3 '''automated testing of the steps of the Samba4 HOWTO'''
6 import wintest
, pexpect
, time
, subprocess
9 t
.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf')
14 t
.chdir('${SOURCETREE}')
15 t
.putenv('CC', 'ccache gcc')
16 t
.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C')
18 t
.run_cmd('rm -rf ${PREFIX}')
19 t
.run_cmd('make -j install')
22 def provision_s4(t
, func_level
="2008"):
23 '''provision s4 as a DC'''
24 t
.info('Provisioning s4')
26 t
.del_files(["var", "private"])
27 t
.run_cmd("rm -f etc/smb.conf")
28 provision
=['sbin/provision',
31 '--adminpass=${PASSWORD1}',
32 '--server-role=domain controller',
33 '--function-level=%s' % func_level
,
35 '--option=interfaces=${INTERFACE}',
36 '--host-ip=${INTERFACE_IP}',
37 '--option=bind interfaces only=yes',
38 '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf',
40 if t
.getvar('INTERFACE_IPV6'):
41 provision
.append('--host-ip6=${INTERFACE_IPV6}')
43 t
.run_cmd('bin/samba-tool user add testallowed ${PASSWORD1}')
44 t
.run_cmd('bin/samba-tool user add testdenied ${PASSWORD1}')
45 t
.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed')
50 t
.info('Starting Samba4')
52 t
.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail
=False)
53 t
.run_cmd(['sbin/samba',
54 '--option', 'panic action=gnome-terminal -e "gdb --pid %d"'])
55 t
.port_wait("${INTERFACE_IP}", 139)
57 def test_smbclient(t
):
58 '''test smbclient against localhost'''
59 t
.info('Testing smbclient')
60 smbclient
= t
.getvar("smbclient")
62 t
.cmd_contains("%s --version" % (smbclient
), ["Version 4.0"])
63 t
.retry_cmd('%s -L ${INTERFACE_IP} -U%%' % (smbclient
), ["netlogon", "sysvol", "IPC Service"])
64 child
= t
.pexpect_spawn('%s //${INTERFACE_IP}/netlogon -Uadministrator%%${PASSWORD1}' % (smbclient
))
67 child
.expect("blocks available")
68 child
.sendline("mkdir testdir")
70 child
.sendline("cd testdir")
71 child
.expect('testdir')
72 child
.sendline("cd ..")
73 child
.sendline("rmdir testdir")
77 '''create some test shares'''
78 t
.info("Adding test shares")
80 t
.write_file("etc/smb.conf", '''
85 path = ${PREFIX}/var/profiles
89 t
.run_cmd("mkdir -p test")
90 t
.run_cmd("mkdir -p var/profiles")
94 '''test that DNS is OK'''
96 t
.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
97 ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
98 t
.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.",
99 ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
100 t
.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
101 ['${HOSTNAME}.${LCREALM} has address'])
103 def test_kerberos(t
):
104 '''test that kerberos is OK'''
105 t
.info("Testing kerberos")
106 t
.run_cmd("kdestroy")
107 t
.kinit("administrator@${REALM}", "${PASSWORD1}")
108 # this copes with the differences between MIT and Heimdal klist
109 t
.cmd_contains("klist", ["rincipal", "administrator@${REALM}"])
113 '''test that dynamic DNS is working'''
115 t
.run_cmd("sbin/samba_dnsupdate --fail-immediately")
119 def run_winjoin(t
, vm
):
120 '''join a windows box to our domain'''
123 t
.run_winjoin(t
, "${LCREALM}")
125 def test_winjoin(t
, vm
):
126 t
.info("Checking the windows join is OK")
127 smbclient
= t
.getvar("smbclient")
129 t
.port_wait("${WIN_IP}", 139)
130 t
.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"], retries
=100)
131 t
.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
132 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
133 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
134 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
135 child
= t
.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}")
136 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
137 child
.expect("The command completed successfully")
140 def run_dcpromo(t
, vm
):
141 '''run a dcpromo on windows'''
144 t
.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo")
145 child
= t
.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip
=True, set_noexpire
=True)
146 child
.sendline("copy /Y con answers.txt")
150 RebootOnCompletion=Yes
151 ReplicaOrNewDomain=Replica
152 ReplicaDomainDNSName=${LCREALM}
153 SiteName=Default-First-Site-Name
156 CreateDNSDelegation=No
157 UserDomain=${LCREALM}
158 UserName=${LCREALM}\\administrator
159 Password=${PASSWORD1}
160 DatabasePath="C:\Windows\NTDS"
161 LogPath="C:\Windows\NTDS"
162 SYSVOLPath="C:\Windows\SYSVOL"
163 SafeModeAdminPassword=${PASSWORD1}
166 child
.expect("copied.")
