search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
wintest: set nameserver on a more general place
[Samba/gebeck_regimport.git] / wintest / test-s4-howto.py
blob01aac37115425c2268c825ceeef1d1152e249518
1 #!/usr/bin/env python
2
3 '''automated testing of the steps of the Samba4 HOWTO'''
4
5 import sys, os
6 import wintest, pexpect, time, subprocess
7
8 def set_krb5_conf(t):
9 t.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf')
10
11 def build_s4(t):
12 '''build samba4'''
13 t.info('Building s4')
14 t.chdir('${SOURCETREE}')
15 t.putenv('CC', 'ccache gcc')
16 t.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C')
17 t.run_cmd('make -j')
18 t.run_cmd('rm -rf ${PREFIX}')
19 t.run_cmd('make -j install')
20
21
22 def provision_s4(t, func_level="2008"):
23 '''provision s4 as a DC'''
24 t.info('Provisioning s4')
25 t.chdir('${PREFIX}')
26 t.del_files(["var", "private"])
27 t.run_cmd("rm -f etc/smb.conf")
28 provision=['sbin/provision',
29 '--realm=${LCREALM}',
30 '--domain=${DOMAIN}',
31 '--adminpass=${PASSWORD1}',
32 '--server-role=domain controller',
33 '--function-level=%s' % func_level,
34 '-d${DEBUGLEVEL}',
35 '--option=interfaces=${INTERFACE}',
36 '--host-ip=${INTERFACE_IP}',
37 '--option=bind interfaces only=yes',
38 '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf',
39 '${USE_NTVFS}']
40 if t.getvar('INTERFACE_IPV6'):
41 provision.append('--host-ip6=${INTERFACE_IPV6}')
42 t.run_cmd(provision)
43 t.run_cmd('bin/samba-tool user add testallowed ${PASSWORD1}')
44 t.run_cmd('bin/samba-tool user add testdenied ${PASSWORD1}')
45 t.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed')
46
47
48 def start_s4(t):
49 '''startup samba4'''
50 t.info('Starting Samba4')
51 t.chdir("${PREFIX}")
52 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
53 t.run_cmd(['sbin/samba',
54 '--option', 'panic action=gnome-terminal -e "gdb --pid %d"'])
55 t.port_wait("${INTERFACE_IP}", 139)
56
57 def test_smbclient(t):
58 '''test smbclient against localhost'''
59 t.info('Testing smbclient')
60 smbclient = t.getvar("smbclient")
61 t.chdir('${PREFIX}')
62 t.cmd_contains("%s --version" % (smbclient), ["Version 4.0"])
63 t.retry_cmd('%s -L ${INTERFACE_IP} -U%%' % (smbclient), ["netlogon", "sysvol", "IPC Service"])
64 child = t.pexpect_spawn('%s //${INTERFACE_IP}/netlogon -Uadministrator%%${PASSWORD1}' % (smbclient))
65 child.expect("smb:")
66 child.sendline("dir")
67 child.expect("blocks available")
68 child.sendline("mkdir testdir")
69 child.expect("smb:")
70 child.sendline("cd testdir")
71 child.expect('testdir')
72 child.sendline("cd ..")
