3 '''automated testing of the steps of the Samba4 HOWTO'''
6 import wintest
, pexpect
, time
, subprocess
9 t
.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf')
14 t
.chdir('${SOURCETREE}')
15 t
.putenv('CC', 'ccache gcc')
16 t
.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C')
18 t
.run_cmd('rm -rf ${PREFIX}')
19 t
.run_cmd('make -j install')
22 def provision_s4(t
, func_level
="2008"):
23 '''provision s4 as a DC'''
24 t
.info('Provisioning s4')
26 t
.del_files(["var", "private"])
27 t
.run_cmd("rm -f etc/smb.conf")
28 provision
=['sbin/provision',
31 '--adminpass=${PASSWORD1}',
32 '--server-role=domain controller',
33 '--function-level=%s' % func_level
,
35 '--option=interfaces=${INTERFACE}',
36 '--host-ip=${INTERFACE_IP}',
37 '--option=bind interfaces only=yes',
38 '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf',
40 '--dns-backend=${NAMESERVER_BACKEND}',
41 '${ALLOW_DNS_UPDATES}',
42 '${DNS_RECURSIVE_QUERIES}']
43 if t
.getvar('INTERFACE_IPV6'):
44 provision
.append('--host-ip6=${INTERFACE_IPV6}')
46 t
.run_cmd('bin/samba-tool user add testallowed ${PASSWORD1}')
47 t
.run_cmd('bin/samba-tool user add testdenied ${PASSWORD1}')
48 t
.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed')
53 t
.info('Starting Samba4')
55 t
.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail
=False)
56 t
.run_cmd(['sbin/samba',
57 '--option', 'panic action=gnome-terminal -e "gdb --pid %d"'])
58 t
.port_wait("${INTERFACE_IP}", 139)
60 def test_smbclient(t
):
61 '''test smbclient against localhost'''
62 t
.info('Testing smbclient')
63 smbclient
= t
.getvar("smbclient")
65 t
.cmd_contains("%s --version" % (smbclient
), ["Version 4.0"])
66 t
.retry_cmd('%s -L ${INTERFACE_IP} -U%%' % (smbclient
), ["netlogon", "sysvol", "IPC Service"])
67 child
= t
.pexpect_spawn('%s //${INTERFACE_IP}/netlogon -Uadministrator%%${PASSWORD1}' % (smbclient
))
70 child
.expect("blocks available")
71 child
.sendline("mkdir testdir")
73 child
.sendline("cd testdir")
74 child
.expect('testdir')
75 child
.sendline("cd ..")
76 child
.sendline("rmdir testdir")
80 '''create some test shares'''
81 t
.info("Adding test shares")
83 t
.write_file("etc/smb.conf", '''
88 path = ${PREFIX}/var/profiles
92 t
.run_cmd("mkdir -p test")
93 t
.run_cmd("mkdir -p var/profiles")
97 '''test that DNS is OK'''
99 t
.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
100 ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
101 t
.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.",
102 ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
103 t
.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
104 ['${HOSTNAME}.${LCREALM} has address'])
106 def test_kerberos(t
):
107 '''test that kerberos is OK'''
108 t
.info("Testing kerberos")
109 t
.run_cmd("kdestroy")
110 t
.kinit("administrator@${REALM}", "${PASSWORD1}")
111 # this copes with the differences between MIT and Heimdal klist
112 t
.cmd_contains("klist", ["rincipal", "administrator@${REALM}"])
116 '''test that dynamic DNS is working'''
118 t
.run_cmd("sbin/samba_dnsupdate --fail-immediately")
119 if not t
.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
123 def run_winjoin(t
, vm
):
124 '''join a windows box to our domain'''
127 t
.run_winjoin(t
, "${LCREALM}")
129 def test_winjoin(t
, vm
):
130 t
.info("Checking the windows join is OK")
131 smbclient
= t
.getvar("smbclient")
133 t
.port_wait("${WIN_IP}", 139)
134 t
.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"], retries
=100)
135 t
.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
136 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
137 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
138 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
139 child
= t
.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}")
140 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
141 child
.expect("The command completed successfully")
144 def run_dcpromo(t
, vm
):
145 '''run a dcpromo on windows'''
148 t
.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo")
149 child
= t
.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip
=True, set_noexpire
=True)
150 child
.sendline("copy /Y con answers.txt")
154 RebootOnCompletion=Yes
155 ReplicaOrNewDomain=Replica
156 ReplicaDomainDNSName=${LCREALM}
157 SiteName=Default-First-Site-Name
160 CreateDNSDelegation=No
161 UserDomain=${LCREALM}
162 UserName=${LCREALM}\\administrator
163 Password=${PASSWORD1}
164 DatabasePath="C:\Windows\NTDS"
165 LogPath="C:\Windows\NTDS"
166 SYSVOLPath="C:\Windows\SYSVOL"
167 SafeModeAdminPassword=${PASSWORD1}
170 child
.expect("copied.")