169 child
.sendline("dcpromo /answer:answers.txt")
170 i
= child
.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout
=120)
172 child
.sendline("echo off")
173 child
.sendline("echo START DCPROMO log")
174 child
.sendline("more c:\windows\debug\dcpromoui.log")
175 child
.sendline("echo END DCPROMO log")
176 child
.expect("END DCPROMO")
177 raise Exception("dcpromo failed")
181 def test_dcpromo(t
, vm
):
182 '''test that dcpromo worked'''
183 t
.info("Checking the dcpromo join is OK")
184 smbclient
= t
.getvar("smbclient")
186 t
.port_wait("${WIN_IP}", 139)
187 t
.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${INTERFACE_IP}",
188 ['${WIN_HOSTNAME}.${LCREALM} has address'],
189 retries
=30, delay
=10, casefold
=True)
190 t
.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
191 t
.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
192 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
194 t
.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
195 t
.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
197 t
.kinit("administrator@${REALM}", "${PASSWORD1}")
199 # the first replication will transfer the dnsHostname attribute
200 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"])
202 for nc
in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
203 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc
, ["was successful"])
204 t
.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc
, ["was successful"])
206 t
.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
207 [ "INBOUND NEIGHBORS",
209 "Last attempt .* was successful",
210 "CN=Configuration,${BASEDN}",
211 "Last attempt .* was successful",
212 "CN=Configuration,${BASEDN}", # cope with either order
213 "Last attempt .* was successful",
214 "OUTBOUND NEIGHBORS",
217 "CN=Configuration,${BASEDN}",
219 "CN=Configuration,${BASEDN}",
224 t
.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
225 [ "INBOUND NEIGHBORS",
227 "Last attempt .* was successful",
228 "CN=Configuration,${BASEDN}",
229 "Last attempt .* was successful",
230 "CN=Configuration,${BASEDN}",
231 "Last attempt .* was successful",
232 "OUTBOUND NEIGHBORS",
235 "CN=Configuration,${BASEDN}",
237 "CN=Configuration,${BASEDN}",
242 child
= t
.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time
=True)
243 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
246 i
= child
.expect(["The command completed successfully", "The network path was not found"])
247 while i
== 1 and retries
> 0:
250 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
251 i
= child
.expect(["The command completed successfully", "The network path was not found"])
254 t
.run_net_time(child
)
256 t
.info("Checking if showrepl is happy")
257 child
.sendline("repadmin /showrepl")
258 child
.expect("${BASEDN}")
259 child
.expect("was successful")
260 child
.expect("CN=Configuration,${BASEDN}")
261 child
.expect("was successful")
262 child
.expect("CN=Schema,CN=Configuration,${BASEDN}")
263 child
.expect("was successful")
265 t
.info("Checking if new users propogate to windows")
266 t
.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
267 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['Sharename', 'Remote IPC'])
268 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['Sharename', 'Remote IPC'])
270 t
.info("Checking if new users on windows propogate to samba")
271 child
.sendline("net user test3 ${PASSWORD3} /add")
273 i
= child
.expect(["The command completed successfully",
274 "The directory service was unable to allocate a relative identifier"])
279 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['Sharename', 'IPC'])
280 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['Sharename', 'IPC'])
282 t
.info("Checking propogation of user deletion")
283 t
.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
284 child
.sendline("net user test3 /del")
285 child
.expect("The command completed successfully")
287 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['LOGON_FAILURE'])
288 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['LOGON_FAILURE'])
289 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['LOGON_FAILURE'])
290 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['LOGON_FAILURE'])
291 t
.vm_poweroff("${WIN_VM}")
294 def run_dcpromo_rodc(t
, vm
):
295 '''run a RODC dcpromo to join a windows DC to the samba domain'''
297 t
.info("Joining a w2k8 box to the domain as a RODC")
298 t
.vm_poweroff("${WIN_VM}", checkfail
=False)
299 t
.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
300 child
= t
.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip
=True)
301 child
.sendline("copy /Y con answers.txt")
304 ReplicaOrNewDomain=ReadOnlyReplica
305 ReplicaDomainDNSName=${LCREALM}
306 PasswordReplicationDenied="BUILTIN\Administrators"
307 PasswordReplicationDenied="BUILTIN\Server Operators"
308 PasswordReplicationDenied="BUILTIN\Backup Operators"
309 PasswordReplicationDenied="BUILTIN\Account Operators"
310 PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group"
311 PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group"
312 DelegatedAdmin="${DOMAIN}\\Administrator"
313 SiteName=Default-First-Site-Name
316 CreateDNSDelegation=No
317 UserDomain=${LCREALM}
318 UserName=${LCREALM}\\administrator
319 Password=${PASSWORD1}
320 DatabasePath="C:\Windows\NTDS"
321 LogPath="C:\Windows\NTDS"
322 SYSVOLPath="C:\Windows\SYSVOL"
323 SafeModeAdminPassword=${PASSWORD1}
324 RebootOnCompletion=No
327 child
.expect("copied.")
