3 '''automated testing of the steps of the Samba4 HOWTO'''
6 import wintest
, pexpect
, time
, subprocess
9 t
.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf')
14 t
.chdir('${SOURCETREE}')
15 t
.putenv('CC', 'ccache gcc')
16 t
.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C')
18 t
.run_cmd('rm -rf ${PREFIX}')
19 t
.run_cmd('make -j install')
22 def provision_s4(t
, func_level
="2008"):
23 '''provision s4 as a DC'''
24 t
.info('Provisioning s4')
26 t
.del_files(["var", "private"])
27 t
.run_cmd("rm -f etc/smb.conf")
28 provision
=['sbin/provision',
31 '--adminpass=${PASSWORD1}',
32 '--server-role=domain controller',
33 '--function-level=%s' % func_level
,
35 '--option=interfaces=${INTERFACE}',
36 '--host-ip=${INTERFACE_IP}',
37 '--option=bind interfaces only=yes',
38 '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf',
40 if t
.getvar('INTERFACE_IPV6'):
41 provision
.append('--host-ip6=${INTERFACE_IPV6}')
43 t
.run_cmd('bin/samba-tool user add testallowed ${PASSWORD1}')
44 t
.run_cmd('bin/samba-tool user add testdenied ${PASSWORD1}')
45 t
.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed')
50 t
.info('Starting Samba4')
52 t
.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail
=False)
53 t
.run_cmd(['sbin/samba',
54 '--option', 'panic action=gnome-terminal -e "gdb --pid %d"'])
55 t
.port_wait("${INTERFACE_IP}", 139)
57 def test_smbclient(t
):
58 '''test smbclient against localhost'''
59 t
.info('Testing smbclient')
60 smbclient
= t
.getvar("smbclient")
62 t
.cmd_contains("%s --version" % (smbclient
), ["Version 4.0"])
63 t
.retry_cmd('%s -L ${INTERFACE_IP} -U%%' % (smbclient
), ["netlogon", "sysvol", "IPC Service"])
64 child
= t
.pexpect_spawn('%s //${INTERFACE_IP}/netlogon -Uadministrator%%${PASSWORD1}' % (smbclient
))
67 child
.expect("blocks available")
68 child
.sendline("mkdir testdir")
70 child
.sendline("cd testdir")
71 child
.expect('testdir')
72 child
.sendline("cd ..")
73 child
.sendline("rmdir testdir")
77 '''create some test shares'''
78 t
.info("Adding test shares")
80 t
.write_file("etc/smb.conf", '''
85 path = ${PREFIX}/var/profiles
89 t
.run_cmd("mkdir -p test")
90 t
.run_cmd("mkdir -p var/profiles")
94 '''test that DNS is OK'''
96 t
.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
97 ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
98 t
.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.",
99 ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
100 t
.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
101 ['${HOSTNAME}.${LCREALM} has address'])
103 def test_kerberos(t
):
104 '''test that kerberos is OK'''
105 t
.info("Testing kerberos")
106 t
.run_cmd("kdestroy")
107 t
.kinit("administrator@${REALM}", "${PASSWORD1}")
108 # this copes with the differences between MIT and Heimdal klist
109 t
.cmd_contains("klist", ["rincipal", "administrator@${REALM}"])
113 '''test that dynamic DNS is working'''
115 t
.run_cmd("sbin/samba_dnsupdate --fail-immediately")
119 def run_winjoin(t
, vm
):
120 '''join a windows box to our domain'''
123 t
.run_winjoin(t
, "${LCREALM}")
125 def test_winjoin(t
, vm
):
126 t
.info("Checking the windows join is OK")
127 smbclient
= t
.getvar("smbclient")
129 t
.port_wait("${WIN_IP}", 139)
130 t
.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"], retries
=100)
131 t
.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
132 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
133 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
134 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
135 child
= t
.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}")
136 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
137 child
.expect("The command completed successfully")
140 def run_dcpromo(t
, vm
):
141 '''run a dcpromo on windows'''
144 t
.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo")
145 child
= t
.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip
=True, set_noexpire
=True)
146 child
.sendline("copy /Y con answers.txt")
150 RebootOnCompletion=Yes
151 ReplicaOrNewDomain=Replica
152 ReplicaDomainDNSName=${LCREALM}
153 SiteName=Default-First-Site-Name
156 CreateDNSDelegation=No
157 UserDomain=${LCREALM}
158 UserName=${LCREALM}\\administrator
159 Password=${PASSWORD1}
160 DatabasePath="C:\Windows\NTDS"
161 LogPath="C:\Windows\NTDS"
162 SYSVOLPath="C:\Windows\SYSVOL"
163 SafeModeAdminPassword=${PASSWORD1}
166 child
.expect("copied.")
