340 child.expect("END DCPROMO")
341 raise Exception("dcpromo failed")
342 child.sendline("shutdown -r -t 0")
343 t.wait_reboot()
344
345
346
347 def test_dcpromo_rodc(t, vm):
348 '''test the RODC dcpromo worked'''
349 t.info("Checking the w2k8 RODC join is OK")
350 smbclient = t.getvar("smbclient")
351 t.chdir('${PREFIX}')
352 t.port_wait("${WIN_IP}", 139)
353 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
354 child.sendline("ipconfig /registerdns")
355 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
356 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
357 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
358 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
359 child.expect("The command completed successfully")
360
361 t.info("Checking if showrepl is happy")
362 child.sendline("repadmin /showrepl")
363 child.expect("${BASEDN}")
364 child.expect("was successful")
365 child.expect("CN=Configuration,${BASEDN}")
366 child.expect("was successful")
367 child.expect("CN=Configuration,${BASEDN}")
368 child.expect("was successful")
369
370 for nc in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
371 t.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc, ["was successful"])
372
373 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}",
374 [ "INBOUND NEIGHBORS",
375 "OUTBOUND NEIGHBORS",
376 "${BASEDN}",
377 "Last attempt.*was successful",
378 "CN=Configuration,${BASEDN}",
379 "Last attempt.*was successful",
380 "CN=Configuration,${BASEDN}",
381 "Last attempt.*was successful" ],
382 ordered=True,
383 regex=True)
384
385 t.info("Checking if new users are available on windows")
386 t.run_cmd('bin/samba-tool user add test2 ${PASSWORD2}')
387 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
388 t.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN}", ["was successful"])
389 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
390 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
391 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
392 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
393 t.vm_poweroff("${WIN_VM}")
394
395
396 def prep_join_as_dc(t, vm):
397 '''start VM and shutdown Samba in preperation to join a windows domain as a DC'''
398 t.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool domain join DC")
399 t.chdir('${PREFIX}')
400 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
401 if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
402 t.rndc_cmd('flush')
403 t.run_cmd("rm -rf etc/smb.conf private")
404 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
405 t.get_ipconfig(child)
406
407 def join_as_dc(t, vm):
408 '''join a windows domain as a DC'''
409 t.setwinvars(vm)
410 t.info("Joining ${WIN_VM} as a second DC using samba-tool domain join DC")
411 t.port_wait("${WIN_IP}", 389)
412 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
413
414 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
415 t.run_cmd('bin/samba-tool domain join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
416 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
417
418
419 def test_join_as_dc(t, vm):
420 '''test the join of a windows domain as a DC'''
421 t.info("Checking the DC join is OK")
422 smbclient = t.getvar("smbclient")
423 t.chdir('${PREFIX}')
424 t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
425 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
426 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
427
428 t.info("Forcing kcc runs, and replication")
429 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
430 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
431
432 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
433 for nc in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
434 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
435 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
436
437 child.sendline("ipconfig /flushdns")
438 child.expect("Successfully flushed")
439
440 retries = 10
441 i = 1
442 while i == 1 and retries > 0:
443 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
444 i = child.expect(["The command completed successfully", "The network path was not found"])
445 child.expect("C:")
446 if i == 1:
447 time.sleep(2)
448 retries -=1
449
450 t.info("Checking if showrepl is happy")
451 child.sendline("repadmin /showrepl")