328 child
.sendline("dcpromo /answer:answers.txt")
329 i
= child
.expect(["You must restart this computer", "failed", "could not be located in this domain"], timeout
=120)
331 child
.sendline("echo off")
332 child
.sendline("echo START DCPROMO log")
333 child
.sendline("more c:\windows\debug\dcpromoui.log")
334 child
.sendline("echo END DCPROMO log")
335 child
.expect("END DCPROMO")
336 raise Exception("dcpromo failed")
337 child
.sendline("shutdown -r -t 0")
342 def test_dcpromo_rodc(t
, vm
):
343 '''test the RODC dcpromo worked'''
344 t
.info("Checking the w2k8 RODC join is OK")
345 smbclient
= t
.getvar("smbclient")
347 t
.port_wait("${WIN_IP}", 139)
348 child
= t
.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time
=True)
349 child
.sendline("ipconfig /registerdns")
350 t
.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
351 t
.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
352 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
353 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
354 child
.expect("The command completed successfully")
356 t
.info("Checking if showrepl is happy")
357 child
.sendline("repadmin /showrepl")
358 child
.expect("${BASEDN}")
359 child
.expect("was successful")
360 child
.expect("CN=Configuration,${BASEDN}")
361 child
.expect("was successful")
362 child
.expect("CN=Configuration,${BASEDN}")
363 child
.expect("was successful")
365 for nc
in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
366 t
.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc
, ["was successful"])
368 t
.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}",
369 [ "INBOUND NEIGHBORS",
370 "OUTBOUND NEIGHBORS",
372 "Last attempt.*was successful",
373 "CN=Configuration,${BASEDN}",
374 "Last attempt.*was successful",
375 "CN=Configuration,${BASEDN}",
376 "Last attempt.*was successful" ],
380 t
.info("Checking if new users are available on windows")
381 t
.run_cmd('bin/samba-tool user add test2 ${PASSWORD2}')
382 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['Sharename', 'Remote IPC'])
383 t
.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN}", ["was successful"])
384 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['Sharename', 'Remote IPC'])
385 t
.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
386 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['LOGON_FAILURE'])
387 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['LOGON_FAILURE'])
388 t
.vm_poweroff("${WIN_VM}")
391 def prep_join_as_dc(t
, vm
):
392 '''start VM and shutdown Samba in preperation to join a windows domain as a DC'''
393 t
.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool domain join DC")
395 t
.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail
=False)
397 t
.run_cmd("rm -rf etc/smb.conf private")
398 child
= t
.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time
=True)
399 t
.get_ipconfig(child
)
401 def join_as_dc(t
, vm
):
402 '''join a windows domain as a DC'''
404 t
.info("Joining ${WIN_VM} as a second DC using samba-tool domain join DC")
405 t
.port_wait("${WIN_IP}", 389)
406 t
.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
408 t
.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
409 t
.run_cmd('bin/samba-tool domain join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
410 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
413 def test_join_as_dc(t
, vm
):
414 '''test the join of a windows domain as a DC'''
415 t
.info("Checking the DC join is OK")
416 smbclient
= t
.getvar("smbclient")
418 t
.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient
), ["C$", "IPC$", "Sharename"])
419 t
.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
420 child
= t
.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time
=True)
422 t
.info("Forcing kcc runs, and replication")
423 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
424 t
.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
426 t
.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
427 for nc
in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
428 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc
, ["was successful"])
429 t
.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc
, ["was successful"])
431 child
.sendline("ipconfig /flushdns")
432 child
.expect("Successfully flushed")
436 while i
== 1 and retries
> 0:
437 child
.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
438 i
= child
.expect(["The command completed successfully", "The network path was not found"])
444 t
.info("Checking if showrepl is happy")
445 child
.sendline("repadmin /showrepl")
446 child
.expect("${WIN_BASEDN}")
447 child
.expect("was successful")
448 child
.expect("CN=Configuration,${WIN_BASEDN}")
449 child
.expect("was successful")
450 child
.expect("CN=Configuration,${WIN_BASEDN}")
451 child
.expect("was successful")
453 t
.info("Checking if new users propogate to windows")
454 t
.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
455 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['Sharename', 'Remote IPC'])
456 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['Sharename', 'Remote IPC'])
458 t
.info("Checking if new users on windows propogate to samba")
459 child
.sendline("net user test3 ${PASSWORD3} /add")
460 child
.expect("The command completed successfully")
461 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['Sharename', 'IPC'])
462 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['Sharename', 'IPC'])
464 t
.info("Checking propogation of user deletion")
465 t
.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}')
466 child
.sendline("net user test3 /del")
467 child
.expect("The command completed successfully")
469 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['LOGON_FAILURE'])
470 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['LOGON_FAILURE'])
471 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['LOGON_FAILURE'])
472 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['LOGON_FAILURE'])
474 t
.run_cmd('bin/samba-tool domain demote -Uadministrator@${WIN_REALM}%${WIN_PASS}')
476 t
.vm_poweroff("${WIN_VM}")
479 def join_as_rodc(t
, vm
):
480 '''join a windows domain as a RODC'''
482 t
.info("Joining ${WIN_VM} as a RODC using samba-tool domain join DC")
483 t
.port_wait("${WIN_IP}", 389)
484 t
.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
485 t
.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
486 t
.run_cmd('bin/samba-tool domain join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
487 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
490 def test_join_as_rodc(t
, vm
):
491 '''test a windows domain RODC join'''
492 t
.info("Checking the RODC join is OK")
493 smbclient
= t
.getvar("smbclient")
495 t
.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient
), ["C$", "IPC$", "Sharename"])
496 t
.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
497 child
= t
.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time
=True)
499 t
.info("Forcing kcc runs, and replication")
500 t
.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
501 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
503 t
.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
504 for nc
in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
505 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc
, ["was successful"])
509 while i
== 1 and retries
> 0:
510 child
.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
511 i
= child
.expect(["The command completed successfully", "The network path was not found"])
517 t
.info("Checking if showrepl is happy")
518 child
.sendline("repadmin /showrepl")
519 child
.expect("DSA invocationID")
521 t
.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
522 [ "INBOUND NEIGHBORS",
523 "OUTBOUND NEIGHBORS",
525 "Last attempt .* was successful",
526 "CN=Configuration,${WIN_BASEDN}",
527 "Last attempt .* was successful",
528 "CN=Configuration,${WIN_BASEDN}",
529 "Last attempt .* was successful" ],
533 t
.info("Checking if new users on windows propogate to samba")
534 child
.sendline("net user test3 ${PASSWORD3} /add")
535 child
.expect("The command completed successfully")
536 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['Sharename', 'IPC'])
537 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['Sharename', 'IPC'])
540 t
.info("Checking if new users propogate to windows")
541 t
