3 '''automated testing of the steps of the Samba4 HOWTO'''
6 import wintest, pexpect, time, subprocess
10 t.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf')
16 t.chdir('${SOURCETREE}')
17 t.putenv('CC', 'ccache gcc')
18 t.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C')
20 t.run_cmd('rm -rf ${PREFIX}')
21 t.run_cmd('make -j install')
24 def provision_s4(t, func_level="2008"):
25 '''provision s4 as a DC'''
26 t.info('Provisioning s4')
28 t.del_files(["var", "private"])
29 t.run_cmd("rm -f etc/smb.conf")
30 provision = ['bin/samba-tool',
35 '--adminpass=${PASSWORD1}',
36 '--server-role=domain controller',
37 '--function-level=%s' % func_level,
39 '--option=interfaces=${INTERFACE}',
40 '--host-ip=${INTERFACE_IP}',
41 '--option=bind interfaces only=yes',
42 '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf',
43 '--dns-backend=${NAMESERVER_BACKEND}',
45 if t.getvar('USE_NTVFS'):
46 provision.append('${USE_NTVFS}')
48 if t.getvar('INTERFACE_IPV6'):
49 provision.append('--host-ip6=${INTERFACE_IPV6}')
51 t.run_cmd('bin/samba-tool user add testallowed ${PASSWORD1}')
52 t.run_cmd('bin/samba-tool user add testdenied ${PASSWORD1}')
53 t.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed')
58 t.info('Starting Samba4')
60 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
61 t.run_cmd(['sbin/samba',
62 '--option', 'panic action=gnome-terminal -e "gdb --pid %d"', '--option', 'max protocol=nt1'])
63 t.port_wait("${INTERFACE_IP}", 139)
66 def test_smbclient(t):
67 '''test smbclient against localhost'''
68 t.info('Testing smbclient')
69 smbclient = t.getvar("smbclient")
71 t.cmd_contains("%s --version" % (smbclient), ["Version 4.1"])
72 t.retry_cmd('%s -L ${INTERFACE_IP} -U%%' % (smbclient), ["netlogon", "sysvol", "IPC Service"])
73 child = t.pexpect_spawn('%s //${INTERFACE_IP}/netlogon -Uadministrator%%${PASSWORD1}' % (smbclient))
76 child.expect("blocks available")
77 child.sendline("mkdir testdir")
79 child.sendline("cd testdir")
80 child.expect('testdir')
81 child.sendline("cd ..")
82 child.sendline("rmdir testdir")
86 '''create some test shares'''
87 t.info("Adding test shares")
89 t.write_file("etc/smb.conf", '''
94 path = ${PREFIX}/var/profiles
98 t.run_cmd("mkdir -p test")
99 t.run_cmd("mkdir -p var/profiles")
103 '''test that DNS is OK'''
104 t.info("Testing DNS")
105 t.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
106 ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
107 t.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.",
108 ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
109 t.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
110 ['${HOSTNAME}.${LCREALM} has address'])
113 def test_kerberos(t):
114 '''test that kerberos is OK'''
115 t.info("Testing kerberos")
116 t.run_cmd("kdestroy")
117 t.kinit("administrator@${REALM}", "${PASSWORD1}")
118 # this copes with the differences between MIT and Heimdal klist
119 t.cmd_contains("klist", ["rincipal", "administrator@${REALM}"])
123 '''test that dynamic DNS is working'''
125 t.run_cmd("sbin/samba_dnsupdate --fail-immediately")
126 if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
130 def run_winjoin(t, vm):
131 '''join a windows box to our domain'''
134 t.run_winjoin(t, "${LCREALM}")
137 def test_winjoin(t, vm):
138 t.info("Checking the windows join is OK")
139 smbclient = t.getvar("smbclient")
141 t.port_wait("${WIN_IP}", 139)
142 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"], retries=100)
143 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
144 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
145 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
146 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
147 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}")
148 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
149 child.expect("The command completed successfully")
152 def run_dcpromo(t, vm):
153 '''run a dcpromo on windows'''
156 t.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo")
157 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True, set_noexpire=True)
158 child.sendline("copy /Y con answers.txt")
162 RebootOnCompletion=Yes
163 ReplicaOrNewDomain=Replica
164 ReplicaDomainDNSName=${LCREALM}
165 SiteName=Default-First-Site-Name
168 CreateDNSDelegation=No
169 UserDomain=${LCREALM}
170 UserName=${LCREALM}\\administrator
171 Password=${PASSWORD1}
172 DatabasePath="C:\Windows\NTDS"
173 LogPath="C:\Windows\NTDS"
174 SYSVOLPath="C:\Windows\SYSVOL"
175 SafeModeAdminPassword=${PASSWORD1}
178 child.expect("copied.")