173 child
.sendline("dcpromo /answer:answers.txt")
174 i
= child
.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout
=120)
176 child
.sendline("echo off")
177 child
.sendline("echo START DCPROMO log")
178 child
.sendline("more c:\windows\debug\dcpromoui.log")
179 child
.sendline("echo END DCPROMO log")
180 child
.expect("END DCPROMO")
181 raise Exception("dcpromo failed")
185 def test_dcpromo(t
, vm
):
186 '''test that dcpromo worked'''
187 t
.info("Checking the dcpromo join is OK")
188 smbclient
= t
.getvar("smbclient")
190 t
.port_wait("${WIN_IP}", 139)
191 t
.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${INTERFACE_IP}",
192 ['${WIN_HOSTNAME}.${LCREALM} has address'],
193 retries
=30, delay
=10, casefold
=True)
194 t
.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
195 t
.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
196 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
198 t
.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
199 t
.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
201 t
.kinit("administrator@${REALM}", "${PASSWORD1}")
203 # the first replication will transfer the dnsHostname attribute
204 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"])
206 for nc
in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
207 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc
, ["was successful"])
208 t
.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc
, ["was successful"])
210 t
.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
211 [ "INBOUND NEIGHBORS",
213 "Last attempt .* was successful",
214 "CN=Configuration,${BASEDN}",
215 "Last attempt .* was successful",
216 "CN=Configuration,${BASEDN}", # cope with either order
217 "Last attempt .* was successful",
218 "OUTBOUND NEIGHBORS",
221 "CN=Configuration,${BASEDN}",
223 "CN=Configuration,${BASEDN}",
228 t
.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
229 [ "INBOUND NEIGHBORS",
231 "Last attempt .* was successful",
232 "CN=Configuration,${BASEDN}",
233 "Last attempt .* was successful",
234 "CN=Configuration,${BASEDN}",
235 "Last attempt .* was successful",
236 "OUTBOUND NEIGHBORS",
239 "CN=Configuration,${BASEDN}",
241 "CN=Configuration,${BASEDN}",
246 child
= t
.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time
=True)
247 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
250 i
= child
.expect(["The command completed successfully", "The network path was not found"])
251 while i
== 1 and retries
> 0:
254 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
255 i
= child
.expect(["The command completed successfully", "The network path was not found"])
258 t
.run_net_time(child
)
260 t
.info("Checking if showrepl is happy")
261 child
.sendline("repadmin /showrepl")
262 child
.expect("${BASEDN}")
263 child
.expect("was successful")
264 child
.expect("CN=Configuration,${BASEDN}")
265 child
.expect("was successful")
266 child
.expect("CN=Schema,CN=Configuration,${BASEDN}")
267 child
.expect("was successful")
269 t
.info("Checking if new users propogate to windows")
270 t
.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
271 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['Sharename', 'Remote IPC'])
272 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['Sharename', 'Remote IPC'])
274 t
.info("Checking if new users on windows propogate to samba")
275 child
.sendline("net user test3 ${PASSWORD3} /add")
277 i
= child
.expect(["The command completed successfully",
278 "The directory service was unable to allocate a relative identifier"])
283 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['Sharename', 'IPC'])
284 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['Sharename', 'IPC'])
286 t
.info("Checking propogation of user deletion")
287 t
.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
288 child
.sendline("net user test3 /del")
289 child
.expect("The command completed successfully")
291 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['LOGON_FAILURE'])
292 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['LOGON_FAILURE'])
293 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['LOGON_FAILURE'])
294 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['LOGON_FAILURE'])
295 t
.vm_poweroff("${WIN_VM}")
298 def run_dcpromo_rodc(t
, vm
):
299 '''run a RODC dcpromo to join a windows DC to the samba domain'''
301 t
.info("Joining a w2k8 box to the domain as a RODC")
302 t
.vm_poweroff("${WIN_VM}", checkfail
=False)
303 t
.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
304 child
= t
.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip
=True)
305 child
.sendline("copy /Y con answers.txt")
308 ReplicaOrNewDomain=ReadOnlyReplica
309 ReplicaDomainDNSName=${LCREALM}
310 PasswordReplicationDenied="BUILTIN\Administrators"
311 PasswordReplicationDenied="BUILTIN\Server Operators"
312 PasswordReplicationDenied="BUILTIN\Backup Operators"
313 PasswordReplicationDenied="BUILTIN\Account Operators"
314 PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group"
315 PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group"
316 DelegatedAdmin="${DOMAIN}\\Administrator"
317 SiteName=Default-First-Site-Name
320 CreateDNSDelegation=No
321 UserDomain=${LCREALM}
322 UserName=${LCREALM}\\administrator
323 Password=${PASSWORD1}
324 DatabasePath="C:\Windows\NTDS"
325 LogPath="C:\Windows\NTDS"
326 SYSVOLPath="C:\Windows\SYSVOL"
327 SafeModeAdminPassword=${PASSWORD1}
328 RebootOnCompletion=No
331 child
.expect("copied.")