.cmd_contains('bin/samba-tool user add test2 ${PASSWORD2}', ['No RID Set DN'])
543 t
.info("Checking propogation of user deletion")
544 child
.sendline("net user test3 /del")
545 child
.expect("The command completed successfully")
547 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['LOGON_FAILURE'])
548 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['LOGON_FAILURE'])
549 t
.vm_poweroff("${WIN_VM}")
553 '''test the Samba4 howto'''
555 t
.setvar("SAMBA_VERSION", "Version 4")
556 t
.setvar("smbclient", "bin/smbclient4")
557 t
.check_prerequesites()
559 # we don't need fsync safety in these tests
560 t
.putenv('TDB_NO_FSYNC', '1')
562 if not t
.skip("configure_bind"):
563 t
.configure_bind(kerberos_support
=True, include
='${PREFIX}/private/named.conf')
564 if not t
.skip("stop_bind"):
566 if not t
.skip("stop_vms"):
569 if not t
.skip("build"):
572 if not t
.skip("provision"):
577 if not t
.skip("create-shares"):
580 if not t
.skip("starts4"):
582 if not t
.skip("smbclient"):
585 t
.set_nameserver(t
.getvar('INTERFACE_IP'))
586 if not t
.skip("configure_bind2"):
587 t
.configure_bind(kerberos_support
=True, include
='${PREFIX}/private/named.conf')
588 if not t
.skip("start_bind"):
590 if not t
.skip("dns"):
592 if not t
.skip("kerberos"):
594 if not t
.skip("dyndns"):
597 if t
.have_vm('WINDOWS7') and not t
.skip("windows7"):
598 t
.start_winvm("WINDOWS7")
599 t
.test_remote_smbclient("WINDOWS7")
600 run_winjoin(t
, "WINDOWS7")
601 test_winjoin(t
, "WINDOWS7")
602 t
.vm_poweroff("${WIN_VM}")
604 if t
.have_vm('WINXP') and not t
.skip("winxp"):
605 t
.start_winvm("WINXP")
606 run_winjoin(t
, "WINXP")
607 test_winjoin(t
, "WINXP")
608 t
.test_remote_smbclient("WINXP", "administrator", "${PASSWORD1}")
609 t
.vm_poweroff("${WIN_VM}")
611 if t
.have_vm('W2K3C') and not t
.skip("win2k3_member"):
612 t
.start_winvm("W2K3C")
613 run_winjoin(t
, "W2K3C")
614 test_winjoin(t
, "W2K3C")
615 t
.test_remote_smbclient("W2K3C", "administrator", "${PASSWORD1}")
616 t
.vm_poweroff("${WIN_VM}")
618 if t
.have_vm('W2K8R2C') and not t
.skip("dcpromo_rodc"):
619 t
.info("Testing w2k8r2 RODC dcpromo")
620 t
.start_winvm("W2K8R2C")
621 t
.test_remote_smbclient('W2K8R2C')
622 run_dcpromo_rodc(t
, "W2K8R2C")
623 test_dcpromo_rodc(t
, "W2K8R2C")
625 if t
.have_vm('W2K8R2B') and not t
.skip("dcpromo_w2k8r2"):
626 t
.info("Testing w2k8r2 dcpromo")
627 t
.start_winvm("W2K8R2B")
628 t
.test_remote_smbclient('W2K8R2B')
629 run_dcpromo(t
, "W2K8R2B")
630 test_dcpromo(t
, "W2K8R2B")
632 if t
.have_vm('W2K8B') and not t
.skip("dcpromo_w2k8"):
633 t
.info("Testing w2k8 dcpromo")
634 t
.start_winvm("W2K8B")
635 t
.test_remote_smbclient('W2K8B')
636 run_dcpromo(t
, "W2K8B")
637 test_dcpromo(t
, "W2K8B")
639 if t
.have_vm('W2K3B') and not t
.skip("dcpromo_w2k3"):
640 t
.info("Testing w2k3 dcpromo")
641 t
.info("Changing to 2003 functional level")
642 provision_s4(t
, func_level
='2003')
646 t
.restart_bind(kerberos_support
=True, include
='${PREFIX}/private/named.conf')
650 t
.start_winvm("W2K3B")
651 t
.test_remote_smbclient('W2K3B')
652 run_dcpromo(t
, "W2K3B")
653 test_dcpromo(t
, "W2K3B")
655 if t
.have_vm('W2K8R2A') and not t
.skip("join_w2k8r2"):
656 t
.start_winvm("W2K8R2A")
657 prep_join_as_dc(t
, "W2K8R2A")
658 t
.run_dcpromo_as_first_dc("W2K8R2A", func_level
='2008r2')
659 join_as_dc(t
, "W2K8R2A")
663 test_join_as_dc(t
, "W2K8R2A")
665 if t
.have_vm('W2K8R2A') and not t
.skip("join_rodc"):
666 t
.start_winvm("W2K8R2A")
667 prep_join_as_dc(t
, "W2K8R2A")
668 t
.run_dcpromo_as_first_dc("W2K8R2A", func_level
='2008r2')
669 join_as_rodc(t
, "W2K8R2A")
673 test_join_as_rodc(t
, "W2K8R2A")
675 if t
.have_vm('W2K3A') and not t
.skip("join_w2k3"):
676 t
.start_winvm("W2K3A")
677 prep_join_as_dc(t
, "W2K3A")
678 t
.run_dcpromo_as_first_dc("W2K3A", func_level
='2003')
679 join_as_dc(t
, "W2K3A")
683 test_join_as_dc(t
, "W2K3A")
685 t
.info("Howto test: All OK")
689 '''cleanup after tests'''
690 t
.info("Cleaning up ...")
691 t
.restore_resolv_conf()
692 if getattr(t
, 'bind_child', False):
696 if __name__
== '__main__':
697 t
= wintest
.wintest()
699 t
.setup("test-s4-howto.py", "source4")
704 if not t
.opts
.nocleanup
:
708 if not t
.opts
.nocleanup
:
710 t
.info("S4 howto test: All OK")