73 child.sendline("rmdir testdir")
74
75
76 def create_shares(t):
77 '''create some test shares'''
78 t.info("Adding test shares")
79 t.chdir('${PREFIX}')
80 t.write_file("etc/smb.conf", '''
81 [test]
82 path = ${PREFIX}/test
83 read only = no
84 [profiles]
85 path = ${PREFIX}/var/profiles
86 read only = no
87 ''',
88 mode='a')
89 t.run_cmd("mkdir -p test")
90 t.run_cmd("mkdir -p var/profiles")
91
92
93 def test_dns(t):
94 '''test that DNS is OK'''
95 t.info("Testing DNS")
96 t.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
97 ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
98 t.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.",
99 ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
100 t.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
101 ['${HOSTNAME}.${LCREALM} has address'])
102
103 def test_kerberos(t):
104 '''test that kerberos is OK'''
105 t.info("Testing kerberos")
106 t.run_cmd("kdestroy")
107 t.kinit("administrator@${REALM}", "${PASSWORD1}")
108 # this copes with the differences between MIT and Heimdal klist
109 t.cmd_contains("klist", ["rincipal", "administrator@${REALM}"])
110
111
112 def test_dyndns(t):
113 '''test that dynamic DNS is working'''
114 t.chdir('${PREFIX}')
115 t.run_cmd("sbin/samba_dnsupdate --fail-immediately")
116 t.rndc_cmd("flush")
117
118
119 def run_winjoin(t, vm):
120 '''join a windows box to our domain'''
121 t.setwinvars(vm)
122
123 t.run_winjoin(t, "${LCREALM}")
124
125 def test_winjoin(t, vm):
126 t.info("Checking the windows join is OK")
127 smbclient = t.getvar("smbclient")
128 t.chdir('${PREFIX}')
129 t.port_wait("${WIN_IP}", 139)
130 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"], retries=100)
131 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
132 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
133 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
134 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
135 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}")
136 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
137 child.expect("The command completed successfully")
138
139
140 def run_dcpromo(t, vm):
141 '''run a dcpromo on windows'''
142 t.setwinvars(vm)
143
144 t.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo")
145 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True, set_noexpire=True)
146 child.sendline("copy /Y con answers.txt")
147 child.sendline('''
148 [DCINSTALL]
149 RebootOnSuccess=Yes
150 RebootOnCompletion=Yes
151 ReplicaOrNewDomain=Replica
152 ReplicaDomainDNSName=${LCREALM}
153 SiteName=Default-First-Site-Name
154 InstallDNS=No
155 ConfirmGc=Yes
156 CreateDNSDelegation=No
157 UserDomain=${LCREALM}
158 UserName=${LCREALM}\\administrator
159 Password=${PASSWORD1}
160 DatabasePath="C:\Windows\NTDS"
161 LogPath="C:\Windows\NTDS"
162 SYSVOLPath="C:\Windows\SYSVOL"
163 SafeModeAdminPassword=${PASSWORD1}
164 \x1a
165 ''')
166 child.expect("copied.")
167 child.expect("C:")
168 child.expect("C:")
169 child.sendline("dcpromo /answer:answers.txt")
170 i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout=120)
171 if i == 1 or i == 2:
172 child.sendline("echo off")
173 child.sendline("echo START DCPROMO log")
174 child.sendline("more c:\windows\debug\dcpromoui.log")
175 child.sendline("echo END DCPROMO log")
176 child.expect("END DCPROMO")
177 raise Exception("dcpromo failed")
178 t.wait_reboot()
179
180
181 def test_dcpromo(t, vm):
182 '''test that dcpromo worked'''
183 t.info("Checking the dcpromo join is OK")
184 smbclient = t.getvar("smbclient")
185 t.chdir('${PREFIX}')
186 t.port_wait("${WIN_IP}", 139)
187 t.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${INTERFACE_IP}",
188 ['${WIN_HOSTNAME}.${LCREALM} has address'],
189 retries=30, delay=10, casefold=True)
190 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
191 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
192 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
193
194 t.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
195 t.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
196
197 t.kinit("administrator@${REALM}", "${PASSWORD1}")
198
199 # the first replication will transfer the dnsHostname attribute
200 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"])
201
202 for nc in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
203 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
