tests/krb5: Fix PK-INIT test framework to allow expired password keys
[samba.git] / wintest / test-s4-howto.py
blobe52711f65052295ced1efccd29437304a8e087ae
1 #!/usr/bin/env python3
3 '''automated testing of the steps of the Samba4 HOWTO'''
5 import sys
6 import os
7 import wintest
8 import pexpect
9 import time
10 import subprocess
13 def set_krb5_conf(t):
14 t.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf')
17 def build_s4(t):
18 '''build samba4'''
19 t.info('Building s4')
20 t.chdir('${SOURCETREE}')
21 t.putenv('CC', 'ccache gcc')
22 t.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C')
23 t.run_cmd('make -j')
24 t.run_cmd('rm -rf ${PREFIX}')
25 t.run_cmd('make -j install')
28 def provision_s4(t, func_level="2008"):
29 '''provision s4 as a DC'''
30 t.info('Provisioning s4')
31 t.chdir('${PREFIX}')
32 t.del_files(["var", "private"])
33 t.run_cmd("rm -f etc/smb.conf")
34 provision = ['bin/samba-tool',
35 'domain',
36 'provision',
37 '--realm=${LCREALM}',
38 '--domain=${DOMAIN}',
39 '--adminpass=${PASSWORD1}',
40 '--server-role=domain controller',
41 '--function-level=%s' % func_level,
42 '-d${DEBUGLEVEL}',
43 '--option=interfaces=${INTERFACE}',
44 '--host-ip=${INTERFACE_IP}',
45 '--option=bind interfaces only=yes',
46 '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf',
47 '--dns-backend=${NAMESERVER_BACKEND}',
48 '${DNS_FORWARDER}']
49 if t.getvar('USE_NTVFS'):
50 provision.append('${USE_NTVFS}')
52 if t.getvar('INTERFACE_IPV6'):
53 provision.append('--host-ip6=${INTERFACE_IPV6}')
54 t.run_cmd(provision)
55 t.run_cmd('bin/samba-tool user add testallowed ${PASSWORD1}')
56 t.run_cmd('bin/samba-tool user add testdenied ${PASSWORD1}')
57 t.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed')
60 def start_s4(t):
61 '''startup samba4'''
62 t.info('Starting Samba4')
63 t.chdir("${PREFIX}")
64 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
65 t.run_cmd(['sbin/samba',
66 '--option', 'panic action=gnome-terminal -e "gdb --pid %d"', '--option', 'max protocol=nt1'])
67 t.port_wait("${INTERFACE_IP}", 139)
70 def test_smbclient(t):
71 '''test smbclient against localhost'''
72 t.info('Testing smbclient')
73 smbclient = t.getvar("smbclient")
74 t.chdir('${PREFIX}')
75 t.cmd_contains("%s --version" % (smbclient), ["Version 4.1"])
76 t.retry_cmd('%s -L ${INTERFACE_IP} -U%%' % (smbclient), ["netlogon", "sysvol", "IPC Service"])
77 child = t.pexpect_spawn('%s //${INTERFACE_IP}/netlogon -Uadministrator%%${PASSWORD1}' % (smbclient))
78 child.expect("smb:")
79 child.sendline("dir")
80 child.expect("blocks available")
81 child.sendline("mkdir testdir")
82 child.expect("smb:")
83 child.sendline("cd testdir")
84 child.expect('testdir')
85 child.sendline("cd ..")