332 child
.sendline("dcpromo /answer:answers.txt")
333 i
= child
.expect(["You must restart this computer", "failed", "could not be located in this domain"], timeout
=120)
335 child
.sendline("echo off")
336 child
.sendline("echo START DCPROMO log")
337 child
.sendline("more c:\windows\debug\dcpromoui.log")
338 child
.sendline("echo END DCPROMO log")
339 child
.expect("END DCPROMO")
340 raise Exception("dcpromo failed")
341 child
.sendline("shutdown -r -t 0")
346 def test_dcpromo_rodc(t
, vm
):
347 '''test the RODC dcpromo worked'''
348 t
.info("Checking the w2k8 RODC join is OK")
349 smbclient
= t
.getvar("smbclient")
351 t
.port_wait("${WIN_IP}", 139)
352 child
= t
.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time
=True)
353 child
.sendline("ipconfig /registerdns")
354 t
.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
355 t
.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
356 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
357 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
358 child
.expect("The command completed successfully")
360 t
.info("Checking if showrepl is happy")
361 child
.sendline("repadmin /showrepl")
362 child
.expect("${BASEDN}")
363 child
.expect("was successful")
364 child
.expect("CN=Configuration,${BASEDN}")
365 child
.expect("was successful")
366 child
.expect("CN=Configuration,${BASEDN}")
367 child
.expect("was successful")
369 for nc
in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
370 t
.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc
, ["was successful"])
372 t
.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}",
373 [ "INBOUND NEIGHBORS",
374 "OUTBOUND NEIGHBORS",
376 "Last attempt.*was successful",
377 "CN=Configuration,${BASEDN}",
378 "Last attempt.*was successful",
379 "CN=Configuration,${BASEDN}",
380 "Last attempt.*was successful" ],
384 t
.info("Checking if new users are available on windows")
385 t
.run_cmd('bin/samba-tool user add test2 ${PASSWORD2}')
386 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['Sharename', 'Remote IPC'])
387 t
.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN}", ["was successful"])
388 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['Sharename', 'Remote IPC'])
389 t
.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
390 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['LOGON_FAILURE'])
391 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['LOGON_FAILURE'])
392 t
.vm_poweroff("${WIN_VM}")
395 def prep_join_as_dc(t
, vm
):
396 '''start VM and shutdown Samba in preperation to join a windows domain as a DC'''
397 t
.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool domain join DC")
399 t
.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail
=False)
400 if not t
.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
402 t
.run_cmd("rm -rf etc/smb.conf private")
403 child
= t
.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time
=True)
404 t
.get_ipconfig(child
)
406 def join_as_dc(t
, vm
):
407 '''join a windows domain as a DC'''
409 t
.info("Joining ${WIN_VM} as a second DC using samba-tool domain join DC")
410 t
.port_wait("${WIN_IP}", 389)
411 t
.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
413 t
.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
414 t
.run_cmd('bin/samba-tool domain join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
415 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
418 def test_join_as_dc(t
, vm
):
419 '''test the join of a windows domain as a DC'''
420 t
.info("Checking the DC join is OK")
421 smbclient
= t
.getvar("smbclient")
423 t
.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient
), ["C$", "IPC$", "Sharename"])
424 t
.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
425 child
= t
.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time
=True)
427 t
.info("Forcing kcc runs, and replication")
428 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
429 t
.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
431 t
.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
432 for nc
in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
433 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc
, ["was successful"])
434 t
.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc
, ["was successful"])
436 child
.sendline("ipconfig /flushdns")
437 child
.expect("Successfully flushed")
441 while i
== 1 and retries
> 0:
442 child
.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
443 i
= child
.expect(["The command completed successfully", "The network path was not found"])
449 t
.info("Checking if showrepl is happy")
450 child
.sendline("repadmin /showrepl")
451 child
.expect("${WIN_BASEDN}")
452 child
.expect("was successful")
453 child
.expect("CN=Configuration,${WIN_BASEDN}")
454 child
.expect("was successful")
455 child
.expect("CN=Configuration,${WIN_BASEDN}")
456 child
.expect("was successful")
458 t
.info("Checking if new users propogate to windows")
459 t
.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
460 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['Sharename', 'Remote IPC'])
461 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['Sharename', 'Remote IPC'])
463 t
.info("Checking if new users on windows propogate to samba")
464 child
.sendline("net user test3 ${PASSWORD3} /add")
465 child
.expect("The command completed successfully")
466 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['Sharename', 'IPC'])
467 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['Sharename', 'IPC'])
469 t
.info("Checking propogation of user deletion")
470 t
.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}')
471 child
.sendline("net user test3 /del")
472 child
.expect("The command completed successfully")
474 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['LOGON_FAILURE'])
475 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['LOGON_FAILURE'])
476 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['LOGON_FAILURE'])
477 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['LOGON_FAILURE'])
479 t
.run_cmd('bin/samba-tool domain demote -Uadministrator@${WIN_REALM}%${WIN_PASS}')
481 t
.vm_poweroff("${WIN_VM}")
484 def join_as_rodc(t
, vm
):
485 '''join a windows domain as a RODC'''
487 t
.info("Joining ${WIN_VM} as a RODC using samba-tool domain join DC")
488 t
.port_wait("${WIN_IP}", 389)
489 t
.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
490 t
.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
491 t
.run_cmd('bin/samba-tool domain join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
492 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
495 def test_join_as_rodc(t
, vm
):
496 '''test a windows domain RODC join'''
497 t
.info("Checking the RODC join is OK")
498 smbclient
= t
.getvar("smbclient")
500 t
.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient
), ["C$", "IPC$", "Sharename"])
501 t
.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
502 child
= t
.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time
=True)
504 t
.info("Forcing kcc runs, and replication")
505 t
.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
506 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
508 t
.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
509 for nc
in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
510 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc
, ["was successful"])
514 while i
== 1 and retries
> 0:
515 child
.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
516 i
= child
.expect(["The command completed successfully", "The network path was not found"])
522 t
.info("Checking if showrepl is happy")
523 child
.sendline("repadmin /showrepl")
524 child
.expect("DSA invocationID")
526 t
.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
527 [ "INBOUND NEIGHBORS",
528 "OUTBOUND NEIGHBORS",
530 "Last attempt .* was successful",
531 "CN=Configuration,${WIN_BASEDN}",
532 "Last attempt .* was successful",
533 "CN=Configuration,${WIN_BASEDN}",
534 "Last attempt .* was successful" ],
538 t
.info("Checking if new users on windows propogate to samba")
539 child
.sendline("net user test3 ${PASSWORD3} /add")
540 child
.expect("The command completed successfully")
541 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['Sharename', 'IPC'])
542 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['Sharename', 'IPC'])
545 t
.info("Checking if new users propogate to windows")
546 t
.cmd_contains('bin/samba-tool user add test2 ${PASSWORD2}', ['No RID Set DN'])
548 t