452 child.expect("${WIN_BASEDN}")
453 child.expect("was successful")
454 child.expect("CN=Configuration,${WIN_BASEDN}")
455 child.expect("was successful")
456 child.expect("CN=Configuration,${WIN_BASEDN}")
457 child.expect("was successful")
458
459 t.info("Checking if new users propogate to windows")
460 t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
461 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
462 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
463
464 t.info("Checking if new users on windows propogate to samba")
465 child.sendline("net user test3 ${PASSWORD3} /add")
466 child.expect("The command completed successfully")
467 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
468 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
469
470 t.info("Checking propogation of user deletion")
471 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}')
472 child.sendline("net user test3 /del")
473 child.expect("The command completed successfully")
474
475 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
476 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
477 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
478 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
479
480 t.run_cmd('bin/samba-tool domain demote -Uadministrator@${WIN_REALM}%${WIN_PASS}')
481
482 t.vm_poweroff("${WIN_VM}")
483
484
485 def join_as_rodc(t, vm):
486 '''join a windows domain as a RODC'''
487 t.setwinvars(vm)
488 t.info("Joining ${WIN_VM} as a RODC using samba-tool domain join DC")
489 t.port_wait("${WIN_IP}", 389)
490 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
491 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
492 t.run_cmd('bin/samba-tool domain join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
493 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
494
495
496 def test_join_as_rodc(t, vm):
497 '''test a windows domain RODC join'''
498 t.info("Checking the RODC join is OK")
499 smbclient = t.getvar("smbclient")
500 t.chdir('${PREFIX}')
501 t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
502 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
503 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
504
505 t.info("Forcing kcc runs, and replication")
506 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
507 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
508
509 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
510 for nc in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
511 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
512
513 retries = 10
514 i = 1
515 while i == 1 and retries > 0:
516 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
517 i = child.expect(["The command completed successfully", "The network path was not found"])
518 child.expect("C:")
519 if i == 1:
520 time.sleep(2)
521 retries -=1
522
523 t.info("Checking if showrepl is happy")
524 child.sendline("repadmin /showrepl")
525 child.expect("DSA invocationID")
526
527 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
528 [ "INBOUND NEIGHBORS",
529 "OUTBOUND NEIGHBORS",
530 "${WIN_BASEDN}",
531 "Last attempt .* was successful",
532 "CN=Configuration,${WIN_BASEDN}",
533 "Last attempt .* was successful",
534 "CN=Configuration,${WIN_BASEDN}",
535 "Last attempt .* was successful" ],
536 ordered=True,
537 regex=True)
538
539 t.info("Checking if new users on windows propogate to samba")
540 child.sendline("net user test3 ${PASSWORD3} /add")
541 child.expect("The command completed successfully")
542 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
543 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
544
545 # should this work?
546 t.info("Checking if new users propogate to windows")
547 t.cmd_contains('bin/samba-tool user add test2 ${PASSWORD2}', ['No RID Set DN'])
548
549 t.info("Checking propogation of user deletion")
550 child.sendline("net user test3 /del")
551 child.expect("The command completed successfully")
552
553 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
554 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
555 t.vm_poweroff("${WIN_VM}")
556
557
558 def test_howto(t):
559 '''test the Samba4 howto'''
560
561 t.setvar("SAMBA_VERSION", "Version 4")
562 t.setvar("smbclient", "bin/smbclient4")
563 t.check_prerequesites()
564
565 # we don't need fsync safety in these tests