86 child.sendline("rmdir testdir")
89 def create_shares(t):
90 '''create some test shares'''
91 t.info("Adding test shares")
92 t.chdir('${PREFIX}')
93 t.write_file("etc/smb.conf", '''
94 [test]
95 path = ${PREFIX}/test
96 read only = no
97 [profiles]
98 path = ${PREFIX}/var/profiles
99 read only = no
100 ''',
101 mode='a')
102 t.run_cmd("mkdir -p test")
103 t.run_cmd("mkdir -p var/profiles")
106 def test_dns(t):
107 '''test that DNS is OK'''
108 t.info("Testing DNS")
109 t.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
110 ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
111 t.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.",
112 ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
113 t.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
114 ['${HOSTNAME}.${LCREALM} has address'])
117 def test_kerberos(t):
118 '''test that kerberos is OK'''
119 t.info("Testing kerberos")
120 t.run_cmd("kdestroy")
121 t.kinit("administrator@${REALM}", "${PASSWORD1}")
122 # this copes with the differences between MIT and Heimdal klist
123 t.cmd_contains("klist", ["rincipal", "administrator@${REALM}"])
126 def test_dyndns(t):
127 '''test that dynamic DNS is working'''
128 t.chdir('${PREFIX}')
129 t.run_cmd("sbin/samba_dnsupdate --fail-immediately")
130 if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
131 t.rndc_cmd("flush")
134 def run_winjoin(t, vm):
135 '''join a windows box to our domain'''
136 t.setwinvars(vm)
138 t.run_winjoin(t, "${LCREALM}")
141 def test_winjoin(t, vm):
142 t.info("Checking the windows join is OK")
143 smbclient = t.getvar("smbclient")
144 t.chdir('${PREFIX}')
145 t.port_wait("${WIN_IP}", 139)
146 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"], retries=100)
147 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
148 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
149 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
150 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
151 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}")
152 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
153 child.expect("The command completed successfully")
156 def run_dcpromo(t, vm):
157 '''run a dcpromo on windows'''
158 t.setwinvars(vm)
160 t.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo")
161 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True, set_noexpire=True)
162 child.sendline("copy /Y con answers.txt")
163 child.sendline(br'''
164 [DCINSTALL]
165 RebootOnSuccess=Yes
166 RebootOnCompletion=Yes
167 ReplicaOrNewDomain=Replica
168 ReplicaDomainDNSName=${LCREALM}
169 SiteName=Default-First-Site-Name
170 InstallDNS=No
171 ConfirmGc=Yes
172 CreateDNSDelegation=No
173 UserDomain=${LCREALM}
174 UserName=${LCREALM}\administrator
175 Password=${PASSWORD1}
176 DatabasePath="C:\Windows\NTDS"
177 LogPath="C:\Windows\NTDS"
178 SYSVOLPath="C:\Windows\SYSVOL"
179 SafeModeAdminPassword=${PASSWORD1}
180 \x1a
181 ''')
182 child.expect("copied.")
183 child.expect("C:")
184 child.expect("C:")
185 child.sendline("dcpromo /answer:answers.txt")
186 i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout=240)
187 if i == 1 or i == 2:
188 child.sendline("echo off")
189 child.sendline("echo START DCPROMO log")
190 child.sendline(r"more c:\windows\debug\dcpromoui.log")
191 child.sendline("echo END DCPROMO log")
192 child.expect("END DCPROMO")
193 raise Exception("dcpromo failed")
194 t.wait_reboot()
197 def test_dcpromo(t, vm):
198 '''test that dcpromo worked'''
199 t.info("Checking the dcpromo join is OK")
200 smbclient = t.getvar("smbclient")
201 t.chdir('${PREFIX}')
202 t.port_wait("${WIN_IP}", 139)
203 t.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${NAMED_INTERFACE_IP}",
204 ['${WIN_HOSTNAME}.${LCREALM} has address'],
205 retries=30, delay=10, casefold=True)
206 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
207 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
208 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
210 t.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
211 t.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
213 t.kinit("administrator@${REALM}", "${PASSWORD1}")
215 # the first replication will transfer the dnsHostname attribute
216 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"])
218 for nc in ['${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}']:
