wintest/test-s4-howto.py

   1 #!/usr/bin/env python
   2
   3 '''automated testing of the steps of the Samba4 HOWTO'''
   4
   5 import sys, os
   6 import wintest, pexpect, time, subprocess
   7
   8 def set_krb5_conf(t):
   9     t.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf')
  10
  11 def build_s4(t):
  12     '''build samba4'''
  13     t.info('Building s4')
  14     t.chdir('${SOURCETREE}')
  15     t.putenv('CC', 'ccache gcc')
  16     t.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C')
  17     t.run_cmd('make -j')
  18     t.run_cmd('rm -rf ${PREFIX}')
  19     t.run_cmd('make -j install')
  20
  21
  22 def provision_s4(t, func_level="2008"):
  23     '''provision s4 as a DC'''
  24     t.info('Provisioning s4')
  25     t.chdir('${PREFIX}')
  26     t.del_files(["var", "private"])
  27     t.run_cmd("rm -f etc/smb.conf")
  28     provision=['bin/samba-tool',
  29                'domain',
  30                'provision',
  31                '--realm=${LCREALM}',
  32                '--domain=${DOMAIN}',
  33                '--adminpass=${PASSWORD1}',
  34                '--server-role=domain controller',
  35                '--function-level=%s' % func_level,
  36                '-d${DEBUGLEVEL}',
  37                '--option=interfaces=${INTERFACE}',
  38                '--host-ip=${INTERFACE_IP}',
  39                '--option=bind interfaces only=yes',
  40                '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf',
  41                '--dns-backend=${NAMESERVER_BACKEND}',
  42                '${DNS_FORWARDER}']
  43     if t.getvar('USE_NTVFS'):
  44         provision.append('${USE_NTVFS}')
  45
  46     if t.getvar('INTERFACE_IPV6'):
  47         provision.append('--host-ip6=${INTERFACE_IPV6}')
  48     t.run_cmd(provision)
  49     t.run_cmd('bin/samba-tool user add testallowed ${PASSWORD1}')
  50     t.run_cmd('bin/samba-tool user add testdenied ${PASSWORD1}')
  51     t.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed')
  52
  53
  54 def start_s4(t):
  55     '''startup samba4'''
  56     t.info('Starting Samba4')
  57     t.chdir("${PREFIX}")
  58     t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
  59     t.run_cmd(['sbin/samba',
  60                '--option', 'panic action=gnome-terminal -e "gdb --pid %d"', '--option', 'max protocol=nt1'])
  61     t.port_wait("${INTERFACE_IP}", 139)
  62
  63 def test_smbclient(t):
  64     '''test smbclient against localhost'''
  65     t.info('Testing smbclient')
  66     smbclient = t.getvar("smbclient")
  67     t.chdir('${PREFIX}')
  68     t.cmd_contains("%s --version" % (smbclient), ["Version 4.1"])
  69     t.retry_cmd('%s -L ${INTERFACE_IP} -U%%' % (smbclient), ["netlogon", "sysvol", "IPC Service"])
  70     child = t.pexpect_spawn('%s //${INTERFACE_IP}/netlogon -Uadministrator%%${PASSWORD1}' % (smbclient))
  71     child.expect("smb:")
  72     child.sendline("dir")
  73     child.expect("blocks available")
  74     child.sendline("mkdir testdir")
  75     child.expect("smb:")
  76     child.sendline("cd testdir")
  77     child.expect('testdir')
  78     child.sendline("cd ..")