204 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
205
206 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
207 [ "INBOUND NEIGHBORS",
208 "${BASEDN}",
209 "Last attempt .* was successful",
210 "CN=Configuration,${BASEDN}",
211 "Last attempt .* was successful",
212 "CN=Configuration,${BASEDN}", # cope with either order
213 "Last attempt .* was successful",
214 "OUTBOUND NEIGHBORS",
215 "${BASEDN}",
216 "Last success",
217 "CN=Configuration,${BASEDN}",
218 "Last success",
219 "CN=Configuration,${BASEDN}",
220 "Last success"],
221 ordered=True,
222 regex=True)
223
224 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
225 [ "INBOUND NEIGHBORS",
226 "${BASEDN}",
227 "Last attempt .* was successful",
228 "CN=Configuration,${BASEDN}",
229 "Last attempt .* was successful",
230 "CN=Configuration,${BASEDN}",
231 "Last attempt .* was successful",
232 "OUTBOUND NEIGHBORS",
233 "${BASEDN}",
234 "Last success",
235 "CN=Configuration,${BASEDN}",
236 "Last success",
237 "CN=Configuration,${BASEDN}",
238 "Last success" ],
239 ordered=True,
240 regex=True)
241
242 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
243 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
244
245 retries = 10
246 i = child.expect(["The command completed successfully", "The network path was not found"])
247 while i == 1 and retries > 0:
248 child.expect("C:")
249 time.sleep(2)
250 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
251 i = child.expect(["The command completed successfully", "The network path was not found"])
252 retries -=1
253
254 t.run_net_time(child)
255
256 t.info("Checking if showrepl is happy")
257 child.sendline("repadmin /showrepl")
258 child.expect("${BASEDN}")
259 child.expect("was successful")
260 child.expect("CN=Configuration,${BASEDN}")
261 child.expect("was successful")
262 child.expect("CN=Schema,CN=Configuration,${BASEDN}")
263 child.expect("was successful")
264
265 t.info("Checking if new users propogate to windows")
266 t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
267 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
268 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
269
270 t.info("Checking if new users on windows propogate to samba")
271 child.sendline("net user test3 ${PASSWORD3} /add")
272 while True:
273 i = child.expect(["The command completed successfully",
274 "The directory service was unable to allocate a relative identifier"])
275 if i == 0:
276 break
277 time.sleep(2)
278
279 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
280 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
281
282 t.info("Checking propogation of user deletion")
283 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
284 child.sendline("net user test3 /del")
285 child.expect("The command completed successfully")
286
287 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
288 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
289 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
290 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
291 t.vm_poweroff("${WIN_VM}")
292
293
294 def run_dcpromo_rodc(t, vm):
295 '''run a RODC dcpromo to join a windows DC to the samba domain'''
296 t.setwinvars(vm)
297 t.info("Joining a w2k8 box to the domain as a RODC")
298 t.vm_poweroff("${WIN_VM}", checkfail=False)
299 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
300 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True)
301 child.sendline("copy /Y con answers.txt")
302 child.sendline('''
303 [DCInstall]
304 ReplicaOrNewDomain=ReadOnlyReplica
305 ReplicaDomainDNSName=${LCREALM}
306 PasswordReplicationDenied="BUILTIN\Administrators"
307 PasswordReplicationDenied="BUILTIN\Server Operators"
308 PasswordReplicationDenied="BUILTIN\Backup Operators"
309 PasswordReplicationDenied="BUILTIN\Account Operators"
310 PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group"
311 PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group"
312 DelegatedAdmin="${DOMAIN}\\Administrator"
313 SiteName=Default-First-Site-Name
314 InstallDNS=No
315 ConfirmGc=Yes
316 CreateDNSDelegation=No
317 UserDomain=${LCREALM}
318 UserName=${LCREALM}\\administrator
319 Password=${PASSWORD1}
320 DatabasePath="C:\Windows\NTDS"
321 LogPath="C:\Windows\NTDS"
322 SYSVOLPath="C:\Windows\SYSVOL"
323 SafeModeAdminPassword=${PASSWORD1}
324 RebootOnCompletion=No
325 \x1a
326 ''')
327 child.expect("copied.")