219 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
220 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
222 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
223 ["INBOUND NEIGHBORS",
224 "${BASEDN}",
225 "Last attempt .* was successful",
226 "CN=Configuration,${BASEDN}",
227 "Last attempt .* was successful",
228 "CN=Configuration,${BASEDN}", # cope with either order
229 "Last attempt .* was successful",
230 "OUTBOUND NEIGHBORS",
231 "${BASEDN}",
232 "Last success",
233 "CN=Configuration,${BASEDN}",
234 "Last success",
235 "CN=Configuration,${BASEDN}",
236 "Last success"],
237 ordered=True,
238 regex=True)
240 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
241 ["INBOUND NEIGHBORS",
242 "${BASEDN}",
243 "Last attempt .* was successful",
244 "CN=Configuration,${BASEDN}",
245 "Last attempt .* was successful",
246 "CN=Configuration,${BASEDN}",
247 "Last attempt .* was successful",
248 "OUTBOUND NEIGHBORS",
249 "${BASEDN}",
250 "Last success",
251 "CN=Configuration,${BASEDN}",
252 "Last success",
253 "CN=Configuration,${BASEDN}",
254 "Last success"],
255 ordered=True,
256 regex=True)
258 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
259 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
261 retries = 10
262 i = child.expect(["The command completed successfully", "The network path was not found"])
263 while i == 1 and retries > 0:
264 child.expect("C:")
265 time.sleep(2)
266 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
267 i = child.expect(["The command completed successfully", "The network path was not found"])
268 retries -= 1
270 t.run_net_time(child)
272 t.info("Checking if showrepl is happy")
273 child.sendline("repadmin /showrepl")
274 child.expect("${BASEDN}")
275 child.expect("was successful")
276 child.expect("CN=Configuration,${BASEDN}")
277 child.expect("was successful")
278 child.expect("CN=Schema,CN=Configuration,${BASEDN}")
279 child.expect("was successful")
281 t.info("Checking if new users propagate to windows")
282 t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
283 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
284 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
286 t.info("Checking if new users on windows propagate to samba")
287 child.sendline("net user test3 ${PASSWORD3} /add")
288 while True:
289 i = child.expect(["The command completed successfully",
290 "The directory service was unable to allocate a relative identifier"])
291 if i == 0:
292 break
293 time.sleep(2)
295 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
296 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
298 t.info("Checking propagation of user deletion")
299 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
300 child.sendline("net user test3 /del")
301 child.expect("The command completed successfully")
303 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
304 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
305 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
306 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
307 t.vm_poweroff("${WIN_VM}")
310 def run_dcpromo_rodc(t, vm):
311 '''run a RODC dcpromo to join a windows DC to the samba domain'''
312 t.setwinvars(vm)
313 t.info("Joining a w2k8 box to the domain as a RODC")
314 t.vm_poweroff("${WIN_VM}", checkfail=False)
315 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
316 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True)
317 child.sendline("copy /Y con answers.txt")
318 child.sendline(br'''
319 [DCInstall]
320 ReplicaOrNewDomain=ReadOnlyReplica
321 ReplicaDomainDNSName=${LCREALM}
322 PasswordReplicationDenied="BUILTIN\Administrators"
323 PasswordReplicationDenied="BUILTIN\Server Operators"
324 PasswordReplicationDenied="BUILTIN\Backup Operators"
325 PasswordReplicationDenied="BUILTIN\Account Operators"
326 PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group"
327 PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group"
328 DelegatedAdmin="${DOMAIN}\Administrator"
329 SiteName=Default-First-Site-Name
330 InstallDNS=No
331 ConfirmGc=Yes
332 CreateDNSDelegation=No
333 UserDomain=${LCREALM}
334 UserName=${LCREALM}\administrator
335 Password=${PASSWORD1}
336 DatabasePath="C:\Windows\NTDS"
337 LogPath="C:\Windows\NTDS"
338 SYSVOLPath="C:\Windows\SYSVOL"
339 SafeModeAdminPassword=${PASSWORD1}
340 RebootOnCompletion=No
341 \x1a
342 ''')
343 child.expect("copied.")