  79     child.sendline("rmdir testdir")
  80
  81
  82 def create_shares(t):
  83     '''create some test shares'''
  84     t.info("Adding test shares")
  85     t.chdir('${PREFIX}')
  86     t.write_file("etc/smb.conf", '''
  87 [test]
  88        path = ${PREFIX}/test
  89        read only = no
  90 [profiles]
  91        path = ${PREFIX}/var/profiles
  92        read only = no
  93     ''',
  94                  mode='a')
  95     t.run_cmd("mkdir -p test")
  96     t.run_cmd("mkdir -p var/profiles")
  97
  98
  99 def test_dns(t):
 100     '''test that DNS is OK'''
 101     t.info("Testing DNS")
 102     t.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
 103                    ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
 104     t.cmd_contains("host -t SRV  _kerberos._udp.${LCREALM}.",
 105                    ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
 106     t.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
 107                    ['${HOSTNAME}.${LCREALM} has address'])
 108
 109 def test_kerberos(t):
 110     '''test that kerberos is OK'''
 111     t.info("Testing kerberos")
 112     t.run_cmd("kdestroy")
 113     t.kinit("administrator@${REALM}", "${PASSWORD1}")
 114     # this copes with the differences between MIT and Heimdal klist
 115     t.cmd_contains("klist", ["rincipal", "administrator@${REALM}"])
 116
 117
 118 def test_dyndns(t):
 119     '''test that dynamic DNS is working'''
 120     t.chdir('${PREFIX}')
 121     t.run_cmd("sbin/samba_dnsupdate --fail-immediately")
 122     if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
 123         t.rndc_cmd("flush")
 124
 125
 126 def run_winjoin(t, vm):
 127     '''join a windows box to our domain'''
 128     t.setwinvars(vm)
 129
 130     t.run_winjoin(t, "${LCREALM}")
 131
 132 def test_winjoin(t, vm):
 133     t.info("Checking the windows join is OK")
 134     smbclient = t.getvar("smbclient")
 135     t.chdir('${PREFIX}')
 136     t.port_wait("${WIN_IP}", 139)
 137     t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"], retries=100)
 138     t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
 139     t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
 140     t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
 141     t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
 142     child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}")
 143     child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
 144     child.expect("The command completed successfully")
 145
 146
 147 def run_dcpromo(t, vm):
 148     '''run a dcpromo on windows'''
 149     t.setwinvars(vm)
 150
 151     t.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo")
 152     child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True, set_noexpire=True)
 153     child.sendline("copy /Y con answers.txt")
 154     child.sendline('''
 155 [DCINSTALL]
 156 RebootOnSuccess=Yes
 157 RebootOnCompletion=Yes
 158 ReplicaOrNewDomain=Replica
 159 ReplicaDomainDNSName=${LCREALM}
 160 SiteName=Default-First-Site-Name
 161 InstallDNS=No
 162 ConfirmGc=Yes
 163 CreateDNSDelegation=No
 164 UserDomain=${LCREALM}
 165 UserName=${LCREALM}\\administrator
 166 Password=${PASSWORD1}
 167 DatabasePath="C:\Windows\NTDS"
 168 LogPath="C:\Windows\NTDS"
 169 SYSVOLPath="C:\Windows\SYSVOL"
 170 SafeModeAdminPassword=${PASSWORD1}
 171 \1a
 172 ''')
 173     child.expect("copied.")