169 child
.sendline("dcpromo /answer:answers.txt")
170 i
= child
.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout
=120)
172 child
.sendline("echo off")
173 child
.sendline("echo START DCPROMO log")
174 child
.sendline("more c:\windows\debug\dcpromoui.log")
175 child
.sendline("echo END DCPROMO log")
176 child
.expect("END DCPROMO")
177 raise Exception("dcpromo failed")
181 def test_dcpromo(t
, vm
):
182 '''test that dcpromo worked'''
183 t
.info("Checking the dcpromo join is OK")
184 smbclient
= t
.getvar("smbclient")
186 t
.port_wait("${WIN_IP}", 139)
187 t
.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${INTERFACE_IP}",
188 ['${WIN_HOSTNAME}.${LCREALM} has address'],
189 retries
=30, delay
=10, casefold
=True)
190 t
.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
191 t
.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
192 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
194 t
.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
195 t
.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
197 t
.kinit("administrator@${REALM}", "${PASSWORD1}")
199 # the first replication will transfer the dnsHostname attribute
200 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"])
202 for nc
in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
203 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc
, ["was successful"])
204 t
.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc
, ["was successful"])
206 t
.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
207 [ "INBOUND NEIGHBORS",
209 "Last attempt .* was successful",
210 "CN=Configuration,${BASEDN}",
211 "Last attempt .* was successful",
212 "CN=Configuration,${BASEDN}", # cope with either order
213 "Last attempt .* was successful",
214 "OUTBOUND NEIGHBORS",
217 "CN=Configuration,${BASEDN}",
219 "CN=Configuration,${BASEDN}",
224 t
.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
225 [ "INBOUND NEIGHBORS",
227 "Last attempt .* was successful",
228 "CN=Configuration,${BASEDN}",
229 "Last attempt .* was successful",
230 "CN=Configuration,${BASEDN}",
231 "Last attempt .* was successful",
232 "OUTBOUND NEIGHBORS",
235 "CN=Configuration,${BASEDN}",
237 "CN=Configuration,${BASEDN}",
242 child
= t
.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time
=True)
243 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
246 i
= child
.expect(["The command completed successfully", "The network path was not found"])
247 while i
== 1 and retries
> 0:
250 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
251 i
= child
.expect(["The command completed successfully", "The network path was not found"])
254 t
.run_net_time(child
)
256 t
.info("Checking if showrepl is happy")
257 child
.sendline("repadmin /showrepl")
258 child
.expect("${BASEDN}")
259 child
.expect("was successful")
260 child
.expect("CN=Configuration,${BASEDN}")
261 child
.expect("was successful")
262 child
.expect("CN=Schema,CN=Configuration,${BASEDN}")
263 child
.expect("was successful")
265 t
.info("Checking if new users propogate to windows")
266 t
.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
267 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['Sharename', 'Remote IPC'])
268 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['Sharename', 'Remote IPC'])
270 t
.info("Checking if new users on windows propogate to samba")
271 child
.sendline("net user test3 ${PASSWORD3} /add")
273 i
= child
.expect(["The command completed successfully",
274 "The directory service was unable to allocate a relative identifier"])
279 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['Sharename', 'IPC'])
280 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['Sharename', 'IPC'])
282 t
.info("Checking propogation of user deletion")
283 t
.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
284 child
.sendline("net user test3 /del")
285 child
.expect("The command completed successfully")
287 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['LOGON_FAILURE'])
288 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['LOGON_FAILURE'])
289 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['LOGON_FAILURE'])
290 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['LOGON_FAILURE'])
291 t
.vm_poweroff("${WIN_VM}")
294 def run_dcpromo_rodc(t
, vm
):
295 '''run a RODC dcpromo to join a windows DC to the samba domain'''
297 t
.info("Joining a w2k8 box to the domain as a RODC")
298 t
.vm_poweroff("${WIN_VM}", checkfail
=False)
299 t
.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
300 child
= t
.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip
=True)
301 child
.sendline("copy /Y con answers.txt")
304 ReplicaOrNewDomain=ReadOnlyReplica
305 ReplicaDomainDNSName=${LCREALM}
306 PasswordReplicationDenied="BUILTIN\Administrators"
307 PasswordReplicationDenied="BUILTIN\Server Operators"
308 PasswordReplicationDenied="BUILTIN\Backup Operators"
309 PasswordReplicationDenied="BUILTIN\Account Operators"
310 PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group"
311 PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group"
312 DelegatedAdmin="${DOMAIN}\\Administrator"
313 SiteName=Default-First-Site-Name
316 CreateDNSDelegation=No
317 UserDomain=${LCREALM}
318 UserName=${LCREALM}\\administrator
319 Password=${PASSWORD1}
320 DatabasePath="C:\Windows\NTDS"
321 LogPath="C:\Windows\NTDS"
322 SYSVOLPath="C:\Windows\SYSVOL"
323 SafeModeAdminPassword=${PASSWORD1}
324 RebootOnCompletion=No
327 child
.expect("copied.")