181 child.sendline("dcpromo /answer:answers.txt")
182 i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout=240)
184 child.sendline("echo off")
185 child.sendline("echo START DCPROMO log")
186 child.sendline("more c:\windows\debug\dcpromoui.log")
187 child.sendline("echo END DCPROMO log")
188 child.expect("END DCPROMO")
189 raise Exception("dcpromo failed")
193 def test_dcpromo(t, vm):
194 '''test that dcpromo worked'''
195 t.info("Checking the dcpromo join is OK")
196 smbclient = t.getvar("smbclient")
198 t.port_wait("${WIN_IP}", 139)
199 t.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${NAMED_INTERFACE_IP}",
200 ['${WIN_HOSTNAME}.${LCREALM} has address'],
201 retries=30, delay=10, casefold=True)
202 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
203 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
204 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
206 t.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
207 t.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
209 t.kinit("administrator@${REALM}", "${PASSWORD1}")
211 # the first replication will transfer the dnsHostname attribute
212 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"])
214 for nc in ['${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}']:
215 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
216 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
218 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
219 ["INBOUND NEIGHBORS",
221 "Last attempt .* was successful",
222 "CN=Configuration,${BASEDN}",
223 "Last attempt .* was successful",
224 "CN=Configuration,${BASEDN}", # cope with either order
225 "Last attempt .* was successful",
226 "OUTBOUND NEIGHBORS",
229 "CN=Configuration,${BASEDN}",
231 "CN=Configuration,${BASEDN}",
236 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
237 ["INBOUND NEIGHBORS",
239 "Last attempt .* was successful",
240 "CN=Configuration,${BASEDN}",
241 "Last attempt .* was successful",
242 "CN=Configuration,${BASEDN}",
243 "Last attempt .* was successful",
244 "OUTBOUND NEIGHBORS",
247 "CN=Configuration,${BASEDN}",
249 "CN=Configuration,${BASEDN}",
254 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
255 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
258 i = child.expect(["The command completed successfully", "The network path was not found"])
259 while i == 1 and retries > 0:
262 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
263 i = child.expect(["The command completed successfully", "The network path was not found"])
266 t.run_net_time(child)
268 t.info("Checking if showrepl is happy")
269 child.sendline("repadmin /showrepl")
270 child.expect("${BASEDN}")
271 child.expect("was successful")
272 child.expect("CN=Configuration,${BASEDN}")
273 child.expect("was successful")
274 child.expect("CN=Schema,CN=Configuration,${BASEDN}")
275 child.expect("was successful")
277 t.info("Checking if new users propagate to windows")
278 t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
279 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
280 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
282 t.info("Checking if new users on windows propagate to samba")
283 child.sendline("net user test3 ${PASSWORD3} /add")
285 i = child.expect(["The command completed successfully",
286 "The directory service was unable to allocate a relative identifier"])
291 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
292 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
294 t.info("Checking propogation of user deletion")
295 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
296 child.sendline("net user test3 /del")
297 child.expect("The command completed successfully")
299 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
300 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
301 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
302 t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
303 t.vm_poweroff("${WIN_VM}")
306 def run_dcpromo_rodc(t, vm):
307 '''run a RODC dcpromo to join a windows DC to the samba domain'''
309 t.info("Joining a w2k8 box to the domain as a RODC")
310 t.vm_poweroff("${WIN_VM}", checkfail=False)
311 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
312 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True)
313 child.sendline("copy /Y con answers.txt")
316 ReplicaOrNewDomain=ReadOnlyReplica
317 ReplicaDomainDNSName=${LCREALM}
318 PasswordReplicationDenied="BUILTIN\Administrators"
319 PasswordReplicationDenied="BUILTIN\Server Operators"
320 PasswordReplicationDenied="BUILTIN\Backup Operators"
321 PasswordReplicationDenied="BUILTIN\Account Operators"
322 PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group"
323 PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group"
324 DelegatedAdmin="${DOMAIN}\\Administrator"
325 SiteName=Default-First-Site-Name
328 CreateDNSDelegation=No
329 UserDomain=${LCREALM}
330 UserName=${LCREALM}\\administrator
331 Password=${PASSWORD1}
332 DatabasePath="C:\Windows\NTDS"
333 LogPath="C:\Windows\NTDS"
334 SYSVOLPath="C:\Windows\SYSVOL"
335 SafeModeAdminPassword=${PASSWORD1}
336 RebootOnCompletion=No
339 child.expect("copied.")