 174     child.expect("C:")
 175     child.expect("C:")
 176     child.sendline("dcpromo /answer:answers.txt")
 177     i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout=240)
 178     if i == 1 or i == 2:
 179         child.sendline("echo off")
 180         child.sendline("echo START DCPROMO log")
 181         child.sendline("more c:\windows\debug\dcpromoui.log")
 182         child.sendline("echo END DCPROMO log")
 183         child.expect("END DCPROMO")
 184         raise Exception("dcpromo failed")
 185     t.wait_reboot()
 186
 187
 188 def test_dcpromo(t, vm):
 189     '''test that dcpromo worked'''
 190     t.info("Checking the dcpromo join is OK")
 191     smbclient = t.getvar("smbclient")
 192     t.chdir('${PREFIX}')
 193     t.port_wait("${WIN_IP}", 139)
 194     t.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${NAMED_INTERFACE_IP}",
 195                 ['${WIN_HOSTNAME}.${LCREALM} has address'],
 196                 retries=30, delay=10, casefold=True)
 197     t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
 198     t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
 199     t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
 200
 201     t.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
 202     t.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
 203
 204     t.kinit("administrator@${REALM}", "${PASSWORD1}")
 205
 206     # the first replication will transfer the dnsHostname attribute
 207     t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"])
 208
 209     for nc in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
 210         t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
 211         t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
 212
 213     t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
 214                    [ "INBOUND NEIGHBORS",
 215                      "${BASEDN}",
 216                      "Last attempt .* was successful",
 217                      "CN=Configuration,${BASEDN}",
 218                      "Last attempt .* was successful",
 219                      "CN=Configuration,${BASEDN}", # cope with either order
 220                      "Last attempt .* was successful",
 221                      "OUTBOUND NEIGHBORS",
 222                      "${BASEDN}",
 223                      "Last success",
 224                      "CN=Configuration,${BASEDN}",
 225                      "Last success",
 226                      "CN=Configuration,${BASEDN}",
 227                      "Last success"],
 228                    ordered=True,
 229                    regex=True)
 230
 231     t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
 232                    [ "INBOUND NEIGHBORS",
 233                      "${BASEDN}",
 234                      "Last attempt .* was successful",
 235                      "CN=Configuration,${BASEDN}",
 236                      "Last attempt .* was successful",
 237                      "CN=Configuration,${BASEDN}",
 238                      "Last attempt .* was successful",
 239                      "OUTBOUND NEIGHBORS",
 240                      "${BASEDN}",
 241                      "Last success",
 242                      "CN=Configuration,${BASEDN}",
 243                      "Last success",
 244                      "CN=Configuration,${BASEDN}",
 245                      "Last success" ],
 246                    ordered=True,
 247                    regex=True)
 248
 249     child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
 250     child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
 251
 252     retries = 10
 253     i = child.expect(["The command completed successfully", "The network path was not found"])
 254     while i == 1 and retries > 0:
 255         child.expect("C:")
 256         time.sleep(2)
 257         child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
 258         i = child.expect(["The command completed successfully", "The network path was not found"])
 259         retries -=1
 260
 261     t.run_net_time(child)
 262
 263     t.info("Checking if showrepl is happy")
 264     child.sendline("repadmin /showrepl")
 265     child.expect("${BASEDN}")
 266     child.expect("was successful")
 267     child.expect("CN=Configuration,${BASEDN}")
 268     child.expect("was successful")
 269     child.expect("CN=Schema,CN=Configuration,${BASEDN}")
 270     child.expect("was successful")
 271
 272     t.info("Checking if new users propagate to windows")
 273     t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
 274     t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
 275     t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
 276
 277     t.info("Checking if new users on windows propagate to samba")
 278     child.sendline("net user test3 ${PASSWORD3} /add")
 279     while True:
 280         i = child.expect(["The command completed successfully",
 281                           "The directory service was unable to allocate a relative identifier"])
 282         if i == 0:
 283             break
 284         time.sleep(2)
 285
 286     t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
 287     t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
 288
 289     t.info("Checking propogation of user deletion")
 290     t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
 291     child.sendline("net user test3 /del")
 292     child.expect("The command completed successfully")
 293
 294     t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
 295     t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
 296     t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
 297     t.retry_cmd("%s -L ${HOSTNAME}.${LCREALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
 298     t.vm_poweroff("${WIN_VM}")
 299
 300
 301 def run_dcpromo_rodc(t, vm):
 302     '''run a RODC dcpromo to join a windows DC to the samba domain'''
 303     t.setwinvars(vm)
 304     t.info("Joining a w2k8 box to the domain as a RODC")
 305     t.vm_poweroff("${WIN_VM}", checkfail=False)
 306     t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
 307     child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True)
 308     child.sendline("copy /Y con answers.txt")
 309     child.sendline('''
 310 [DCInstall]
 311 ReplicaOrNewDomain=ReadOnlyReplica
 312 ReplicaDomainDNSName=${LCREALM}
 313 PasswordReplicationDenied="BUILTIN\Administrators"
 314 PasswordReplicationDenied="BUILTIN\Server Operators"
 315 PasswordReplicationDenied="BUILTIN\Backup Operators"
 316 PasswordReplicationDenied="BUILTIN\Account Operators"
 317 PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group"
 318 PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group"
 319 DelegatedAdmin="${DOMAIN}\\Administrator"
 320 SiteName=Default-First-Site-Name
 321 InstallDNS=No
 322 ConfirmGc=Yes
 323 CreateDNSDelegation=No
 324 UserDomain=${LCREALM}
 325 UserName=${LCREALM}\\administrator
 326 Password=${PASSWORD1}
 327 DatabasePath="C:\Windows\NTDS"
 328 LogPath="C:\Windows\NTDS"
 329 SYSVOLPath="C:\Windows\SYSVOL"
 330 SafeModeAdminPassword=${PASSWORD1}
 331 RebootOnCompletion=No
 332 \1a
 333 ''')
 334     child.expect("copied.")
