wintest: set recursive queries for internal dns
[Samba/gebeck_regimport.git] / wintest / test-s4-howto.py
blob2f89447f227a07fff73bfe4f0b2c0605ead061fc
1 #!/usr/bin/env python
3 '''automated testing of the steps of the Samba4 HOWTO'''
5 import sys, os
6 import wintest, pexpect, time, subprocess
8 def set_krb5_conf(t):
9 t.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf')
11 def build_s4(t):
12 '''build samba4'''
13 t.info('Building s4')
14 t.chdir('${SOURCETREE}')
15 t.putenv('CC', 'ccache gcc')
16 t.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C')
17 t.run_cmd('make -j')
18 t.run_cmd('rm -rf ${PREFIX}')
19 t.run_cmd('make -j install')
22 def provision_s4(t, func_level="2008"):
23 '''provision s4 as a DC'''
24 t.info('Provisioning s4')
25 t.chdir('${PREFIX}')
26 t.del_files(["var", "private"])
27 t.run_cmd("rm -f etc/smb.conf")
28 provision=['sbin/provision',
29 '--realm=${LCREALM}',
30 '--domain=${DOMAIN}',
31 '--adminpass=${PASSWORD1}',
32 '--server-role=domain controller',
33 '--function-level=%s' % func_level,
34 '-d${DEBUGLEVEL}',
35 '--option=interfaces=${INTERFACE}',
36 '--host-ip=${INTERFACE_IP}',
37 '--option=bind interfaces only=yes',
38 '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf',
39 '${USE_NTVFS}',
40 '--dns-backend=${NAMESERVER_BACKEND}',
41 '${ALLOW_DNS_UPDATES}',
42 '${DNS_RECURSIVE_QUERIES}']
43 if t.getvar('INTERFACE_IPV6'):
44 provision.append('--host-ip6=${INTERFACE_IPV6}')
45 t.run_cmd(provision)
46 t.run_cmd('bin/samba-tool user add testallowed ${PASSWORD1}')
47 t.run_cmd('bin/samba-tool user add testdenied ${PASSWORD1}')
48 t.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed')
51 def start_s4(t):
52 '''startup samba4'''
53 t.info('Starting Samba4')
54 t.chdir("${PREFIX}")
55 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
56 t.run_cmd(['sbin/samba',
57 '--option', 'panic action=gnome-terminal -e "gdb --pid %d"'])
58 t.port_wait("${INTERFACE_IP}", 139)
60 def test_smbclient(t):
61 '''test smbclient against localhost'''
62 t.info('Testing smbclient')
63 smbclient = t.getvar("smbclient")
64 t.chdir('${PREFIX}')
65 t.cmd_contains("%s --version" % (smbclient), ["Version 4.0"])
66 t.retry_cmd('%s -L ${INTERFACE_IP} -U%%' % (smbclient), ["netlogon", "sysvol", "IPC Service"])
67 child = t.pexpect_spawn('%s //${INTERFACE_IP}/netlogon -Uadministrator%%${PASSWORD1}' % (smbclient))
68 child.expect("smb:")
69 child.sendline("dir")
70 child.expect("blocks available")
71 child.sendline("mkdir testdir")
72 child.expect("smb:")
73 child.sendline("cd testdir")
74 child.expect('testdir')
75 child.sendline("cd ..")
