3 '''automated testing of the steps of the Samba4 HOWTO'''
6 import wintest
, pexpect
, time
, subprocess
9 t
.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf')
14 t
.chdir('${SOURCETREE}')
15 t
.putenv('CC', 'ccache gcc')
16 t
.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C')
18 t
.run_cmd('rm -rf ${PREFIX}')
19 t
.run_cmd('make -j install')
22 def provision_s4(t
, func_level
="2008"):
23 '''provision s4 as a DC'''
24 t
.info('Provisioning s4')
26 t
.del_files(["var", "private"])
27 t
.run_cmd("rm -f etc/smb.conf")
28 provision
=['bin/samba-tool',
33 '--adminpass=${PASSWORD1}',
34 '--server-role=domain controller',
35 '--function-level=%s' % func_level
,
37 '--option=interfaces=${INTERFACE}',
38 '--host-ip=${INTERFACE_IP}',
39 '--option=bind interfaces only=yes',
40 '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf',
42 '--dns-backend=${NAMESERVER_BACKEND}',
43 '${ALLOW_DNS_UPDATES}',
44 '${DNS_RECURSIVE_QUERIES}',
46 if t
.getvar('INTERFACE_IPV6'):
47 provision
.append('--host-ip6=${INTERFACE_IPV6}')
49 t
.run_cmd('bin/samba-tool user add testallowed ${PASSWORD1}')
50 t
.run_cmd('bin/samba-tool user add testdenied ${PASSWORD1}')
51 t
.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed')
56 t
.info('Starting Samba4')
58 t
.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail
=False)
59 t
.run_cmd(['sbin/samba',
60 '--option', 'panic action=gnome-terminal -e "gdb --pid %d"'])
61 t
.port_wait("${INTERFACE_IP}", 139)
63 def test_smbclient(t
):
64 '''test smbclient against localhost'''
65 t
.info('Testing smbclient')
66 smbclient
= t
.getvar("smbclient")
68 t
.cmd_contains("%s --version" % (smbclient
), ["Version 4.0"])
69 t
.retry_cmd('%s -L ${INTERFACE_IP} -U%%' % (smbclient
), ["netlogon", "sysvol", "IPC Service"])
70 child
= t
.pexpect_spawn('%s //${INTERFACE_IP}/netlogon -Uadministrator%%${PASSWORD1}' % (smbclient
))
73 child
.expect("blocks available")
74 child
.sendline("mkdir testdir")
76 child
.sendline("cd testdir")
77 child
.expect('testdir')
78 child
.sendline("cd ..")
79 child
.sendline("rmdir testdir")
83 '''create some test shares'''
84 t
.info("Adding test shares")
86 t
.write_file("etc/smb.conf", '''
91 path = ${PREFIX}/var/profiles
95 t
.run_cmd("mkdir -p test")
96 t
.run_cmd("mkdir -p var/profiles")
100 '''test that DNS is OK'''
101 t
.info("Testing DNS")
102 t
.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
103 ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
104 t
.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.",
105 ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
106 t
.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
107 ['${HOSTNAME}.${LCREALM} has address'])
109 def test_kerberos(t
):
110 '''test that kerberos is OK'''
111 t
.info("Testing kerberos")
112 t
.run_cmd("kdestroy")
113 t
.kinit("administrator@${REALM}", "${PASSWORD1}")
114 # this copes with the differences between MIT and Heimdal klist
115 t
.cmd_contains("klist", ["rincipal", "administrator@${REALM}"])
119 '''test that dynamic DNS is working'''
121 t
.run_cmd("sbin/samba_dnsupdate --fail-immediately")
122 if not t
.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
126 def run_winjoin(t
, vm
):
127 '''join a windows box to our domain'''
130 t
.run_winjoin(t
, "${LCREALM}")
132 def test_winjoin(t
, vm
):
133 t
.info("Checking the windows join is OK")
134 smbclient
= t
.getvar("smbclient")
136 t
.port_wait("${WIN_IP}", 139)
137 t
.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"], retries
=100)
138 t
.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
139 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
140 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
141 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
142 child
= t
.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}")
143 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
144 child
.expect("The command completed successfully")
147 def run_dcpromo(t
, vm
):
148 '''run a dcpromo on windows'''
151 t
.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo")
152 child
= t
.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip
=True, set_noexpire
=True)
153 child
.sendline("copy /Y con answers.txt")
157 RebootOnCompletion=Yes
158 ReplicaOrNewDomain=Replica
159 ReplicaDomainDNSName=${LCREALM}
160 SiteName=Default-First-Site-Name
163 CreateDNSDelegation=No
164 UserDomain=${LCREALM}
165 UserName=${LCREALM}\\administrator
166 Password=${PASSWORD1}
167 DatabasePath="C:\Windows\NTDS"
168 LogPath="C:\Windows\NTDS"
169 SYSVOLPath="C:\Windows\SYSVOL"
170 SafeModeAdminPassword=${PASSWORD1}
173 child
.expect("copied.")