 335     child.sendline("dcpromo /answer:answers.txt")
 336     i = child.expect(["You must restart this computer", "failed", "could not be located in this domain"], timeout=120)
 337     if i != 0:
 338         child.sendline("echo off")
 339         child.sendline("echo START DCPROMO log")
 340         child.sendline("more c:\windows\debug\dcpromoui.log")
 341         child.sendline("echo END DCPROMO log")
 342         child.expect("END DCPROMO")
 343         raise Exception("dcpromo failed")
 344     child.sendline("shutdown -r -t 0")
 345     t.wait_reboot()
 346
 347
 348
 349 def test_dcpromo_rodc(t, vm):
 350     '''test the RODC dcpromo worked'''
 351     t.info("Checking the w2k8 RODC join is OK")
 352     smbclient = t.getvar("smbclient")
 353     t.chdir('${PREFIX}')
 354     t.port_wait("${WIN_IP}", 139)
 355     child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
 356     child.sendline("ipconfig /registerdns")
 357     t.retry_cmd('%s -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
 358     t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
 359     t.cmd_contains('%s -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%%${PASSWORD1}' % (smbclient), ["C$", "IPC$", "Sharename"])
 360     child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
 361     child.expect("The command completed successfully")
 362
 363     t.info("Checking if showrepl is happy")
 364     child.sendline("repadmin /showrepl")
 365     child.expect("${BASEDN}")
 366     child.expect("was successful")
 367     child.expect("CN=Configuration,${BASEDN}")
 368     child.expect("was successful")
 369     child.expect("CN=Configuration,${BASEDN}")
 370     child.expect("was successful")
 371
 372     for nc in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
 373         t.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc, ["was successful"])
 374
 375     t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}",
 376                    [ "INBOUND NEIGHBORS",
 377                      "OUTBOUND NEIGHBORS",
 378                      "${BASEDN}",
 379                      "Last attempt.*was successful",
 380                      "CN=Configuration,${BASEDN}",
 381                      "Last attempt.*was successful",
 382                      "CN=Configuration,${BASEDN}",
 383                      "Last attempt.*was successful" ],
 384                    ordered=True,
 385                    regex=True)
 386
 387     t.info("Checking if new users are available on windows")
 388     t.run_cmd('bin/samba-tool user add test2 ${PASSWORD2}')
 389     t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
 390     t.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN}", ["was successful"])
 391     t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
 392     t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
 393     t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
 394     t.retry_cmd("%s -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
 395     t.vm_poweroff("${WIN_VM}")
 396
 397
 398 def prep_join_as_dc(t, vm):
 399     '''start VM and shutdown Samba in preperation to join a windows domain as a DC'''
 400     t.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool domain join DC")
 401     t.chdir('${PREFIX}')
 402     t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
 403     if not t.getvar('NAMESERVER_BACKEND') == 'SAMBA_INTERNAL':
 404         t.rndc_cmd('flush')
 405     t.run_cmd("rm -rf etc/smb.conf private")
 406     child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
 407     t.get_ipconfig(child)
 408
 409 def join_as_dc(t, vm):
 410     '''join a windows domain as a DC'''
 411     t.setwinvars(vm)
 412     t.info("Joining ${WIN_VM} as a second DC using samba-tool domain join DC")
 413     t.port_wait("${WIN_IP}", 389)
 414     t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
 415
 416     t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
 417     t.run_cmd('bin/samba-tool domain join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
 418     t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
 419
 420
 421 def test_join_as_dc(t, vm):
 422     '''test the join of a windows domain as a DC'''
 423     t.info("Checking the DC join is OK")
 424     smbclient = t.getvar("smbclient")
 425     t.chdir('${PREFIX}')
 426     t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
 427     t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
 428     child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
 429
 430     t.info("Forcing kcc runs, and replication")
 431     t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
 432     t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
 433
 434     t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
 435     for nc in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
 436         t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
 437         t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
 438
 439     child.sendline("ipconfig /flushdns")
