rndc command = true
dns update command = $ctx->{samba_dnsupdate}
spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate -s $ctx->{smb_conf}
+ gpo update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_gpoupdate -s $ctx->{smb_conf} -H $ctx->{privatedir}/sam.ldb --machine
dreplsrv:periodic_startup_interval = 0
dsdb:schema update allowed = yes
+ prefork children = 4
+
vfs objects = dfs_samba4 acl_xattr fake_acls xattr_tdb streams_depot
idmap_ldb:use rfc2307=yes
# the source4 smb server doesn't allow signing by default
server signing = enabled
+raw NTLMv2 auth = yes
rpc_server:default = external
rpc_server:svcctl = embedded
server services = +winbind -winbindd
ldap server require strong auth = allow_sasl_over_tls
allow nt4 crypto = yes
+ raw NTLMv2 auth = yes
lsa over netlogon = yes
rpc server port = 1027
auth event notification = true
+ server schannel = auto
";
my $ret = $self->provision($prefix,
"domain controller",
spnego:simulate_w2k=yes
ntlmssp_server:force_old_spnego=yes
";
+ my $extra_provision_options = undef;
+ # This environment uses plain text secrets
+ # i.e. secret attributes are not encrypted on disk.
+ # This allows testing of the --plaintext-secrets option for
+ # provision
+ push (@{$extra_provision_options}, "--plaintext-secrets");
my $ret = $self->provision($prefix,
"domain controller",
"dc5",
undef,
$extra_conf_options,
"",
- undef);
+ $extra_provision_options);
unless ($ret) {
return undef;
}
return \%ret;
}
-sub provision_ad_dc($$)
+sub provision_ad_dc($$$$$$)
{
- my ($self, $prefix) = @_;
+ my ($self, $prefix, $hostname, $domain, $realm, $smbconf_args) = @_;
my $prefix_abs = abs_path($prefix);
smbd:writetimeupdatedelay = 500000
create mask = 755
dos filemode = yes
+ check parent directory delete on close = yes
dcerpc endpoint servers = -winreg -srvsvc
lpq cache time = 0
print notify backchannel = yes
+ server schannel = auto
auth event notification = true
+ $smbconf_args
";
my $extra_smbconf_shares = "
print "PROVISIONING AD DC...\n";
my $ret = $self->provision($prefix,
"domain controller",
- "addc",
- "ADDOMAIN",
- "addom.samba.example.com",
+ $hostname,
+ $domain,
+ $realm,
"2008",
"locDCpass1",
undef,
} elsif ($envname eq "chgdcpass") {
return $self->setup_chgdcpass("$path/chgdcpass", $self->{vars}->{chgdcpass});
} elsif ($envname eq "ad_member") {
- if (not defined($self->{vars}->{ad_dc_ntvfs})) {
- $self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
+ if (not defined($self->{vars}->{ad_dc})) {
+ $self->setup_ad_dc("$path/ad_dc");
}
- return $target3->setup_admember("$path/ad_member", $self->{vars}->{ad_dc_ntvfs}, 29);
+ return $target3->setup_admember("$path/ad_member", $self->{vars}->{ad_dc}, 29);
} elsif ($envname eq "ad_dc") {
return $self->setup_ad_dc("$path/ad_dc");
} elsif ($envname eq "ad_dc_no_nss") {
- return $self->setup_ad_dc("$path/ad_dc_no_nss", "no_nss");
+ return $self->setup_ad_dc_no_nss("$path/ad_dc_no_nss");
+ } elsif ($envname eq "ad_dc_no_ntlm") {
+ return $self->setup_ad_dc_no_ntlm("$path/ad_dc_no_ntlm");
} elsif ($envname eq "ad_member_rfc2307") {
if (not defined($self->{vars}->{ad_dc_ntvfs})) {
$self->setup_ad_dc_ntvfs("$path/ad_dc_ntvfs");
sub setup_ad_dc($$)
{
- my ($self, $path, $no_nss) = @_;
+ my ($self, $path) = @_;
# If we didn't build with ADS, pretend this env was never available
if (not $self->{target3}->have_ads()) {
return "UNKNOWN";
}
- my $env = $self->provision_ad_dc($path);
+ my $env = $self->provision_ad_dc($path, "addc", "ADDOMAIN",
+ "addom.samba.example.com", "");
unless ($env) {
return undef;
}
- if (defined($no_nss) and $no_nss) {
- $env->{NSS_WRAPPER_MODULE_SO_PATH} = undef;
- $env->{NSS_WRAPPER_MODULE_FN_PREFIX} = undef;
+ if (not defined($self->check_or_start($env, "single"))) {
+ return undef;
+ }
+
+ my $upn_array = ["$env->{REALM}.upn"];
+ my $spn_array = ["$env->{REALM}.spn"];
+
+ $self->setup_namespaces($env, $upn_array, $spn_array);
+
+ $self->{vars}->{ad_dc} = $env;
+ return $env;
+}
+
+sub setup_ad_dc_no_nss($$)
+{
+ my ($self, $path) = @_;
+
+ # If we didn't build with ADS, pretend this env was never available
+ if (not $self->{target3}->have_ads()) {
+ return "UNKNOWN";
}
+ my $env = $self->provision_ad_dc($path, "addc_no_nss", "ADNONSSDOMAIN",
+ "adnonssdom.samba.example.com", "");
+ unless ($env) {
+ return undef;
+ }
+
+ $env->{NSS_WRAPPER_MODULE_SO_PATH} = undef;
+ $env->{NSS_WRAPPER_MODULE_FN_PREFIX} = undef;
+
if (not defined($self->check_or_start($env, "single"))) {
return undef;
}
$self->setup_namespaces($env, $upn_array, $spn_array);
- $self->{vars}->{ad_dc} = $env;
+ $self->{vars}->{ad_dc_no_nss} = $env;
+ return $env;
+}
+
+sub setup_ad_dc_no_ntlm($$)
+{
+ my ($self, $path) = @_;
+
+ # If we didn't build with ADS, pretend this env was never available
+ if (not $self->{target3}->have_ads()) {
+ return "UNKNOWN";
+ }
+
+ my $env = $self->provision_ad_dc($path, "addc_no_ntlm", "ADNONTLMDOMAIN",
+ "adnontlmdom.samba.example.com",
+ "ntlm auth = disabled");
+ unless ($env) {
+ return undef;
+ }
+
+ if (not defined($self->check_or_start($env, "prefork"))) {
+ return undef;
+ }
+
+ my $upn_array = ["$env->{REALM}.upn"];
+ my $spn_array = ["$env->{REALM}.spn"];
+
+ $self->setup_namespaces($env, $upn_array, $spn_array);
+
+ $self->{vars}->{ad_dc_no_ntlm} = $env;
return $env;
}