328 child.sendline("dcpromo /answer:answers.txt")
329 i = child.expect(["You must restart this computer", "failed", "could not be located in this domain"], timeout=120)
330 if i != 0:
331 child.sendline("echo off")
332 child.sendline("echo START DCPROMO log")
333 child.sendline("more c:\windows\debug\dcpromoui.log")
334 child.sendline("echo END DCPROMO log")
335 child.expect("END DCPROMO")
336 raise Exception("dcpromo failed")
337 child.sendline("shutdown -r -t 0")
338 t.wait_reboot()
339
340
341
342 def test_dcpromo_rodc(t, vm):
343 '''test the RODC dcpromo worked'''
344 t.info("Checking the w2k8 RODC join is OK")
345 smbclient = t.getvar("smbclient")
346 t.chdir('${PREFIX}')
347 t.port_wait("${WIN_IP}", 139)
348 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
349 child.sendline("ipconfig /registerdns")
350 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
351 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
352 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
353 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
354 child.expect("The command completed successfully")
355
356 t.info("Checking if showrepl is happy")
357 child.sendline("repadmin /showrepl")
358 child.expect("${BASEDN}")
359 child.expect("was successful")
360 child.expect("CN=Configuration,${BASEDN}")
361 child.expect("was successful")
362 child.expect("CN=Configuration,${BASEDN}")
363 child.expect("was successful")
364
365 for nc in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
366 t.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc, ["was successful"])
367
368 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}",
369 [ "INBOUND NEIGHBORS",
370 "OUTBOUND NEIGHBORS",
371 "${BASEDN}",
372 "Last attempt.*was successful",
373 "CN=Configuration,${BASEDN}",
374 "Last attempt.*was successful",
375 "CN=Configuration,${BASEDN}",
376 "Last attempt.*was successful" ],
377 ordered=True,
378 regex=True)
379
380 t.info("Checking if new users are available on windows")
381 t.run_cmd('bin/samba-tool user add test2 ${PASSWORD2}')
382 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
383 t.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN}", ["was successful"])
384 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
385 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
386 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
387 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
388 t.vm_poweroff("${WIN_VM}")
389
390
391 def prep_join_as_dc(t, vm):
392 '''start VM and shutdown Samba in preperation to join a windows domain as a DC'''
393 t.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool domain join DC")
394 t.chdir('${PREFIX}')
395 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
396 t.rndc_cmd('flush')
397 t.run_cmd("rm -rf etc/smb.conf private")
398 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
399 t.get_ipconfig(child)
400
401 def join_as_dc(t, vm):
402 '''join a windows domain as a DC'''
403 t.setwinvars(vm)
404 t.info("Joining ${WIN_VM} as a second DC using samba-tool domain join DC")
405 t.port_wait("${WIN_IP}", 389)
406 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
407
408 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
409 t.run_cmd('bin/samba-tool domain join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
410 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
411
412
413 def test_join_as_dc(t, vm):
414 '''test the join of a windows domain as a DC'''
415 t.info("Checking the DC join is OK")
416 smbclient = t.getvar("smbclient")
417 t.chdir('${PREFIX}')
418 t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
419 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
420 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
421
422 t.info("Forcing kcc runs, and replication")
423 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
424 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
425
426 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
427 for nc in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
428 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
429 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
430
431 child.sendline("ipconfig /flushdns")
432 child.expect("Successfully flushed")
433
434 retries = 10
435 i = 1
436 while i == 1 and retries > 0:
437 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