 440     child.expect("Successfully flushed")
 441
 442     retries = 10
 443     i = 1
 444     while i == 1 and retries > 0:
 445         child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
 446         i = child.expect(["The command completed successfully", "The network path was not found"])
 447         child.expect("C:")
 448         if i == 1:
 449             time.sleep(2)
 450         retries -=1
 451
 452     t.info("Checking if showrepl is happy")
 453     child.sendline("repadmin /showrepl")
 454     child.expect("${WIN_BASEDN}")
 455     child.expect("was successful")
 456     child.expect("CN=Configuration,${WIN_BASEDN}")
 457     child.expect("was successful")
 458     child.expect("CN=Configuration,${WIN_BASEDN}")
 459     child.expect("was successful")
 460
 461     t.info("Checking if new users propagate to windows")
 462     t.retry_cmd('bin/samba-tool user add test2 ${PASSWORD2}', ["created successfully"])
 463     t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['Sharename', 'Remote IPC'])
 464     t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['Sharename', 'Remote IPC'])
 465
 466     t.info("Checking if new users on windows propagate to samba")
 467     child.sendline("net user test3 ${PASSWORD3} /add")
 468     child.expect("The command completed successfully")
 469     t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
 470     t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
 471
 472     t.info("Checking propogation of user deletion")
 473     t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}')
 474     child.sendline("net user test3 /del")
 475     child.expect("The command completed successfully")
 476
 477     t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k no" % (smbclient), ['LOGON_FAILURE'])
 478     t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
 479     t.retry_cmd("%s -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%%${PASSWORD2} -k yes" % (smbclient), ['LOGON_FAILURE'])
 480     t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
 481
 482     t.run_cmd('bin/samba-tool domain demote -Uadministrator@${WIN_REALM}%${WIN_PASS}')
 483
 484     t.vm_poweroff("${WIN_VM}")
 485
 486
 487 def join_as_rodc(t, vm):
 488     '''join a windows domain as a RODC'''
 489     t.setwinvars(vm)
 490     t.info("Joining ${WIN_VM} as a RODC using samba-tool domain join DC")
 491     t.port_wait("${WIN_IP}", 389)
 492     t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
 493     t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
 494     t.run_cmd('bin/samba-tool domain join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
 495     t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
 496
 497
 498 def test_join_as_rodc(t, vm):
 499     '''test a windows domain RODC join'''
 500     t.info("Checking the RODC join is OK")
 501     smbclient = t.getvar("smbclient")
 502     t.chdir('${PREFIX}')
 503     t.retry_cmd('%s -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%%${WIN_PASS}' % (smbclient), ["C$", "IPC$", "Sharename"])
 504     t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
 505     child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
 506
 507     t.info("Forcing kcc runs, and replication")
 508     t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
 509     t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
 510
 511     t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
 512     for nc in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
 513         t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
 514
 515     retries = 10
 516     i = 1
 517     while i == 1 and retries > 0:
 518         child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
 519         i = child.expect(["The command completed successfully", "The network path was not found"])
 520         child.expect("C:")
 521         if i == 1:
 522             time.sleep(2)
 523         retries -=1
 524
 525     t.info("Checking if showrepl is happy")
 526     child.sendline("repadmin /showrepl")
 527     child.expect("DSA invocationID")
 528
 529     t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
 530                    [ "INBOUND NEIGHBORS",
 531                      "OUTBOUND NEIGHBORS",
 532                      "${WIN_BASEDN}",
 533                      "Last attempt .* was successful",
 534                      "CN=Configuration,${WIN_BASEDN}",
 535                      "Last attempt .* was successful",
 536                      "CN=Configuration,${WIN_BASEDN}",
 537                      "Last attempt .* was successful" ],
 538                    ordered=True,
 539                    regex=True)
 540
 541     t.info("Checking if new users on windows propagate to samba")
 542     child.sendline("net user test3 ${PASSWORD3} /add")
 543     child.expect("The command completed successfully")
 544     t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['Sharename', 'IPC'])
 545     t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['Sharename', 'IPC'])
 546
 547     # should this work?