566 t.putenv('TDB_NO_FSYNC', '1')
567
568 if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
569 if not t.skip("configure_bind"):
570 t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
571 if not t.skip("stop_bind"):
572 t.stop_bind()
573
574 if not t.skip("stop_vms"):
575 t.stop_vms()
576
577 if not t.skip("build"):
578 build_s4(t)
579
580 if not t.skip("provision"):
581 provision_s4(t)
582
583 set_krb5_conf(t)
584
585 if not t.skip("create-shares"):
586 create_shares(t)
587
588 if not t.skip("starts4"):
589 start_s4(t)
590 if not t.skip("smbclient"):
591 test_smbclient(t)
592
593 t.set_nameserver(t.getvar('INTERFACE_IP'))
594
595 if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
596 if not t.skip("configure_bind2"):
597 t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
598 if not t.skip("start_bind"):
599 t.start_bind()
600
601 if not t.skip("dns"):
602 test_dns(t)
603 if not t.skip("kerberos"):
604 test_kerberos(t)
605 if not t.skip("dyndns"):
606 test_dyndns(t)
607
608 if t.have_vm('WINDOWS7') and not t.skip("windows7"):
609 t.start_winvm("WINDOWS7")
610 t.test_remote_smbclient("WINDOWS7")
611 run_winjoin(t, "WINDOWS7")
612 test_winjoin(t, "WINDOWS7")
613 t.vm_poweroff("${WIN_VM}")
614
615 if t.have_vm('WINXP') and not t.skip("winxp"):
616 t.start_winvm("WINXP")
617 run_winjoin(t, "WINXP")
618 test_winjoin(t, "WINXP")
619 t.test_remote_smbclient("WINXP", "administrator", "${PASSWORD1}")
620 t.vm_poweroff("${WIN_VM}")
621
622 if t.have_vm('W2K3C') and not t.skip("win2k3_member"):
623 t.start_winvm("W2K3C")
624 run_winjoin(t, "W2K3C")
625 test_winjoin(t, "W2K3C")
626 t.test_remote_smbclient("W2K3C", "administrator", "${PASSWORD1}")
627 t.vm_poweroff("${WIN_VM}")
628
629 if t.have_vm('W2K8R2C') and not t.skip("dcpromo_rodc"):
630 t.info("Testing w2k8r2 RODC dcpromo")
631 t.start_winvm("W2K8R2C")
632 t.test_remote_smbclient('W2K8R2C')
633 run_dcpromo_rodc(t, "W2K8R2C")
634 test_dcpromo_rodc(t, "W2K8R2C")
635
636 if t.have_vm('W2K8R2B') and not t.skip("dcpromo_w2k8r2"):
637 t.info("Testing w2k8r2 dcpromo")
638 t.start_winvm("W2K8R2B")
639 t.test_remote_smbclient('W2K8R2B')
640 run_dcpromo(t, "W2K8R2B")
641 test_dcpromo(t, "W2K8R2B")
642
643 if t.have_vm('W2K8B') and not t.skip("dcpromo_w2k8"):
644 t.info("Testing w2k8 dcpromo")
645 t.start_winvm("W2K8B")
646 t.test_remote_smbclient('W2K8B')
647 run_dcpromo(t, "W2K8B")
648 test_dcpromo(t, "W2K8B")
649
650 if t.have_vm('W2K3B') and not t.skip("dcpromo_w2k3"):
651 t.info("Testing w2k3 dcpromo")
652 t.info("Changing to 2003 functional level")
653 provision_s4(t, func_level='2003')
654 create_shares(t)
655 start_s4(t)
656 test_smbclient(t)
657 t.restart_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
658 test_dns(t)
659 test_kerberos(t)
660 test_dyndns(t)
661 t.start_winvm("W2K3B")
662 t.test_remote_smbclient('W2K3B')
663 run_dcpromo(t, "W2K3B")
664 test_dcpromo(t, "W2K3B")
665
666 if t.have_vm('W2K8R2A') and not t.skip("join_w2k8r2"):
667 t.start_winvm("W2K8R2A")
668 prep_join_as_dc(t, "W2K8R2A")
669 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
670 join_as_dc(t, "W2K8R2A")
671 create_shares(t)
672 start_s4(t)
673 test_dyndns(t)
674 test_join_as_dc(t, "W2K8R2A")
675
676 if t.have_vm('W2K8R2A') and not t.skip("join_rodc"):
677 t.start_winvm("W2K8R2A")
678 prep_join_as_dc(t, "W2K8R2A")
679 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
680 join_as_rodc(t, "W2K8R2A")
681 create_shares(t)
682 start_s4(t)
683 test_dyndns(t)
684 test_join_as_rodc(t, "W2K8R2A")
685
686 if t.have_vm('W2K3A') and not t.skip("join_w2k3"):
687 t.start_winvm("W2K3A")
688 prep_join_as_dc(t, "W2K3A")
689 t.run_dcpromo_as_first_dc("W2K3A", func_level='2003')
690 join_as_dc(t, "W2K3A")
691 create_shares(t)
692 start_s4(t)
693 test_dyndns(t)
694 test_join_as_dc(t, "W2K3A")
695
696 t.info("Howto test: All OK")
697
698
699 def test_cleanup(t):
700 '''cleanup after tests'''
701 t.info("Cleaning up ...")
702 t.restore_resolv_conf()
703 if getattr(t, 'bind_child', False):
704 t.bind_child.kill()
705
706
707 if __name__ == '__main__':
708 t = wintest.wintest()
709
710 t.setup("test-s4-howto.py", "source4")
711
712 try:
713 test_howto(t)
714 except:
715 if not t.opts.nocleanup:
716 test_cleanup(t)
717 raise
718
719 if not t.opts.nocleanup:
720 test_cleanup(t)
721 t.info("S4 howto test: All OK")