438 i = child.expect(["The command completed successfully", "The network path was not found"])
439 child.expect("C:")
440 if i == 1:
441 time.sleep(2)
442 retries -=1
443
444 t.info("Checking if showrepl is happy")
445 child.sendline("repadmin /showrepl")
446 child.expect("${WIN_BASEDN}")
447 child.expect("was successful")
448 child.expect("CN=Configuration,${WIN_BASEDN}")
449 child.expect("was successful")
450 child.expect("CN=Configuration,${WIN_BASEDN}")
451 child.expect("was successful")
452
453 t.info("Checking if new users propogate to windows")
454 t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
455 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
456 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
457
458 t.info("Checking if new users on windows propogate to samba")
459 child.sendline("net user test3 ${PASSWORD3} /add")
460 child.expect("The command completed successfully")
461 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
462 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
463
464 t.info("Checking propogation of user deletion")
465 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}')
466 child.sendline("net user test3 /del")
467 child.expect("The command completed successfully")
468
469 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
470 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
471 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
472 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
473
474 t.run_cmd('bin/samba-tool domain demote -Uadministrator@${WIN_REALM}%${WIN_PASS}')
475
476 t.vm_poweroff("${WIN_VM}")
477
478
479 def join_as_rodc(t, vm):
480 '''join a windows domain as a RODC'''
481 t.setwinvars(vm)
482 t.info("Joining ${WIN_VM} as a RODC using samba-tool domain join DC")
483 t.port_wait("${WIN_IP}", 389)
484 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
485 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
486 t.run_cmd('bin/samba-tool domain join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
487 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
488
489
490 def test_join_as_rodc(t, vm):
491 '''test a windows domain RODC join'''
492 t.info("Checking the RODC join is OK")
493 smbclient = t.getvar("smbclient")
494 t.chdir('${PREFIX}')
495 t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
496 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
497 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
498
499 t.info("Forcing kcc runs, and replication")
500 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
501 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
502
503 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
504 for nc in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
505 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
506
507 retries = 10
508 i = 1
509 while i == 1 and retries > 0:
510 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
511 i = child.expect(["The command completed successfully", "The network path was not found"])
512 child.expect("C:")
513 if i == 1:
514 time.sleep(2)
515 retries -=1
516
517 t.info("Checking if showrepl is happy")
518 child.sendline("repadmin /showrepl")
519 child.expect("DSA invocationID")
520
521 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
522 [ "INBOUND NEIGHBORS",
523 "OUTBOUND NEIGHBORS",
524 "${WIN_BASEDN}",
525 "Last attempt .* was successful",
526 "CN=Configuration,${WIN_BASEDN}",
527 "Last attempt .* was successful",
528 "CN=Configuration,${WIN_BASEDN}",
529 "Last attempt .* was successful" ],
530 ordered=True,
531 regex=True)
532
533 t.info("Checking if new users on windows propogate to samba")
534 child.sendline("net user test3 ${PASSWORD3} /add")
535 child.expect("The command completed successfully")
536 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
537 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
538
539 # should this work?
540 t.info("Checking if new users propogate to windows")
541 t.cmd_contains('bin/samba-tool user add test2 ${PASSWORD2}', ['No RID Set DN'])
542
543 t.info("Checking propogation of user deletion")
544 child.sendline("net user test3 /del")
545 child.expect("The command completed successfully")
546
547 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
548 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
549 t.vm_poweroff("${WIN_VM}")
550
551
552 def test_howto(t):
553 '''test the Samba4 howto'''