 548     t.info("Checking if new users propagate to windows")
 549     t.cmd_contains('bin/samba-tool user add test2 ${PASSWORD2}', ['No RID Set DN'])
 550
 551     t.info("Checking propogation of user deletion")
 552     child.sendline("net user test3 /del")
 553     child.expect("The command completed successfully")
 554
 555     t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k no" % (smbclient), ['LOGON_FAILURE'])
 556     t.retry_cmd("%s -L ${HOSTNAME}.${WIN_REALM} -Utest3%%${PASSWORD3} -k yes" % (smbclient), ['LOGON_FAILURE'])
 557     t.vm_poweroff("${WIN_VM}")
 558
 559
 560 def test_howto(t):
 561     '''test the Samba4 howto'''
 562
 563     t.setvar("SAMBA_VERSION", "Version 4")
 564     t.setvar("smbclient", "bin/smbclient4")
 565     t.check_prerequesites()
 566
 567     # we don't need fsync safety in these tests
 568     t.putenv('TDB_NO_FSYNC', '1')
 569
 570     if not t.skip("configure_bind"):
 571         t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
 572     if not t.skip("stop_bind"):
 573         t.stop_bind()
 574
 575     if not t.skip("stop_vms"):
 576         t.stop_vms()
 577
 578     if not t.skip("build"):
 579         build_s4(t)
 580
 581     if not t.skip("provision"):
 582         provision_s4(t)
 583
 584     set_krb5_conf(t)
 585
 586     if not t.skip("create-shares"):
 587         create_shares(t)
 588
 589     if not t.skip("starts4"):
 590         start_s4(t)
 591     if not t.skip("smbclient"):
 592         test_smbclient(t)
 593
 594     if not t.skip("configure_bind2"):
 595         t.configure_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
 596     if not t.skip("start_bind"):
 597         t.start_bind()
 598
 599     if not t.skip("dns"):
 600         test_dns(t)
 601     if not t.skip("kerberos"):
 602         test_kerberos(t)
 603     if not t.skip("dyndns"):
 604         test_dyndns(t)
 605
 606     if t.have_vm('WINDOWS7') and not t.skip("windows7"):
 607         t.start_winvm("WINDOWS7")
 608         t.test_remote_smbclient("WINDOWS7")
 609         run_winjoin(t, "WINDOWS7")
 610         test_winjoin(t, "WINDOWS7")
 611         t.vm_poweroff("${WIN_VM}")
 612
 613     if t.have_vm('WINXP') and not t.skip("winxp"):
 614         t.start_winvm("WINXP")
 615         run_winjoin(t, "WINXP")
 616         test_winjoin(t, "WINXP")
 617         t.test_remote_smbclient("WINXP", "administrator", "${PASSWORD1}")
 618         t.vm_poweroff("${WIN_VM}")
 619
 620     if t.have_vm('W2K3C') and not t.skip("win2k3_member"):
 621         t.start_winvm("W2K3C")
 622         run_winjoin(t, "W2K3C")
 623         test_winjoin(t, "W2K3C")
 624         t.test_remote_smbclient("W2K3C", "administrator", "${PASSWORD1}")
 625         t.vm_poweroff("${WIN_VM}")
 626
 627     if t.have_vm('W2K8R2C') and not t.skip("dcpromo_rodc"):