176 child
.sendline("dcpromo /answer:answers.txt")
177 i
= child
.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout
=120)
179 child
.sendline("echo off")
180 child
.sendline("echo START DCPROMO log")
181 child
.sendline("more c:\windows\debug\dcpromoui.log")
182 child
.sendline("echo END DCPROMO log")
183 child
.expect("END DCPROMO")
184 raise Exception("dcpromo failed")
188 def test_dcpromo(t
, vm
):
189 '''test that dcpromo worked'''
190 t
.info("Checking the dcpromo join is OK")
191 smbclient
= t
.getvar("smbclient")
193 t
.port_wait("${WIN_IP}", 139)
194 t
.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${INTERFACE_IP}",
195 ['${WIN_HOSTNAME}.${LCREALM} has address'],
196 retries
=30, delay
=10, casefold
=True)
197 t
.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
198 t
.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
199 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
201 t
.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
202 t
.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
204 t
.kinit("administrator@${REALM}", "${PASSWORD1}")
206 # the first replication will transfer the dnsHostname attribute
207 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"])
209 for nc
in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
210 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc
, ["was successful"])
211 t
.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc
, ["was successful"])
213 t
.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
214 [ "INBOUND NEIGHBORS",
216 "Last attempt .* was successful",
217 "CN=Configuration,${BASEDN}",
218 "Last attempt .* was successful",
219 "CN=Configuration,${BASEDN}", # cope with either order
220 "Last attempt .* was successful",
221 "OUTBOUND NEIGHBORS",
224 "CN=Configuration,${BASEDN}",
226 "CN=Configuration,${BASEDN}",
231 t
.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
232 [ "INBOUND NEIGHBORS",
234 "Last attempt .* was successful",
235 "CN=Configuration,${BASEDN}",
236 "Last attempt .* was successful",
237 "CN=Configuration,${BASEDN}",
238 "Last attempt .* was successful",
239 "OUTBOUND NEIGHBORS",
242 "CN=Configuration,${BASEDN}",
244 "CN=Configuration,${BASEDN}",
249 child
= t
.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time
=True)
250 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
253 i
= child
.expect(["The command completed successfully", "The network path was not found"])
254 while i
== 1 and retries
> 0:
257 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
258 i
= child
.expect(["The command completed successfully", "The network path was not found"])
261 t
.run_net_time(child
)
263 t
.info("Checking if showrepl is happy")
264 child
.sendline("repadmin /showrepl")
265 child
.expect("${BASEDN}")
266 child
.expect("was successful")
267 child
.expect("CN=Configuration,${BASEDN}")
268 child
.expect("was successful")
269 child
.expect("CN=Schema,CN=Configuration,${BASEDN}")
270 child
.expect("was successful")
272 t
.info("Checking if new users propogate to windows")
273 t
.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
274 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['Sharename', 'Remote IPC'])
275 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['Sharename', 'Remote IPC'])
277 t
.info("Checking if new users on windows propogate to samba")
278 child
.sendline("net user test3 ${PASSWORD3} /add")
280 i
= child
.expect(["The command completed successfully",
281 "The directory service was unable to allocate a relative identifier"])
286 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['Sharename', 'IPC'])
287 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['Sharename', 'IPC'])
289 t
.info("Checking propogation of user deletion")
290 t
.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
291 child
.sendline("net user test3 /del")
292 child
.expect("The command completed successfully")
294 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['LOGON_FAILURE'])
295 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['LOGON_FAILURE'])
296 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['LOGON_FAILURE'])
297 t
.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['LOGON_FAILURE'])
298 t
.vm_poweroff("${WIN_VM}")
301 def run_dcpromo_rodc(t
, vm
):
302 '''run a RODC dcpromo to join a windows DC to the samba domain'''
304 t
.info("Joining a w2k8 box to the domain as a RODC")
305 t
.vm_poweroff("${WIN_VM}", checkfail
=False)
306 t
.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
307 child
= t
.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip
=True)
308 child
.sendline("copy /Y con answers.txt")
311 ReplicaOrNewDomain=ReadOnlyReplica
312 ReplicaDomainDNSName=${LCREALM}
313 PasswordReplicationDenied="BUILTIN\Administrators"
314 PasswordReplicationDenied="BUILTIN\Server Operators"
315 PasswordReplicationDenied="BUILTIN\Backup Operators"
316 PasswordReplicationDenied="BUILTIN\Account Operators"
317 PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group"
318 PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group"
319 DelegatedAdmin="${DOMAIN}\\Administrator"
320 SiteName=Default-First-Site-Name
323 CreateDNSDelegation=No
324 UserDomain=${LCREALM}
325 UserName=${LCREALM}\\administrator
326 Password=${PASSWORD1}
327 DatabasePath="C:\Windows\NTDS"
328 LogPath="C:\Windows\NTDS"
329 SYSVOLPath="C:\Windows\SYSVOL"
330 SafeModeAdminPassword=${PASSWORD1}
331 RebootOnCompletion=No
334 child
.expect("copied.")