340 child.sendline("dcpromo /answer:answers.txt")
341 i = child.expect(["You must restart this computer", "failed", "could not be located in this domain"], timeout=120)
343 child.sendline("echo off")
344 child.sendline("echo START DCPROMO log")
345 child.sendline("more c:\windows\debug\dcpromoui.log")
346 child.sendline("echo END DCPROMO log")
347 child.expect("END DCPROMO")
348 raise Exception("dcpromo failed")
349 child.sendline("shutdown -r -t 0")
354 def test_dcpromo_rodc(t, vm):
355 '''test the RODC dcpromo worked'''
356 t.info("Checking the w2k8 RODC join is OK")
357 smbclient = t.getvar("smbclient")
359 t.port_wait("${WIN_IP}", 139)
360 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
361 child.sendline("ipconfig /registerdns")
362 t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
363 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
364 t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
365 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
366 child.expect("The command completed successfully")
368 t.info("Checking if showrepl is happy")
369 child.sendline("repadmin /showrepl")
370 child.expect("${BASEDN}")
371 child.expect("was successful")
372 child.expect("CN=Configuration,${BASEDN}")
373 child.expect("was successful")
374 child.expect("CN=Configuration,${BASEDN}")
375 child.expect("was successful")
377 for nc in ['${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}']:
378 t.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc, ["was successful"])
380 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}",
381 ["INBOUND NEIGHBORS",
382 "OUTBOUND NEIGHBORS",
384 "Last attempt.*was successful",
385 "CN=Configuration,${BASEDN}",
386 "Last attempt.*was successful",
387 "CN=Configuration,${BASEDN}",
388 "Last attempt.*was successful"],
392 t.info("Checking if new users are available on windows")
393 t.run_cmd('bin/samba-tool user add test2 ${PASSWORD2}')
394 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
395 t.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN}", ["was successful"])
396 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
397 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
398 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
399 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
400 t.vm_poweroff("${WIN_VM}")
403 def prep_join_as_dc(t, vm):
404 '''start VM and shutdown Samba in preperation to join a windows domain as a DC'''
405 t.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool domain join DC")
407 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
408 if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
410 t.run_cmd("rm -rf etc/smb.conf private")
411 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
412 t.get_ipconfig(child)
415 def join_as_dc(t, vm):
416 '''join a windows domain as a DC'''
418 t.info("Joining ${WIN_VM} as a second DC using samba-tool domain join DC")
419 t.port_wait("${WIN_IP}", 389)
420 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'])
422 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'])
423 t.run_cmd('bin/samba-tool domain join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
424 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
427 def test_join_as_dc(t, vm):
428 '''test the join of a windows domain as a DC'''
429 t.info("Checking the DC join is OK")
430 smbclient = t.getvar("smbclient")
432 t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
433 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
434 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
436 t.info("Forcing kcc runs, and replication")
437 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
438 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
440 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
441 for nc in ['${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}']:
442 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