344 child.sendline("dcpromo /answer:answers.txt")
345 i = child.expect(["You must restart this computer", "failed", "could not be located in this domain"], timeout=120)
346 if i != 0:
347 child.sendline("echo off")
348 child.sendline("echo START DCPROMO log")
349 child.sendline(r"more c:\windows\debug\dcpromoui.log")
350 child.sendline("echo END DCPROMO log")
351 child.expect("END DCPROMO")
352 raise Exception("dcpromo failed")
353 child.sendline("shutdown -r -t 0")
354 t.wait_reboot()
357 def test_dcpromo_rodc(t, vm):
358 '''test the RODC dcpromo worked'''
359 t.info("Checking the w2k8 RODC join is OK")
360 smbclient = t.getvar("smbclient")
361 t.chdir('${PREFIX}')
362 t.port_wait("${WIN_IP}", 139)
363 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
364 child.sendline("ipconfig /registerdns")
365 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
366 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
367 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
368 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
369 child.expect("The command completed successfully")
371 t.info("Checking if showrepl is happy")
372 child.sendline("repadmin /showrepl")
373 child.expect("${BASEDN}")
374 child.expect("was successful")
375 child.expect("CN=Configuration,${BASEDN}")
376 child.expect("was successful")
377 child.expect("CN=Configuration,${BASEDN}")
378 child.expect("was successful")
380 for nc in ['${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}']:
381 t.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc, ["was successful"])
383 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}",
384 ["INBOUND NEIGHBORS",
385 "OUTBOUND NEIGHBORS",
386 "${BASEDN}",
387 "Last attempt.*was successful",
388 "CN=Configuration,${BASEDN}",
389 "Last attempt.*was successful",
390 "CN=Configuration,${BASEDN}",
391 "Last attempt.*was successful"],
392 ordered=True,
393 regex=True)
395 t.info("Checking if new users are available on windows")
396 t.run_cmd('bin/samba-tool user add test2 ${PASSWORD2}')
397 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
398 t.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN}", ["was successful"])
399 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
400 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
401 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
402 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
403 t.vm_poweroff("${WIN_VM}")
406 def prep_join_as_dc(t, vm):
407 '''start VM and shutdown Samba in preparation to join a windows domain as a DC'''
408 t.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool domain join DC")
409 t.chdir('${PREFIX}')
410 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
411 if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
412 t.rndc_cmd('flush')
413 t.run_cmd("rm -rf etc/smb.conf private")
414 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
415 t.get_ipconfig(child)
418 def join_as_dc(t, vm):
419 '''join a windows domain as a DC'''
420 t.setwinvars(vm)
421 t.info("Joining ${WIN_VM} as a second DC using samba-tool domain join DC")
422 t.port_wait("${WIN_IP}", 389)
423 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'])
425 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'])
426 t.run_cmd('bin/samba-tool domain join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
427 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
430 def test_join_as_dc(t, vm):
431 '''test the join of a windows domain as a DC'''
432 t.info("Checking the DC join is OK")
433 smbclient = t.getvar("smbclient")
434 t.chdir('${PREFIX}')
435 t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
436 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
437 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
439 t.info("Forcing kcc runs, and replication")
440 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
441 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
443 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
444 for nc in ['${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}']:
445 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
446 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
448 child.sendline("ipconfig /flushdns")
449 child.expect("Successfully flushed")
451 retries = 10
452 i = 1