335 child
.sendline("dcpromo /answer:answers.txt")
336 i
= child
.expect(["You must restart this computer", "failed", "could not be located in this domain"], timeout
=120)
338 child
.sendline("echo off")
339 child
.sendline("echo START DCPROMO log")
340 child
.sendline("more c:\windows\debug\dcpromoui.log")
341 child
.sendline("echo END DCPROMO log")
342 child
.expect("END DCPROMO")
343 raise Exception("dcpromo failed")
344 child
.sendline("shutdown -r -t 0")
349 def test_dcpromo_rodc(t
, vm
):
350 '''test the RODC dcpromo worked'''
351 t
.info("Checking the w2k8 RODC join is OK")
352 smbclient
= t
.getvar("smbclient")
354 t
.port_wait("${WIN_IP}", 139)
355 child
= t
.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time
=True)
356 child
.sendline("ipconfig /registerdns")
357 t
.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
358 t
.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
359 t
.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient
), ["C$", "IPC$", "Sharename"])
360 child
.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
361 child
.expect("The command completed successfully")
363 t
.info("Checking if showrepl is happy")
364 child
.sendline("repadmin /showrepl")
365 child
.expect("${BASEDN}")
366 child
.expect("was successful")
367 child
.expect("CN=Configuration,${BASEDN}")
368 child
.expect("was successful")
369 child
.expect("CN=Configuration,${BASEDN}")
370 child
.expect("was successful")
372 for nc
in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
373 t
.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc
, ["was successful"])
375 t
.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}",
376 [ "INBOUND NEIGHBORS",
377 "OUTBOUND NEIGHBORS",
379 "Last attempt.*was successful",
380 "CN=Configuration,${BASEDN}",
381 "Last attempt.*was successful",
382 "CN=Configuration,${BASEDN}",
383 "Last attempt.*was successful" ],
387 t
.info("Checking if new users are available on windows")
388 t
.run_cmd('bin/samba-tool user add test2 ${PASSWORD2}')
389 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['Sharename', 'Remote IPC'])
390 t
.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN}", ["was successful"])
391 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['Sharename', 'Remote IPC'])
392 t
.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
393 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['LOGON_FAILURE'])
394 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['LOGON_FAILURE'])
395 t
.vm_poweroff("${WIN_VM}")
398 def prep_join_as_dc(t
, vm
):
399 '''start VM and shutdown Samba in preperation to join a windows domain as a DC'''
400 t
.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool domain join DC")
402 t
.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail
=False)
403 if not t
.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
405 t
.run_cmd("rm -rf etc/smb.conf private")
406 child
= t
.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time
=True)
407 t
.get_ipconfig(child
)
409 def join_as_dc(t
, vm
):
410 '''join a windows domain as a DC'''
412 t
.info("Joining ${WIN_VM} as a second DC using samba-tool domain join DC")
413 t
.port_wait("${WIN_IP}", 389)
414 t
.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
416 t
.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
417 t
.run_cmd('bin/samba-tool domain join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
418 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
421 def test_join_as_dc(t
, vm
):
422 '''test the join of a windows domain as a DC'''
423 t
.info("Checking the DC join is OK")
424 smbclient
= t
.getvar("smbclient")
426 t
.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient
), ["C$", "IPC$", "Sharename"])
427 t
.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
428 child
= t
.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time
=True)
430 t
.info("Forcing kcc runs, and replication")
431 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
432 t
.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
434 t
.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
435 for nc
in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
436 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc
, ["was successful"])
437 t
.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc
, ["was successful"])
439 child
.sendline("ipconfig /flushdns")
440 child
.expect("Successfully flushed")
444 while i
== 1 and retries
> 0:
445 child
.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
446 i
= child
.expect(["The command completed successfully", "The network path was not found"])
452 t
.info("Checking if showrepl is happy")
453 child
.sendline("repadmin /showrepl")
454 child
.expect("${WIN_BASEDN}")
455 child
.expect("was successful")
456 child
.expect("CN=Configuration,${WIN_BASEDN}")
457 child
.expect("was successful")
458 child
.expect("CN=Configuration,${WIN_BASEDN}")
459 child
.expect("was successful")
461 t
.info("Checking if new users propogate to windows")
462 t
.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
463 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['Sharename', 'Remote IPC'])
464 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['Sharename', 'Remote IPC'])
466 t
.info("Checking if new users on windows propogate to samba")
467 child
.sendline("net user test3 ${PASSWORD3} /add")
468 child
.expect("The command completed successfully")
469 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['Sharename', 'IPC'])
470 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['Sharename', 'IPC'])
472 t
.info("Checking propogation of user deletion")
473 t
.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}')
474 child
.sendline("net user test3 /del")
475 child
.expect("The command completed successfully")
477 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient
), ['LOGON_FAILURE'])
478 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['LOGON_FAILURE'])
479 t
.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient
), ['LOGON_FAILURE'])
480 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['LOGON_FAILURE'])
482 t
.run_cmd('bin/samba-tool domain demote -Uadministrator@${WIN_REALM}%${WIN_PASS}')
484 t
.vm_poweroff("${WIN_VM}")
487 def join_as_rodc(t
, vm
):
488 '''join a windows domain as a RODC'''
490 t
.info("Joining ${WIN_VM} as a RODC using samba-tool domain join DC")
491 t
.port_wait("${WIN_IP}", 389)
492 t
.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
493 t
.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
494 t
.run_cmd('bin/samba-tool domain join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
495 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
498 def test_join_as_rodc(t
, vm
):
499 '''test a windows domain RODC join'''
500 t
.info("Checking the RODC join is OK")
501 smbclient
= t
.getvar("smbclient")
503 t
.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient
), ["C$", "IPC$", "Sharename"])
504 t
.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
505 child
= t
.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time
=True)
507 t
.info("Forcing kcc runs, and replication")
508 t
.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
509 t
.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
511 t
.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
512 for nc
in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
513 t
.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc
, ["was successful"])
517 while i
== 1 and retries
> 0:
518 child
.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
519 i
= child
.expect(["The command completed successfully", "The network path was not found"])
525 t
.info("Checking if showrepl is happy")
526 child
.sendline("repadmin /showrepl")
527 child
.expect("DSA invocationID")
529 t
.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
530 [ "INBOUND NEIGHBORS",
531 "OUTBOUND NEIGHBORS",
533 "Last attempt .* was successful",
534 "CN=Configuration,${WIN_BASEDN}",
535 "Last attempt .* was successful",
536 "CN=Configuration,${WIN_BASEDN}",
537 "Last attempt .* was successful" ],
541 t
.info("Checking if new users on windows propogate to samba")
542 child
.sendline("net user test3 ${PASSWORD3} /add")
543 child
.expect("The command completed successfully")
544 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['Sharename', 'IPC'])
545 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['Sharename', 'IPC'])
548 t
.info("Checking if new users propogate to windows")
549 t
.cmd_contains('bin/samba-tool user add test2 ${PASSWORD2}', ['No RID Set DN'])
551 t