443 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
445 child.sendline("ipconfig /flushdns")
446 child.expect("Successfully flushed")
450 while i == 1 and retries > 0:
451 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
452 i = child.expect(["The command completed successfully", "The network path was not found"])
458 t.info("Checking if showrepl is happy")
459 child.sendline("repadmin /showrepl")
460 child.expect("${WIN_BASEDN}")
461 child.expect("was successful")
462 child.expect("CN=Configuration,${WIN_BASEDN}")
463 child.expect("was successful")
464 child.expect("CN=Configuration,${WIN_BASEDN}")
465 child.expect("was successful")
467 t.info("Checking if new users propagate to windows")
468 t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
469 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
470 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
472 t.info("Checking if new users on windows propagate to samba")
473 child.sendline("net user test3 ${PASSWORD3} /add")
474 child.expect("The command completed successfully")
475 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
476 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
478 t.info("Checking propogation of user deletion")
479 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}')
480 child.sendline("net user test3 /del")
481 child.expect("The command completed successfully")
483 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
484 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
485 t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
486 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
488 t.run_cmd('bin/samba-tool domain demote -Uadministrator@${WIN_REALM}%${WIN_PASS}')
490 t.vm_poweroff("${WIN_VM}")
493 def join_as_rodc(t, vm):
494 '''join a windows domain as a RODC'''
496 t.info("Joining ${WIN_VM} as a RODC using samba-tool domain join DC")
497 t.port_wait("${WIN_IP}", 389)
498 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'])
499 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'])
500 t.run_cmd('bin/samba-tool domain join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
501 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
504 def test_join_as_rodc(t, vm):
505 '''test a windows domain RODC join'''
506 t.info("Checking the RODC join is OK")
507 smbclient = t.getvar("smbclient")
509 t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
510 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
511 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
513 t.info("Forcing kcc runs, and replication")
514 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
515 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
517 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
518 for nc in ['${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}']:
519 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
523 while i == 1 and retries > 0:
524 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
525 i = child.expect(["The command completed successfully", "The network path was not found"])
531 t.info("Checking if showrepl is happy")
532 child.sendline("repadmin /showrepl")
533 child.expect("DSA invocationID")
535 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
536 ["INBOUND NEIGHBORS",
537 "OUTBOUND NEIGHBORS",
539 "Last attempt .* was successful",
540 "CN=Configuration,${WIN_BASEDN}",
541 "Last attempt .* was successful",
542 "CN=Configuration,${WIN_BASEDN}",
543 "Last attempt .* was successful"],
547 t.info("Checking if new users on windows propagate to samba")
548 child.sendline("net user test3 ${PASSWORD3} /add")
549 child.expect("The command completed successfully")
550 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
551 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
554 t.info("Checking if new users propagate to windows")
555 t.cmd_contains('bin/samba-tool user add test2 ${PASSWORD2}', ['No RID Set DN'])