76 child.sendline("rmdir testdir")
79 def create_shares(t):
80 '''create some test shares'''
81 t.info("Adding test shares")
82 t.chdir('${PREFIX}')
83 t.write_file("etc/smb.conf", '''
84 [test]
85 path = ${PREFIX}/test
86 read only = no
87 [profiles]
88 path = ${PREFIX}/var/profiles
89 read only = no
90 ''',
91 mode='a')
92 t.run_cmd("mkdir -p test")
93 t.run_cmd("mkdir -p var/profiles")
96 def test_dns(t):
97 '''test that DNS is OK'''
98 t.info("Testing DNS")
99 t.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
100 ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
101 t.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.",
102 ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
103 t.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
104 ['${HOSTNAME}.${LCREALM} has address'])
106 def test_kerberos(t):
107 '''test that kerberos is OK'''
108 t.info("Testing kerberos")
109 t.run_cmd("kdestroy")
110 t.kinit("administrator@${REALM}", "${PASSWORD1}")
111 # this copes with the differences between MIT and Heimdal klist
112 t.cmd_contains("klist", ["rincipal", "administrator@${REALM}"])
115 def test_dyndns(t):
116 '''test that dynamic DNS is working'''
117 t.chdir('${PREFIX}')
118 t.run_cmd("sbin/samba_dnsupdate --fail-immediately")
119 if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
120 t.rndc_cmd("flush")
123 def run_winjoin(t, vm):
124 '''join a windows box to our domain'''
125 t.setwinvars(vm)
127 t.run_winjoin(t, "${LCREALM}")
129 def test_winjoin(t, vm):
130 t.info("Checking the windows join is OK")
131 smbclient = t.getvar("smbclient")
132 t.chdir('${PREFIX}')
133 t.port_wait("${WIN_IP}", 139)
134 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"], retries=100)
135 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
136 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
137 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
138 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
139 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}")
140 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
141 child.expect("The command completed successfully")
144 def run_dcpromo(t, vm):
145 '''run a dcpromo on windows'''
146 t.setwinvars(vm)
148 t.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo")
149 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True, set_noexpire=True)
150 child.sendline("copy /Y con answers.txt")
151 child.sendline('''
152 [DCINSTALL]
153 RebootOnSuccess=Yes
154 RebootOnCompletion=Yes
155 ReplicaOrNewDomain=Replica
156 ReplicaDomainDNSName=${LCREALM}
157 SiteName=Default-First-Site-Name
158 InstallDNS=No
159 ConfirmGc=Yes
160 CreateDNSDelegation=No
161 UserDomain=${LCREALM}
162 UserName=${LCREALM}\\administrator
163 Password=${PASSWORD1}
164 DatabasePath="C:\Windows\NTDS"
165 LogPath="C:\Windows\NTDS"
166 SYSVOLPath="C:\Windows\SYSVOL"
167 SafeModeAdminPassword=${PASSWORD1}
168 \x1a
169 ''')
170 child.expect("copied.")
171 child.expect("C:")
172 child.expect("C:")
173 child.sendline("dcpromo /answer:answers.txt")
174 i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout=120)
175 if i == 1 or i == 2:
176 child.sendline("echo off")
177 child.sendline("echo START DCPROMO log")
178 child.sendline("more c:\windows\debug\dcpromoui.log")
179 child.sendline("echo END DCPROMO log")
180 child.expect("END DCPROMO")
181 raise Exception("dcpromo failed")
182 t.wait_reboot()
185 def test_dcpromo(t, vm):
186 '''test that dcpromo worked'''
187 t.info("Checking the dcpromo join is OK")
188 smbclient = t.getvar("smbclient")
189 t.chdir('${PREFIX}')
190 t.port_wait("${WIN_IP}", 139)
191 t.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${INTERFACE_IP}",
192 ['${WIN_HOSTNAME}.${LCREALM} has address'],
193 retries=30, delay=10, casefold=True)
194 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
195 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
196 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
198 t.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
199 t.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
201 t.kinit("administrator@${REALM}", "${PASSWORD1}")
203 # the first replication will transfer the dnsHostname attribute
204 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"])
206 for nc in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
207 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