.info("Checking propogation of user deletion")
549 child
.sendline("net user test3 /del")
550 child
.expect("The command completed successfully")
552 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['LOGON_FAILURE'])
553 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['LOGON_FAILURE'])
554 t
.vm_poweroff("${WIN_VM}")
558 '''test the Samba4 howto'''
560 t
.setvar("SAMBA_VERSION", "Version 4")
561 t
.setvar("smbclient", "bin/smbclient4")
562 t
.check_prerequesites()
564 # we don't need fsync safety in these tests
565 t
.putenv('TDB_NO_FSYNC', '1')
567 if not t
.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
568 if not t
.skip("configure_bind"):
569 t
.configure_bind(kerberos_support
=True, include
='${PREFIX}/private/named.conf')
570 if not t
.skip("stop_bind"):
573 if not t
.skip("stop_vms"):
576 if not t
.skip("build"):
579 if not t
.skip("provision"):
584 if not t
.skip("create-shares"):
587 if not t
.skip("starts4"):
589 if not t
.skip("smbclient"):
592 t
.set_nameserver(t
.getvar('INTERFACE_IP'))
594 if not t
.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
595 if not t
.skip("configure_bind2"):
596 t
.configure_bind(kerberos_support
=True, include
='${PREFIX}/private/named.conf')
597 if not t
.skip("start_bind"):
600 if not t
.skip("dns"):
602 if not t
.skip("kerberos"):
604 if not t
.skip("dyndns"):
607 if t
.have_vm('WINDOWS7') and not t
.skip("windows7"):
608 t
.start_winvm("WINDOWS7")
609 t
.test_remote_smbclient("WINDOWS7")
610 run_winjoin(t
, "WINDOWS7")
611 test_winjoin(t
, "WINDOWS7")
612 t
.vm_poweroff("${WIN_VM}")
614 if t
.have_vm('WINXP') and not t
.skip("winxp"):
615 t
.start_winvm("WINXP")
616 run_winjoin(t
, "WINXP")
617 test_winjoin(t
, "WINXP")
618 t
.test_remote_smbclient("WINXP", "administrator", "${PASSWORD1}")
619 t
.vm_poweroff("${WIN_VM}")
621 if t
.have_vm('W2K3C') and not t
.skip("win2k3_member"):
622 t
.start_winvm("W2K3C")
623 run_winjoin(t
, "W2K3C")
624 test_winjoin(t
, "W2K3C")
625 t
.test_remote_smbclient("W2K3C", "administrator", "${PASSWORD1}")
626 t
.vm_poweroff("${WIN_VM}")
628 if t
.have_vm('W2K8R2C') and not t
.skip("dcpromo_rodc"):
629 t
.info("Testing w2k8r2 RODC dcpromo")
630 t
.start_winvm("W2K8R2C")
631 t
.test_remote_smbclient('W2K8R2C')
632 run_dcpromo_rodc(t
, "W2K8R2C")
633 test_dcpromo_rodc(t
, "W2K8R2C")
635 if t
.have_vm('W2K8R2B') and not t
.skip("dcpromo_w2k8r2"):
636 t
.info("Testing w2k8r2 dcpromo")
637 t
.start_winvm("W2K8R2B")
638 t
.test_remote_smbclient('W2K8R2B')
639 run_dcpromo(t
, "W2K8R2B")
640 test_dcpromo(t
, "W2K8R2B")
642 if t
.have_vm('W2K8B') and not t
.skip("dcpromo_w2k8"):
643 t
.info("Testing w2k8 dcpromo")
644 t
.start_winvm("W2K8B")
645 t
.test_remote_smbclient('W2K8B')
646 run_dcpromo(t
, "W2K8B")
647 test_dcpromo(t
, "W2K8B")
649 if t
.have_vm('W2K3B') and not t
.skip("dcpromo_w2k3"):
650 t
.info("Testing w2k3 dcpromo")
651 t
.info("Changing to 2003 functional level")
652 provision_s4(t
, func_level
='2003')
656 t
.restart_bind(kerberos_support
=True, include
='${PREFIX}/private/named.conf')
660 t
.start_winvm("W2K3B")
661 t
.test_remote_smbclient('W2K3B')
662 run_dcpromo(t
, "W2K3B")
663 test_dcpromo(t
, "W2K3B")
665 if t
.have_vm('W2K8R2A') and not t
.skip("join_w2k8r2"):
666 t
.start_winvm("W2K8R2A")
667 prep_join_as_dc(t
, "W2K8R2A")
668 t
.run_dcpromo_as_first_dc("W2K8R2A", func_level
='2008r2')
669 join_as_dc(t
, "W2K8R2A")
673 test_join_as_dc(t
, "W2K8R2A")
675 if t
.have_vm('W2K8R2A') and not t
.skip("join_rodc"):
676 t
.start_winvm("W2K8R2A")
677 prep_join_as_dc(t
, "W2K8R2A")
678 t
.run_dcpromo_as_first_dc("W2K8R2A", func_level
='2008r2')
679 join_as_rodc(t
, "W2K8R2A")
683 test_join_as_rodc(t
, "W2K8R2A")
685 if t
.have_vm('W2K3A') and not t
.skip("join_w2k3"):
686 t
.start_winvm("W2K3A")
687 prep_join_as_dc(t
, "W2K3A")
688 t
.run_dcpromo_as_first_dc("W2K3A", func_level
='2003')
689 join_as_dc(t
, "W2K3A")
693 test_join_as_dc(t
, "W2K3A")
695 t
.info("Howto test: All OK")
699 '''cleanup after tests'''
700 t
.info("Cleaning up ...")
701 t
.restore_resolv_conf()
702 if getattr(t
, 'bind_child', False):
706 if __name__
== '__main__':
707 t
= wintest
.wintest()
709 t
.setup("test-s4-howto.py", "source4")
714 if not t
.opts
.nocleanup
:
718 if not t
.opts
.nocleanup
:
720 t
.info("S4 howto test: All OK")