.info("Checking propogation of user deletion")
552 child
.sendline("net user test3 /del")
553 child
.expect("The command completed successfully")
555 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient
), ['LOGON_FAILURE'])
556 t
.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient
), ['LOGON_FAILURE'])
557 t
.vm_poweroff("${WIN_VM}")
561 '''test the Samba4 howto'''
563 t
.setvar("SAMBA_VERSION", "Version 4")
564 t
.setvar("smbclient", "bin/smbclient4")
565 t
.check_prerequesites()
567 # we don't need fsync safety in these tests
568 t
.putenv('TDB_NO_FSYNC', '1')
570 if not t
.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
571 if not t
.skip("configure_bind"):
572 t
.configure_bind(kerberos_support
=True, include
='${PREFIX}/private/named.conf')
573 if not t
.skip("stop_bind"):
576 if not t
.skip("stop_vms"):
579 if not t
.skip("build"):
582 if not t
.skip("provision"):
587 if not t
.skip("create-shares"):
590 if not t
.skip("starts4"):
592 if not t
.skip("smbclient"):
595 t
.set_nameserver(t
.getvar('INTERFACE_IP'))
597 if not t
.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
598 if not t
.skip("configure_bind2"):
599 t
.configure_bind(kerberos_support
=True, include
='${PREFIX}/private/named.conf')
600 if not t
.skip("start_bind"):
603 if not t
.skip("dns"):
605 if not t
.skip("kerberos"):
607 if not t
.skip("dyndns"):
610 if t
.have_vm('WINDOWS7') and not t
.skip("windows7"):
611 t
.start_winvm("WINDOWS7")
612 t
.test_remote_smbclient("WINDOWS7")
613 run_winjoin(t
, "WINDOWS7")
614 test_winjoin(t
, "WINDOWS7")
615 t
.vm_poweroff("${WIN_VM}")
617 if t
.have_vm('WINXP') and not t
.skip("winxp"):
618 t
.start_winvm("WINXP")
619 run_winjoin(t
, "WINXP")
620 test_winjoin(t
, "WINXP")
621 t
.test_remote_smbclient("WINXP", "administrator", "${PASSWORD1}")
622 t
.vm_poweroff("${WIN_VM}")
624 if t
.have_vm('W2K3C') and not t
.skip("win2k3_member"):
625 t
.start_winvm("W2K3C")
626 run_winjoin(t
, "W2K3C")
627 test_winjoin(t
, "W2K3C")
628 t
.test_remote_smbclient("W2K3C", "administrator", "${PASSWORD1}")
629 t
.vm_poweroff("${WIN_VM}")
631 if t
.have_vm('W2K8R2C') and not t
.skip("dcpromo_rodc"):
632 t
.info("Testing w2k8r2 RODC dcpromo")
633 t
.start_winvm("W2K8R2C")
634 t
.test_remote_smbclient('W2K8R2C')
635 run_dcpromo_rodc(t
, "W2K8R2C")
636 test_dcpromo_rodc(t
, "W2K8R2C")
638 if t
.have_vm('W2K8R2B') and not t
.skip("dcpromo_w2k8r2"):
639 t
.info("Testing w2k8r2 dcpromo")
640 t
.start_winvm("W2K8R2B")
641 t
.test_remote_smbclient('W2K8R2B')
642 run_dcpromo(t
, "W2K8R2B")
643 test_dcpromo(t
, "W2K8R2B")
645 if t
.have_vm('W2K8B') and not t
.skip("dcpromo_w2k8"):
646 t
.info("Testing w2k8 dcpromo")
647 t
.start_winvm("W2K8B")
648 t
.test_remote_smbclient('W2K8B')
649 run_dcpromo(t
, "W2K8B")
650 test_dcpromo(t
, "W2K8B")
652 if t
.have_vm('W2K3B') and not t
.skip("dcpromo_w2k3"):
653 t
.info("Testing w2k3 dcpromo")
654 t
.info("Changing to 2003 functional level")
655 provision_s4(t
, func_level
='2003')
659 t
.restart_bind(kerberos_support
=True, include
='${PREFIX}/private/named.conf')
663 t
.start_winvm("W2K3B")
664 t
.test_remote_smbclient('W2K3B')
665 run_dcpromo(t
, "W2K3B")
666 test_dcpromo(t
, "W2K3B")
668 if t
.have_vm('W2K8R2A') and not t
.skip("join_w2k8r2"):
669 t
.start_winvm("W2K8R2A")
670 prep_join_as_dc(t
, "W2K8R2A")
671 t
.run_dcpromo_as_first_dc("W2K8R2A", func_level
='2008r2')
672 join_as_dc(t
, "W2K8R2A")
676 test_join_as_dc(t
, "W2K8R2A")
678 if t
.have_vm('W2K8R2A') and not t
.skip("join_rodc"):
679 t
.start_winvm("W2K8R2A")
680 prep_join_as_dc(t
, "W2K8R2A")
681 t
.run_dcpromo_as_first_dc("W2K8R2A", func_level
='2008r2')
682 join_as_rodc(t
, "W2K8R2A")
686 test_join_as_rodc(t
, "W2K8R2A")
688 if t
.have_vm('W2K3A') and not t
.skip("join_w2k3"):
689 t
.start_winvm("W2K3A")
690 prep_join_as_dc(t
, "W2K3A")
691 t
.run_dcpromo_as_first_dc("W2K3A", func_level
='2003')
692 join_as_dc(t
, "W2K3A")
696 test_join_as_dc(t
, "W2K3A")
698 t
.info("Howto test: All OK")
702 '''cleanup after tests'''
703 t
.info("Cleaning up ...")
704 t
.restore_resolv_conf()
705 if getattr(t
, 'bind_child', False):
709 if __name__
== '__main__':
710 t
= wintest
.wintest()
712 t
.setup("test-s4-howto.py", "source4")
717 if not t
.opts
.nocleanup
:
721 if not t
.opts
.nocleanup
:
723 t
.info("S4 howto test: All OK")