328 child
.sendline("dcpromo /answer:answers.txt")
329 i
= child
.expect(["You must restart this computer", "failed", "could not be located in this domain"], timeout
=120)
331 child
.sendline("echo off")
332 child
.sendline("echo START DCPROMO log")
333 child
.sendline("more c:\windows\debug\dcpromoui.log")
334 child
.sendline("echo END DCPROMO log")
335 child
.expect("END DCPROMO")
336 raise Exception("dcpromo failed")
337 child
.sendline("shutdown -r -t 0")
342 def test_dcpromo_rodc(t
, vm
):
343 '''test the RODC dcpromo worked'''
344 t
.info("Checking the w2k8 RODC join is OK")
345 smbclient
= t
.getvar("smbclient")
347 t
.port_wait("${WIN_IP}", 139)
348 child
= t
.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time
=True)
349 child
.sendline("ipconfig /registerdns")
350 t
.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
351 t
.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
352 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
353 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
354 child
.expect("The command completed successfully")
356 t
.info("Checking if showrepl is happy")
357 child
.sendline("repadmin /showrepl")
358 child
.expect("${BASEDN}")
359 child
.expect("was successful")
360 child
.expect("CN=Configuration,${BASEDN}")
361 child
.expect("was successful")
362 child
.expect("CN=Configuration,${BASEDN}")
363 child
.expect("was successful")
365 for nc
in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
366 t
.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc
, ["was successful"])
368 t
.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}",
369 [ "INBOUND NEIGHBORS",
370 "OUTBOUND NEIGHBORS",
372 "Last attempt.*was successful",
373 "CN=Configuration,${BASEDN}",
374 "Last attempt.*was successful",
375 "CN=Configuration,${BASEDN}",
376 "Last attempt.*was successful" ],
380 t
.info("Checking if new users are available on windows")
381 t
.run_cmd('bin/samba-tool user add test2 ${PASSWORD2}')
382 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['Sharename', 'Remote IPC'])
383 t
.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN}", ["was successful"])
384 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['Sharename', 'Remote IPC'])
385 t
.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
386 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['LOGON_FAILURE'])
387 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['LOGON_FAILURE'])
388 t
.vm_poweroff("${WIN_VM}")
391 def prep_join_as_dc(t
, vm
):
392 '''start VM and shutdown Samba in preperation to join a windows domain as a DC'''
393 t
.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool domain join DC")
395 t
.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail
=False)
397 t
.run_cmd("rm -rf etc/smb.conf private")
398 child
= t
.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time
=True)
399 t
.get_ipconfig(child
)
401 def join_as_dc(t
, vm
):
402 '''join a windows domain as a DC'''
404 t
.info("Joining ${WIN_VM} as a second DC using samba-tool domain join DC")
405 t
.port_wait("${WIN_IP}", 389)
406 t
.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
408 t
.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
409 t
.run_cmd('bin/samba-tool domain join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
410 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
413 def test_join_as_dc(t
, vm
):
414 '''test the join of a windows domain as a DC'''
415 t
.info("Checking the DC join is OK")
416 smbclient
= t
.getvar("smbclient")
418 t
.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient
), ["C$", "IPC$", "Sharename"])
419 t
.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
420 child
= t
.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time
=True)
422 t
.info("Forcing kcc runs, and replication")
423 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
424 t
.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
426 t
.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
427 for nc
in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
428 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc
, ["was successful"])
429 t
.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc
, ["was successful"])
431 child
.sendline("ipconfig /flushdns")
432 child
.expect("Successfully flushed")
436 while i
== 1 and retries
> 0:
437 child
.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
438 i
= child
.expect(["The command completed successfully", "The network path was not found"])
444 t
.info("Checking if showrepl is happy")
445 child
.sendline("repadmin /showrepl")
446 child
.expect("${WIN_BASEDN}")
447 child
.expect("was successful")
448 child
.expect("CN=Configuration,${WIN_BASEDN}")
449 child
.expect("was successful")
450 child
.expect("CN=Configuration,${WIN_BASEDN}")
451 child
.expect("was successful")
453 t
.info("Checking if new users propogate to windows")
454 t
.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
455 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['Sharename', 'Remote IPC'])
456 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['Sharename', 'Remote IPC'])
458 t
.info("Checking if new users on windows propogate to samba")
459 child
.sendline("net user test3 ${PASSWORD3} /add")
460 child
.expect("The command completed successfully")
461 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['Sharename', 'IPC'])
462 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['Sharename', 'IPC'])
464 t
.info("Checking propogation of user deletion")
465 t
.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}')
466 child
.sendline("net user test3 /del")
467 child
.expect("The command completed successfully")
469 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['LOGON_FAILURE'])
470 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['LOGON_FAILURE'])
471 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['LOGON_FAILURE'])
472 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['LOGON_FAILURE'])
474 t
.run_cmd('bin/samba-tool domain demote -Uadministrator@${WIN_REALM}%${WIN_PASS}')
476 t
.vm_poweroff("${WIN_VM}")
479 def join_as_rodc(t
, vm
):
480 '''join a windows domain as a RODC'''
482 t
.info("Joining ${WIN_VM} as a RODC using samba-tool domain join DC")
483 t
.port_wait("${WIN_IP}", 389)
484 t
.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
485 t
.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
486 t
.run_cmd('bin/samba-tool domain join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
487 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
490 def test_join_as_rodc(t
, vm
):
491 '''test a windows domain RODC join'''
492 t
.info("Checking the RODC join is OK")
493 smbclient
= t
.getvar("smbclient")
495 t
.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient
), ["C$", "IPC$", "Sharename"])
496 t
.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
497 child
= t
.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time
=True)
499 t
.info("Forcing kcc runs, and replication")
500 t
.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
501 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
503 t
.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
504 for nc
in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
505 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc
, ["was successful"])
509 while i
== 1 and retries
> 0:
510 child
.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
511 i
= child
.expect(["The command completed successfully", "The network path was not found"])
517 t
.info("Checking if showrepl is happy")
518 child
.sendline("repadmin /showrepl")
519 child
.expect("DSA invocationID")
521 t
.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
522 [ "INBOUND NEIGHBORS",
523 "OUTBOUND NEIGHBORS",
525 "Last attempt .* was successful",
526 "CN=Configuration,${WIN_BASEDN}",
527 "Last attempt .* was successful",
528 "CN=Configuration,${WIN_BASEDN}",
529 "Last attempt .* was successful" ],
533 t
.info("Checking if new users on windows propogate to samba")
534 child
.sendline("net user test3 ${PASSWORD3} /add")
535 child
.expect("The command completed successfully")
536 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['Sharename', 'IPC'])
537 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['Sharename', 'IPC'])
540 t
.info("Checking if new users propogate to windows")
541 t