453 while i == 1 and retries > 0:
454 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
455 i = child.expect(["The command completed successfully", "The network path was not found"])
456 child.expect("C:")
457 if i == 1:
458 time.sleep(2)
459 retries -= 1
461 t.info("Checking if showrepl is happy")
462 child.sendline("repadmin /showrepl")
463 child.expect("${WIN_BASEDN}")
464 child.expect("was successful")
465 child.expect("CN=Configuration,${WIN_BASEDN}")
466 child.expect("was successful")
467 child.expect("CN=Configuration,${WIN_BASEDN}")
468 child.expect("was successful")
470 t.info("Checking if new users propagate to windows")
471 t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
472 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
473 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
475 t.info("Checking if new users on windows propagate to samba")
476 child.sendline("net user test3 ${PASSWORD3} /add")
477 child.expect("The command completed successfully")
478 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
479 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
481 t.info("Checking propagation of user deletion")
482 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}')
483 child.sendline("net user test3 /del")
484 child.expect("The command completed successfully")
486 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
487 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
488 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
489 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
491 t.run_cmd('bin/samba-tool domain demote -Uadministrator@${WIN_REALM}%${WIN_PASS}')
493 t.vm_poweroff("${WIN_VM}")
496 def join_as_rodc(t, vm):
497 '''join a windows domain as a RODC'''
498 t.setwinvars(vm)
499 t.info("Joining ${WIN_VM} as a RODC using samba-tool domain join DC")
500 t.port_wait("${WIN_IP}", 389)
501 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'])
502 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'])
503 t.run_cmd('bin/samba-tool domain join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
504 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
507 def test_join_as_rodc(t, vm):
508 '''test a windows domain RODC join'''
509 t.info("Checking the RODC join is OK")
510 smbclient = t.getvar("smbclient")
511 t.chdir('${PREFIX}')
512 t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
513 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
514 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
516 t.info("Forcing kcc runs, and replication")
517 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
518 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
520 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
521 for nc in ['${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}']:
522 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
524 retries = 10
525 i = 1
526 while i == 1 and retries > 0:
527 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
528 i = child.expect(["The command completed successfully", "The network path was not found"])
529 child.expect("C:")
530 if i == 1:
531 time.sleep(2)
532 retries -= 1
534 t.info("Checking if showrepl is happy")
535 child.sendline("repadmin /showrepl")
536 child.expect("DSA invocationID")
538 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
539 ["INBOUND NEIGHBORS",
540 "OUTBOUND NEIGHBORS",
541 "${WIN_BASEDN}",
542 "Last attempt .* was successful",
543 "CN=Configuration,${WIN_BASEDN}",
544 "Last attempt .* was successful",
545 "CN=Configuration,${WIN_BASEDN}",
546 "Last attempt .* was successful"],
547 ordered=True,
548 regex=True)
550 t.info("Checking if new users on windows propagate to samba")
551 child.sendline("net user test3 ${PASSWORD3} /add")
552 child.expect("The command completed successfully")
553 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
554 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
556 # should this work?
557 t.info("Checking if new users propagate to windows")
558 t.cmd_contains('bin/samba-tool user add test2 ${PASSWORD2}', ['No RID Set DN'])
560 t.info("Checking propagation of user deletion")
561 child.sendline("net user test3 /del")
562 child.expect("The command completed successfully")
564 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
565 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