208 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
210 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
211 [ "INBOUND NEIGHBORS",
212 "${BASEDN}",
213 "Last attempt .* was successful",
214 "CN=Configuration,${BASEDN}",
215 "Last attempt .* was successful",
216 "CN=Configuration,${BASEDN}", # cope with either order
217 "Last attempt .* was successful",
218 "OUTBOUND NEIGHBORS",
219 "${BASEDN}",
220 "Last success",
221 "CN=Configuration,${BASEDN}",
222 "Last success",
223 "CN=Configuration,${BASEDN}",
224 "Last success"],
225 ordered=True,
226 regex=True)
228 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
229 [ "INBOUND NEIGHBORS",
230 "${BASEDN}",
231 "Last attempt .* was successful",
232 "CN=Configuration,${BASEDN}",
233 "Last attempt .* was successful",
234 "CN=Configuration,${BASEDN}",
235 "Last attempt .* was successful",
236 "OUTBOUND NEIGHBORS",
237 "${BASEDN}",
238 "Last success",
239 "CN=Configuration,${BASEDN}",
240 "Last success",
241 "CN=Configuration,${BASEDN}",
242 "Last success" ],
243 ordered=True,
244 regex=True)
246 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
247 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
249 retries = 10
250 i = child.expect(["The command completed successfully", "The network path was not found"])
251 while i == 1 and retries > 0:
252 child.expect("C:")
253 time.sleep(2)
254 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
255 i = child.expect(["The command completed successfully", "The network path was not found"])
256 retries -=1
258 t.run_net_time(child)
260 t.info("Checking if showrepl is happy")
261 child.sendline("repadmin /showrepl")
262 child.expect("${BASEDN}")
263 child.expect("was successful")
264 child.expect("CN=Configuration,${BASEDN}")
265 child.expect("was successful")
266 child.expect("CN=Schema,CN=Configuration,${BASEDN}")
267 child.expect("was successful")
269 t.info("Checking if new users propogate to windows")
270 t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
271 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
272 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
274 t.info("Checking if new users on windows propogate to samba")
275 child.sendline("net user test3 ${PASSWORD3} /add")
276 while True:
277 i = child.expect(["The command completed successfully",
278 "The directory service was unable to allocate a relative identifier"])
279 if i == 0:
280 break
281 time.sleep(2)
283 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
284 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
286 t.info("Checking propogation of user deletion")
287 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
288 child.sendline("net user test3 /del")
289 child.expect("The command completed successfully")
291 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
292 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
293 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
294 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
295 t.vm_poweroff("${WIN_VM}")
298 def run_dcpromo_rodc(t, vm):
299 '''run a RODC dcpromo to join a windows DC to the samba domain'''
300 t.setwinvars(vm)
301 t.info("Joining a w2k8 box to the domain as a RODC")
302 t.vm_poweroff("${WIN_VM}", checkfail=False)
303 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
304 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True)
305 child.sendline("copy /Y con answers.txt")
306 child.sendline('''
307 [DCInstall]
308 ReplicaOrNewDomain=ReadOnlyReplica
309 ReplicaDomainDNSName=${LCREALM}
310 PasswordReplicationDenied="BUILTIN\Administrators"
311 PasswordReplicationDenied="BUILTIN\Server Operators"
312 PasswordReplicationDenied="BUILTIN\Backup Operators"
313 PasswordReplicationDenied="BUILTIN\Account Operators"
314 PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group"
315 PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group"
316 DelegatedAdmin="${DOMAIN}\\Administrator"
317 SiteName=Default-First-Site-Name
318 InstallDNS=No
319 ConfirmGc=Yes
320 CreateDNSDelegation=No
321 UserDomain=${LCREALM}
322 UserName=${LCREALM}\\administrator
323 Password=${PASSWORD1}
324 DatabasePath="C:\Windows\NTDS"
325 LogPath="C:\Windows\NTDS"
326 SYSVOLPath="C:\Windows\SYSVOL"
327 SafeModeAdminPassword=${PASSWORD1}
328 RebootOnCompletion=No
329 \x1a
330 ''')
331 child.expect("copied.")