.cmd_contains('bin/samba-tool user add test2 ${PASSWORD2}', ['No RID Set DN'])
543 t
.info("Checking propogation of user deletion")
544 child
.sendline("net user test3 /del")
545 child
.expect("The command completed successfully")
547 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['LOGON_FAILURE'])
548 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['LOGON_FAILURE'])
549 t
.vm_poweroff("${WIN_VM}")
553 '''test the Samba4 howto'''
555 t
.setvar("SAMBA_VERSION", "Version 4")
556 t
.setvar("smbclient", "bin/smbclient4")
557 t
.check_prerequesites()
559 # we don't need fsync safety in these tests
560 t
.putenv('TDB_NO_FSYNC', '1')
562 if not t
.skip("configure_bind"):
563 t
.configure_bind(kerberos_support
=True, include
='${PREFIX}/private/named.conf')
564 if not t
.skip("stop_bind"):
566 if not t
.skip("stop_vms"):
569 if not t
.skip("build"):
572 if not t
.skip("provision"):
577 if not t
.skip("create-shares"):
580 if not t
.skip("starts4"):
582 if not t
.skip("smbclient"):
584 if not t
.skip("configure_bind2"):
585 t
.configure_bind(kerberos_support
=True, include
='${PREFIX}/private/named.conf')
586 if not t
.skip("start_bind"):
588 if not t
.skip("dns"):
590 if not t
.skip("kerberos"):
592 if not t
.skip("dyndns"):
595 if t
.have_vm('WINDOWS7') and not t
.skip("windows7"):
596 t
.start_winvm("WINDOWS7")
597 t
.test_remote_smbclient("WINDOWS7")
598 run_winjoin(t
, "WINDOWS7")
599 test_winjoin(t
, "WINDOWS7")
600 t
.vm_poweroff("${WIN_VM}")
602 if t
.have_vm('WINXP') and not t
.skip("winxp"):
603 t
.start_winvm("WINXP")
604 run_winjoin(t
, "WINXP")
605 test_winjoin(t
, "WINXP")
606 t
.test_remote_smbclient("WINXP", "administrator", "${PASSWORD1}")
607 t
.vm_poweroff("${WIN_VM}")
609 if t
.have_vm('W2K3C') and not t
.skip("win2k3_member"):
610 t
.start_winvm("W2K3C")
611 run_winjoin(t
, "W2K3C")
612 test_winjoin(t
, "W2K3C")
613 t
.test_remote_smbclient("W2K3C", "administrator", "${PASSWORD1}")
614 t
.vm_poweroff("${WIN_VM}")
616 if t
.have_vm('W2K8R2C') and not t
.skip("dcpromo_rodc"):
617 t
.info("Testing w2k8r2 RODC dcpromo")
618 t
.start_winvm("W2K8R2C")
619 t
.test_remote_smbclient('W2K8R2C')
620 run_dcpromo_rodc(t
, "W2K8R2C")
621 test_dcpromo_rodc(t
, "W2K8R2C")
623 if t
.have_vm('W2K8R2B') and not t
.skip("dcpromo_w2k8r2"):
624 t
.info("Testing w2k8r2 dcpromo")
625 t
.start_winvm("W2K8R2B")
626 t
.test_remote_smbclient('W2K8R2B')
627 run_dcpromo(t
, "W2K8R2B")
628 test_dcpromo(t
, "W2K8R2B")
630 if t
.have_vm('W2K8B') and not t
.skip("dcpromo_w2k8"):
631 t
.info("Testing w2k8 dcpromo")
632 t
.start_winvm("W2K8B")
633 t
.test_remote_smbclient('W2K8B')
634 run_dcpromo(t
, "W2K8B")
635 test_dcpromo(t
, "W2K8B")
637 if t
.have_vm('W2K3B') and not t
.skip("dcpromo_w2k3"):
638 t
.info("Testing w2k3 dcpromo")
639 t
.info("Changing to 2003 functional level")
640 provision_s4(t
, func_level
='2003')
644 t
.restart_bind(kerberos_support
=True, include
='${PREFIX}/private/named.conf')
648 t
.start_winvm("W2K3B")
649 t
.test_remote_smbclient('W2K3B')
650 run_dcpromo(t
, "W2K3B")
651 test_dcpromo(t
, "W2K3B")
653 if t
.have_vm('W2K8R2A') and not t
.skip("join_w2k8r2"):
654 t
.start_winvm("W2K8R2A")
655 prep_join_as_dc(t
, "W2K8R2A")
656 t
.run_dcpromo_as_first_dc("W2K8R2A", func_level
='2008r2')
657 join_as_dc(t
, "W2K8R2A")
661 test_join_as_dc(t
, "W2K8R2A")
663 if t
.have_vm('W2K8R2A') and not t
.skip("join_rodc"):
664 t
.start_winvm("W2K8R2A")
665 prep_join_as_dc(t
, "W2K8R2A")
666 t
.run_dcpromo_as_first_dc("W2K8R2A", func_level
='2008r2')
667 join_as_rodc(t
, "W2K8R2A")
671 test_join_as_rodc(t
, "W2K8R2A")
673 if t
.have_vm('W2K3A') and not t
.skip("join_w2k3"):
674 t
.start_winvm("W2K3A")
675 prep_join_as_dc(t
, "W2K3A")
676 t
.run_dcpromo_as_first_dc("W2K3A", func_level
='2003')
677 join_as_dc(t
, "W2K3A")
681 test_join_as_dc(t
, "W2K3A")
683 t
.info("Howto test: All OK")
687 '''cleanup after tests'''
688 t
.info("Cleaning up ...")
689 t
.restore_resolv_conf()
690 if getattr(t
, 'bind_child', False):
694 if __name__
== '__main__':
695 t
= wintest
.wintest()
697 t
.setup("test-s4-howto.py", "source4")
702 if not t
.opts
.nocleanup
:
706 if not t
.opts
.nocleanup
:
708 t
.info("S4 howto test: All OK")