557 t.info("Checking propogation of user deletion")
558 child.sendline("net user test3 /del")
559 child.expect("The command completed successfully")
561 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
562 t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
563 t.vm_poweroff("${WIN_VM}")
567 '''test the Samba4 howto'''
569 t.setvar("SAMBA_VERSION", "Version 4")
570 t.setvar("smbclient", "bin/smbclient4")
571 t.check_prerequesites()
573 # we don't need fsync safety in these tests
574 t.putenv('TDB_NO_FSYNC', '1')
576 if not t.skip("configure_bind"):
577 t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
578 if not t.skip("stop_bind"):
581 if not t.skip("stop_vms"):
584 if not t.skip("build"):
587 if not t.skip("provision"):
592 if not t.skip("create-shares"):
595 if not t.skip("starts4"):
597 if not t.skip("smbclient"):
600 if not t.skip("configure_bind2"):
601 t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
602 if not t.skip("start_bind"):
605 if not t.skip("dns"):
607 if not t.skip("kerberos"):
609 if not t.skip("dyndns"):
612 if t.have_vm('WINDOWS7') and not t.skip("windows7"):
613 t.start_winvm("WINDOWS7")
614 t.test_remote_smbclient("WINDOWS7")
615 run_winjoin(t, "WINDOWS7")
616 test_winjoin(t, "WINDOWS7")
617 t.vm_poweroff("${WIN_VM}")
619 if t.have_vm('WINXP') and not t.skip("winxp"):
620 t.start_winvm("WINXP")
621 run_winjoin(t, "WINXP")
622 test_winjoin(t, "WINXP")
623 t.test_remote_smbclient("WINXP", "administrator", "${PASSWORD1}")
624 t.vm_poweroff("${WIN_VM}")
626 if t.have_vm('W2K3C') and not t.skip("win2k3_member"):
627 t.start_winvm("W2K3C")
628 run_winjoin(t, "W2K3C")
629 test_winjoin(t, "W2K3C")
630 t.test_remote_smbclient("W2K3C", "administrator", "${PASSWORD1}")
631 t.vm_poweroff("${WIN_VM}")
633 if t.have_vm('W2K8R2C') and not t.skip("dcpromo_rodc"):
634 t.info("Testing w2k8r2 RODC dcpromo")
635 t.start_winvm("W2K8R2C")
636 t.test_remote_smbclient('W2K8R2C')
637 run_dcpromo_rodc(t, "W2K8R2C")
638 test_dcpromo_rodc(t, "W2K8R2C")
640 if t.have_vm('W2K8R2B') and not t.skip("dcpromo_w2k8r2"):
641 t.info("Testing w2k8r2 dcpromo")
642 t.start_winvm("W2K8R2B")
643 t.test_remote_smbclient('W2K8R2B')
644 run_dcpromo(t, "W2K8R2B")
645 test_dcpromo(t, "W2K8R2B")
647 if t.have_vm('W2K8B') and not t.skip("dcpromo_w2k8"):
648 t.info("Testing w2k8 dcpromo")
649 t.start_winvm("W2K8B")
650 t.test_remote_smbclient('W2K8B')
651 run_dcpromo(t, "W2K8B")
652 test_dcpromo(t, "W2K8B")
654 if t.have_vm('W2K3B') and not t.skip("dcpromo_w2k3"):
655 t.info("Testing w2k3 dcpromo")
656 t.info("Changing to 2003 functional level")
657 provision_s4(t, func_level='2003')
661 t.restart_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
665 t.start_winvm("W2K3B")
666 t.test_remote_smbclient('W2K3B')
667 run_dcpromo(t, "W2K3B")
668 test_dcpromo(t, "W2K3B")
670 if t.have_vm('W2K8R2A') and not t.skip("join_w2k8r2"):
671 t.start_winvm("W2K8R2A")
672 prep_join_as_dc(t, "W2K8R2A")
673 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
674 join_as_dc(t, "W2K8R2A")
678 test_join_as_dc(t, "W2K8R2A")
680 if t.have_vm('W2K8R2A') and not t.skip("join_rodc"):
681 t.start_winvm("W2K8R2A")
682 prep_join_as_dc(t, "W2K8R2A")
683 t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
684 join_as_rodc(t, "W2K8R2A")
688 test_join_as_rodc(t, "W2K8R2A")
690 if t.have_vm('W2K3A') and not t.skip("join_w2k3"):
691 t.start_winvm("W2K3A")
692 prep_join_as_dc(t, "W2K3A")
693 t.run_dcpromo_as_first_dc("W2K3A", func_level='2003')
694 join_as_dc(t, "W2K3A")
698 test_join_as_dc(t, "W2K3A")
700 t.info("Howto test: All OK")
704 '''cleanup after tests'''
705 t.info("Cleaning up ...")
706 t.restore_resolv_conf()
707 if getattr(t, 'bind_child', False):
711 if __name__ == '__main__':
712 t = wintest.wintest()
714 t.setup("test-s4-howto.py", "source4")
719 if not t.opts.nocleanup:
723 if not t.opts.nocleanup:
725 t.info("S4 howto test: All OK")