332 child.sendline("dcpromo /answer:answers.txt")
333 i = child.expect(["You must restart this computer", "failed", "could not be located in this domain"], timeout=120)
334 if i != 0:
335 child.sendline("echo off")
336 child.sendline("echo START DCPROMO log")
337 child.sendline("more c:\windows\debug\dcpromoui.log")
338 child.sendline("echo END DCPROMO log")
339 child.expect("END DCPROMO")
340 raise Exception("dcpromo failed")
341 child.sendline("shutdown -r -t 0")
342 t.wait_reboot()
346 def test_dcpromo_rodc(t, vm):
347 '''test the RODC dcpromo worked'''
348 t.info("Checking the w2k8 RODC join is OK")
349 smbclient = t.getvar("smbclient")
350 t.chdir('${PREFIX}')
351 t.port_wait("${WIN_IP}", 139)
352 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
353 child.sendline("ipconfig /registerdns")
354 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
355 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
356 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
357 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
358 child.expect("The command completed successfully")
360 t.info("Checking if showrepl is happy")
361 child.sendline("repadmin /showrepl")
362 child.expect("${BASEDN}")
363 child.expect("was successful")
364 child.expect("CN=Configuration,${BASEDN}")
365 child.expect("was successful")
366 child.expect("CN=Configuration,${BASEDN}")
367 child.expect("was successful")
369 for nc in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
370 t.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc, ["was successful"])
372 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}",
373 [ "INBOUND NEIGHBORS",
374 "OUTBOUND NEIGHBORS",
375 "${BASEDN}",
376 "Last attempt.*was successful",
377 "CN=Configuration,${BASEDN}",
378 "Last attempt.*was successful",
379 "CN=Configuration,${BASEDN}",
380 "Last attempt.*was successful" ],
381 ordered=True,
382 regex=True)
384 t.info("Checking if new users are available on windows")
385 t.run_cmd('bin/samba-tool user add test2 ${PASSWORD2}')
386 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
387 t.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN}", ["was successful"])
388 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
389 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
390 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
391 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
392 t.vm_poweroff("${WIN_VM}")
395 def prep_join_as_dc(t, vm):
396 '''start VM and shutdown Samba in preperation to join a windows domain as a DC'''
397 t.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool domain join DC")
398 t.chdir('${PREFIX}')
399 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
400 if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
401 t.rndc_cmd('flush')
402 t.run_cmd("rm -rf etc/smb.conf private")
403 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
404 t.get_ipconfig(child)
406 def join_as_dc(t, vm):
407 '''join a windows domain as a DC'''
408 t.setwinvars(vm)
409 t.info("Joining ${WIN_VM} as a second DC using samba-tool domain join DC")
410 t.port_wait("${WIN_IP}", 389)
411 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
413 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
414 t.run_cmd('bin/samba-tool domain join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
415 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
418 def test_join_as_dc(t, vm):
419 '''test the join of a windows domain as a DC'''
420 t.info("Checking the DC join is OK")
421 smbclient = t.getvar("smbclient")
422 t.chdir('${PREFIX}')
423 t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
424 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
425 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
427 t.info("Forcing kcc runs, and replication")
428 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
429 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
431 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
432 for nc in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
433 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
434 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
436 child.sendline("ipconfig /flushdns")
437 child.expect("Successfully flushed")
439 retries = 10
440 i = 1
441 while i == 1 and retries > 0:
442 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