566 t.vm_poweroff("${WIN_VM}")
569 def test_howto(t):
570 '''test the Samba4 howto'''
572 t.setvar("SAMBA_VERSION", "Version 4")
573 t.setvar("smbclient", "bin/smbclient4")
574 t.check_prerequesites()
576 # we don't need fsync safety in these tests
577 t.putenv('TDB_NO_FSYNC', '1')
579 if not t.skip("configure_bind"):
580 t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
581 if not t.skip("stop_bind"):
582 t.stop_bind()
584 if not t.skip("stop_vms"):
585 t.stop_vms()
587 if not t.skip("build"):
588 build_s4(t)
590 if not t.skip("provision"):
591 provision_s4(t)
593 set_krb5_conf(t)
595 if not t.skip("create-shares"):
596 create_shares(t)
598 if not t.skip("starts4"):
599 start_s4(t)
600 if not t.skip("smbclient"):
601 test_smbclient(t)
603 if not t.skip("configure_bind2"):
604 t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
605 if not t.skip("start_bind"):
606 t.start_bind()
608 if not t.skip("dns"):
609 test_dns(t)
610 if not t.skip("kerberos"):
611 test_kerberos(t)
612 if not t.skip("dyndns"):
613 test_dyndns(t)
615 if t.have_vm('WINDOWS7') and not t.skip("windows7"):
616 t.start_winvm("WINDOWS7")
617 t.test_remote_smbclient("WINDOWS7")
618 run_winjoin(t, "WINDOWS7")
619 test_winjoin(t, "WINDOWS7")
620 t.vm_poweroff("${WIN_VM}")
622 if t.have_vm('WINXP') and not t.skip("winxp"):
623 t.start_winvm("WINXP")
624 run_winjoin(t, "WINXP")
625 test_winjoin(t, "WINXP")
626 t.test_remote_smbclient("WINXP", "administrator", "${PASSWORD1}")
627 t.vm_poweroff("${WIN_VM}")
629 if t.have_vm('W2K3C') and not t.skip("win2k3_member"):
630 t.start_winvm("W2K3C")
631 run_winjoin(t, "W2K3C")
632 test_winjoin(t, "W2K3C")
633 t.test_remote_smbclient("W2K3C", "administrator", "${PASSWORD1}")
634 t.vm_poweroff("${WIN_VM}")
636 if t.have_vm('W2K8R2C') and not t.skip("dcpromo_rodc"):
637 t.info("Testing w2k8r2 RODC dcpromo")
638 t.start_winvm("W2K8R2C")
639 t.test_remote_smbclient('W2K8R2C')
640 run_dcpromo_rodc(t, "W2K8R2C")
641 test_dcpromo_rodc(t, "W2K8R2C")
643 if t.have_vm('W2K8R2B') and not t.skip("dcpromo_w2k8r2"):
644 t.info("Testing w2k8r2 dcpromo")
645 t.start_winvm("W2K8R2B")
646 t.test_remote_smbclient('W2K8R2B')
647 run_dcpromo(t, "W2K8R2B")
648 test_dcpromo(t, "W2K8R2B")
650 if t.have_vm('W2K8B') and not t.skip("dcpromo_w2k8"):
651 t.info("Testing w2k8 dcpromo")
652 t.start_winvm("W2K8B")
653 t.test_remote_smbclient('W2K8B')
654 run_dcpromo(t, "W2K8B")
655 test_dcpromo(t, "W2K8B")
657 if t.have_vm('W2K3B') and not t.skip("dcpromo_w2k3"):
658 t.info("Testing w2k3 dcpromo")
659 t.info("Changing to 2003 functional level")
660 provision_s4(t, func_level='2003')
661 create_shares(t)
662 start_s4(t)
663 test_smbclient(t)
664 t.restart_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
665 test_dns(t)
666 test_kerberos(t)
667 test_dyndns(t)
668 t.start_winvm("W2K3B")
669 t.test_remote_smbclient('W2K3B')
670 run_dcpromo(t, "W2K3B")
671 test_dcpromo(t, "W2K3B")
673 if t.have_vm('W2K8R2A') and not t.skip("join_w2k8r2"):
674 t.start_winvm("W2K8R2A")
675 prep_join_as_dc(t, "W2K8R2A")
676 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
677 join_as_dc(t, "W2K8R2A")
678 create_shares(t)
679 start_s4(t)
680 test_dyndns(t)
681 test_join_as_dc(t, "W2K8R2A")
683 if t.have_vm('W2K8R2A') and not t.skip("join_rodc"):
684 t.start_winvm("W2K8R2A")
685 prep_join_as_dc(t, "W2K8R2A")
686 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
687 join_as_rodc(t, "W2K8R2A")
688 create_shares(t)
689 start_s4(t)
690 test_dyndns(t)
691 test_join_as_rodc(t, "W2K8R2A")
693 if t.have_vm('W2K3A') and not t.skip("join_w2k3"):
694 t.start_winvm("W2K3A")
695 prep_join_as_dc(t, "W2K3A")
696 t.run_dcpromo_as_first_dc("W2K3A", func_level='2003')
697 join_as_dc(t, "W2K3A")
698 create_shares(t)
699 start_s4(t)
700 test_dyndns(t)
701 test_join_as_dc(t, "W2K3A")
703 t.info("Howto test: All OK")
706 def test_cleanup(t):
707 '''cleanup after tests'''
708 t.info("Cleaning up ...")
709 t.restore_resolv_conf()
710 if getattr(t, 'bind_child', False):
711 t.bind_child.kill()
714 if __name__ == '__main__':
715 t = wintest.wintest()
717 t.setup("test-s4-howto.py", "source4")
719 try:
720 test_howto(t)
721 except:
722 if not t.opts.nocleanup:
723 test_cleanup(t)
724 raise
726 if not t.opts.nocleanup:
727 test_cleanup(t)
728 t.info("S4 howto test: All OK")