554
555 t.setvar("SAMBA_VERSION", "Version 4")
556 t.setvar("smbclient", "bin/smbclient4")
557 t.check_prerequesites()
558
559 # we don't need fsync safety in these tests
560 t.putenv('TDB_NO_FSYNC', '1')
561
562 if not t.skip("configure_bind"):
563 t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
564 if not t.skip("stop_bind"):
565 t.stop_bind()
566 if not t.skip("stop_vms"):
567 t.stop_vms()
568
569 if not t.skip("build"):
570 build_s4(t)
571
572 if not t.skip("provision"):
573 provision_s4(t)
574
575 set_krb5_conf(t)
576
577 if not t.skip("create-shares"):
578 create_shares(t)
579
580 if not t.skip("starts4"):
581 start_s4(t)
582 if not t.skip("smbclient"):
583 test_smbclient(t)
584
585 t.set_nameserver(t.getvar('INTERFACE_IP'))
586 if not t.skip("configure_bind2"):
587 t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
588 if not t.skip("start_bind"):
589 t.start_bind()
590 if not t.skip("dns"):
591 test_dns(t)
592 if not t.skip("kerberos"):
593 test_kerberos(t)
594 if not t.skip("dyndns"):
595 test_dyndns(t)
596
597 if t.have_vm('WINDOWS7') and not t.skip("windows7"):
598 t.start_winvm("WINDOWS7")
599 t.test_remote_smbclient("WINDOWS7")
600 run_winjoin(t, "WINDOWS7")
601 test_winjoin(t, "WINDOWS7")
602 t.vm_poweroff("${WIN_VM}")
603
604 if t.have_vm('WINXP') and not t.skip("winxp"):
605 t.start_winvm("WINXP")
606 run_winjoin(t, "WINXP")
607 test_winjoin(t, "WINXP")
608 t.test_remote_smbclient("WINXP", "administrator", "${PASSWORD1}")
609 t.vm_poweroff("${WIN_VM}")
610
611 if t.have_vm('W2K3C') and not t.skip("win2k3_member"):
612 t.start_winvm("W2K3C")
613 run_winjoin(t, "W2K3C")
614 test_winjoin(t, "W2K3C")
615 t.test_remote_smbclient("W2K3C", "administrator", "${PASSWORD1}")
616 t.vm_poweroff("${WIN_VM}")
617
618 if t.have_vm('W2K8R2C') and not t.skip("dcpromo_rodc"):
619 t.info("Testing w2k8r2 RODC dcpromo")
620 t.start_winvm("W2K8R2C")
621 t.test_remote_smbclient('W2K8R2C')
622 run_dcpromo_rodc(t, "W2K8R2C")
623 test_dcpromo_rodc(t, "W2K8R2C")
624
625 if t.have_vm('W2K8R2B') and not t.skip("dcpromo_w2k8r2"):
626 t.info("Testing w2k8r2 dcpromo")
627 t.start_winvm("W2K8R2B")
628 t.test_remote_smbclient('W2K8R2B')
629 run_dcpromo(t, "W2K8R2B")
630 test_dcpromo(t, "W2K8R2B")
631
632 if t.have_vm('W2K8B') and not t.skip("dcpromo_w2k8"):
633 t.info("Testing w2k8 dcpromo")
634 t.start_winvm("W2K8B")
635 t.test_remote_smbclient('W2K8B')
636 run_dcpromo(t, "W2K8B")
637 test_dcpromo(t, "W2K8B")
638
639 if t.have_vm('W2K3B') and not t.skip("dcpromo_w2k3"):
640 t.info("Testing w2k3 dcpromo")
641 t.info("Changing to 2003 functional level")
642 provision_s4(t, func_level='2003')
643 create_shares(t)
644 start_s4(t)
645 test_smbclient(t)
646 t.restart_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
647 test_dns(t)
648 test_kerberos(t)
649 test_dyndns(t)
650 t.start_winvm("W2K3B")
651 t.test_remote_smbclient('W2K3B')
652 run_dcpromo(t, "W2K3B")
653 test_dcpromo(t, "W2K3B")
654
655 if t.have_vm('W2K8R2A') and not t.skip("join_w2k8r2"):
656 t.start_winvm("W2K8R2A")
657 prep_join_as_dc(t, "W2K8R2A")
658 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
659 join_as_dc(t, "W2K8R2A")
660 create_shares(t)
661 start_s4(t)
662 test_dyndns(t)
663 test_join_as_dc(t, "W2K8R2A")
664
665 if t.have_vm('W2K8R2A') and not t.skip("join_rodc"):
666 t.start_winvm("W2K8R2A")
667 prep_join_as_dc(t, "W2K8R2A")
668 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
669 join_as_rodc(t, "W2K8R2A")
670 create_shares(t)
671 start_s4(t)
672 test_dyndns(t)
673 test_join_as_rodc(t, "W2K8R2A")
674
675 if t.have_vm('W2K3A') and not t.skip("join_w2k3"):
676 t.start_winvm("W2K3A")
677 prep_join_as_dc(t, "W2K3A")
678 t.run_dcpromo_as_first_dc("W2K3A", func_level='2003')
679 join_as_dc(t, "W2K3A")
680 create_shares(t)
681 start_s4(t)
682 test_dyndns(t)
683 test_join_as_dc(t, "W2K3A")
684
685 t.info("Howto test: All OK")
686
687
688 def test_cleanup(t):
689 '''cleanup after tests'''
690 t.info("Cleaning up ...")
691 t.restore_resolv_conf()
692 if getattr(t, 'bind_child', False):
693 t.bind_child.kill()
694
695
696 if __name__ == '__main__':
697 t = wintest.wintest()
698
699 t.setup("test-s4-howto.py", "source4")
700
701 try:
702 test_howto(t)
703 except:
704 if not t.opts.nocleanup:
705 test_cleanup(t)
706 raise
707
708 if not t.opts.nocleanup:
709 test_cleanup(t)
710 t.info("S4 howto test: All OK")
reg import