443 i = child.expect(["The command completed successfully", "The network path was not found"])
444 child.expect("C:")
445 if i == 1:
446 time.sleep(2)
447 retries -=1
449 t.info("Checking if showrepl is happy")
450 child.sendline("repadmin /showrepl")
451 child.expect("${WIN_BASEDN}")
452 child.expect("was successful")
453 child.expect("CN=Configuration,${WIN_BASEDN}")
454 child.expect("was successful")
455 child.expect("CN=Configuration,${WIN_BASEDN}")
456 child.expect("was successful")
458 t.info("Checking if new users propogate to windows")
459 t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
460 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
461 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
463 t.info("Checking if new users on windows propogate to samba")
464 child.sendline("net user test3 ${PASSWORD3} /add")
465 child.expect("The command completed successfully")
466 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
467 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
469 t.info("Checking propogation of user deletion")
470 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}')
471 child.sendline("net user test3 /del")
472 child.expect("The command completed successfully")
474 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
475 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
476 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
477 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
479 t.run_cmd('bin/samba-tool domain demote -Uadministrator@${WIN_REALM}%${WIN_PASS}')
481 t.vm_poweroff("${WIN_VM}")
484 def join_as_rodc(t, vm):
485 '''join a windows domain as a RODC'''
486 t.setwinvars(vm)
487 t.info("Joining ${WIN_VM} as a RODC using samba-tool domain join DC")
488 t.port_wait("${WIN_IP}", 389)
489 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
490 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
491 t.run_cmd('bin/samba-tool domain join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
492 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
495 def test_join_as_rodc(t, vm):
496 '''test a windows domain RODC join'''
497 t.info("Checking the RODC join is OK")
498 smbclient = t.getvar("smbclient")
499 t.chdir('${PREFIX}')
500 t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
501 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
502 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
504 t.info("Forcing kcc runs, and replication")
505 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
506 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
508 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
509 for nc in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
510 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
512 retries = 10
513 i = 1
514 while i == 1 and retries > 0:
515 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
516 i = child.expect(["The command completed successfully", "The network path was not found"])
517 child.expect("C:")
518 if i == 1:
519 time.sleep(2)
520 retries -=1
522 t.info("Checking if showrepl is happy")
523 child.sendline("repadmin /showrepl")
524 child.expect("DSA invocationID")
526 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
527 [ "INBOUND NEIGHBORS",
528 "OUTBOUND NEIGHBORS",
529 "${WIN_BASEDN}",
530 "Last attempt .* was successful",
531 "CN=Configuration,${WIN_BASEDN}",
532 "Last attempt .* was successful",
533 "CN=Configuration,${WIN_BASEDN}",
534 "Last attempt .* was successful" ],
535 ordered=True,
536 regex=True)
538 t.info("Checking if new users on windows propogate to samba")
539 child.sendline("net user test3 ${PASSWORD3} /add")
540 child.expect("The command completed successfully")
541 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
542 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
544 # should this work?
545 t.info("Checking if new users propogate to windows")
546 t.cmd_contains('bin/samba-tool user add test2 ${PASSWORD2}', ['No RID Set DN'])
548 t.info("Checking propogation of user deletion")
549 child.sendline("net user test3 /del")
550 child.expect("The command completed successfully")
552 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
553 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
554 t.vm_poweroff("${WIN_VM}")
557 def test_howto(t):
558 '''test the Samba4 howto'''
560 t.setvar("SAMBA_VERSION", "Version 4")
561 t.setvar("smbclient", "bin/smbclient4")
562 t.check_prerequesites()
564 # we don't need fsync safety in these tests
565 t.putenv('TDB_NO_FSYNC', '1')
567 if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
568 if not t.skip("configure_bind"):
569 t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
570 if not t.skip("stop_bind"):
571 t.stop_bind()
573 if not t.skip("stop_vms"):
574 t.stop_vms()
576 if not t.skip("build"):
577 build_s4(t)
579 if not t.skip("provision"):
580 provision_s4(t)
582 set_krb5_conf(t)
584 if not t.skip("create-shares"):
585 create_shares(t)
587 if not t.skip("starts4"):
588 start_s4(t)
589 if not t.skip("smbclient"):
590 test_smbclient(t)
592 t.set_nameserver(t.getvar('INTERFACE_IP'))
594 if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
595 if not t.skip("configure_bind2"):
596 t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
597 if not t.skip("start_bind"):
598 t.start_bind()
600 if not t.skip("dns"):
601 test_dns(t)
602 if not t.skip("kerberos"):
603 test_kerberos(t)
604 if not t.skip("dyndns"):
605 test_dyndns(t)
607 if t.have_vm('WINDOWS7') and not t.skip("windows7"):
608 t.start_winvm("WINDOWS7")
609 t.test_remote_smbclient("WINDOWS7")
610 run_winjoin(t, "WINDOWS7")
611 test_winjoin(t, "WINDOWS7")
612 t.vm_poweroff("${WIN_VM}")
614 if t.have_vm('WINXP') and not t.skip("winxp"):
615 t.start_winvm("WINXP")
616 run_winjoin(t, "WINXP")
617 test_winjoin(t, "WINXP")
618 t.test_remote_smbclient("WINXP", "administrator", "${PASSWORD1}")
619 t.vm_poweroff("${WIN_VM}")
621 if t.have_vm('W2K3C') and not t.skip("win2k3_member"):
622 t.start_winvm("W2K3C")
623 run_winjoin(t, "W2K3C")
624 test_winjoin(t, "W2K3C")
625 t.test_remote_smbclient("W2K3C", "administrator", "${PASSWORD1}")
626 t.vm_poweroff("${WIN_VM}")
628 if t.have_vm('W2K8R2C') and not t.skip("dcpromo_rodc"):
629 t.info("Testing w2k8r2 RODC dcpromo")
630 t.start_winvm("W2K8R2C")
631 t.test_remote_smbclient('W2K8R2C')
632 run_dcpromo_rodc(t, "W2K8R2C")
633 test_dcpromo_rodc(t, "W2K8R2C")
635 if t.have_vm('W2K8R2B') and not t.skip("dcpromo_w2k8r2"):
636 t.info("Testing w2k8r2 dcpromo")
637 t.start_winvm("W2K8R2B")
638 t.test_remote_smbclient('W2K8R2B')
639 run_dcpromo(t, "W2K8R2B")
640 test_dcpromo(t, "W2K8R2B")
642 if t.have_vm('W2K8B') and not t.skip("dcpromo_w2k8"):
643 t.info("Testing w2k8 dcpromo")
644 t.start_winvm("W2K8B")
645 t.test_remote_smbclient('W2K8B')
646 run_dcpromo(t, "W2K8B")
647 test_dcpromo(t, "W2K8B")
649 if t.have_vm('W2K3B') and not t.skip("dcpromo_w2k3"):
650 t.info("Testing w2k3 dcpromo")
651 t.info("Changing to 2003 functional level")
652 provision_s4(t, func_level='2003')
653 create_shares(t)
654 start_s4(t)
655 test_smbclient(t)
656 t.restart_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
657 test_dns(t)
658 test_kerberos(t)
659 test_dyndns(t)
660 t.start_winvm("W2K3B")
661 t.test_remote_smbclient('W2K3B')
662 run_dcpromo(t, "W2K3B")
663 test_dcpromo(t, "W2K3B")
665 if t.have_vm('W2K8R2A') and not t.skip("join_w2k8r2"):
666 t.start_winvm("W2K8R2A")
667 prep_join_as_dc(t, "W2K8R2A")
668 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
669 join_as_dc(t, "W2K8R2A")
670 create_shares(t)
671 start_s4(t)
672 test_dyndns(t)
673 test_join_as_dc(t, "W2K8R2A")
675 if t.have_vm('W2K8R2A') and not t.skip("join_rodc"):
676 t.start_winvm("W2K8R2A")
677 prep_join_as_dc(t, "W2K8R2A")
678 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
679 join_as_rodc(t, "W2K8R2A")
680 create_shares(t)
681 start_s4(t)
682 test_dyndns(t)
683 test_join_as_rodc(t, "W2K8R2A")
685 if t.have_vm('W2K3A') and not t.skip("join_w2k3"):
686 t.start_winvm("W2K3A")
687 prep_join_as_dc(t, "W2K3A")
688 t.run_dcpromo_as_first_dc("W2K3A", func_level='2003')
689 join_as_dc(t, "W2K3A")
690 create_shares(t)
691 start_s4(t)
692 test_dyndns(t)
693 test_join_as_dc(t, "W2K3A")
695 t.info("Howto test: All OK")
698 def test_cleanup(t):
699 '''cleanup after tests'''
700 t.info("Cleaning up ...")
701 t.restore_resolv_conf()
702 if getattr(t, 'bind_child', False):
703 t.bind_child.kill()
706 if __name__ == '__main__':
707 t = wintest.wintest()
709 t.setup("test-s4-howto.py", "source4")
711 try:
712 test_howto(t)
713 except:
714 if not t.opts.nocleanup:
715 test_cleanup(t)
716 raise
718 if not t.opts.nocleanup:
719 test_cleanup(t)
720 t.info("S4 howto test: All OK")