 628         t.info("Testing w2k8r2 RODC dcpromo")
 629         t.start_winvm("W2K8R2C")
 630         t.test_remote_smbclient('W2K8R2C')
 631         run_dcpromo_rodc(t, "W2K8R2C")
 632         test_dcpromo_rodc(t, "W2K8R2C")
 633
 634     if t.have_vm('W2K8R2B') and not t.skip("dcpromo_w2k8r2"):
 635         t.info("Testing w2k8r2 dcpromo")
 636         t.start_winvm("W2K8R2B")
 637         t.test_remote_smbclient('W2K8R2B')
 638         run_dcpromo(t, "W2K8R2B")
 639         test_dcpromo(t, "W2K8R2B")
 640
 641     if t.have_vm('W2K8B') and not t.skip("dcpromo_w2k8"):
 642         t.info("Testing w2k8 dcpromo")
 643         t.start_winvm("W2K8B")
 644         t.test_remote_smbclient('W2K8B')
 645         run_dcpromo(t, "W2K8B")
 646         test_dcpromo(t, "W2K8B")
 647
 648     if t.have_vm('W2K3B') and not t.skip("dcpromo_w2k3"):
 649         t.info("Testing w2k3 dcpromo")
 650         t.info("Changing to 2003 functional level")
 651         provision_s4(t, func_level='2003')
 652         create_shares(t)
 653         start_s4(t)
 654         test_smbclient(t)
 655         t.restart_bind(kerberos_support=True, include='${PREFIX}/private/named.conf')
 656         test_dns(t)
 657         test_kerberos(t)
 658         test_dyndns(t)
 659         t.start_winvm("W2K3B")
 660         t.test_remote_smbclient('W2K3B')
 661         run_dcpromo(t, "W2K3B")
 662         test_dcpromo(t, "W2K3B")
 663
 664     if t.have_vm('W2K8R2A') and not t.skip("join_w2k8r2"):
 665         t.start_winvm("W2K8R2A")
 666         prep_join_as_dc(t, "W2K8R2A")
 667         t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
 668         join_as_dc(t, "W2K8R2A")
 669         create_shares(t)
 670         start_s4(t)
 671         test_dyndns(t)
 672         test_join_as_dc(t, "W2K8R2A")
 673
 674     if t.have_vm('W2K8R2A') and not t.skip("join_rodc"):
 675         t.start_winvm("W2K8R2A")
 676         prep_join_as_dc(t, "W2K8R2A")
 677         t.run_dcpromo_as_first_dc("W2K8R2A", func_level='2008r2')
 678         join_as_rodc(t, "W2K8R2A")
 679         create_shares(t)
 680         start_s4(t)
 681         test_dyndns(t)
 682         test_join_as_rodc(t, "W2K8R2A")
 683
 684     if t.have_vm('W2K3A') and not t.skip("join_w2k3"):
 685         t.start_winvm("W2K3A")
 686         prep_join_as_dc(t, "W2K3A")
 687         t.run_dcpromo_as_first_dc("W2K3A", func_level='2003')
 688         join_as_dc(t, "W2K3A")
 689         create_shares(t)
 690         start_s4(t)
 691         test_dyndns(t)
 692         test_join_as_dc(t, "W2K3A")
 693
 694     t.info("Howto test: All OK")
 695
 696
 697 def test_cleanup(t):
 698     '''cleanup after tests'''
 699     t.info("Cleaning up ...")
 700     t.restore_resolv_conf()
 701     if getattr(t, 'bind_child', False):
 702         t.bind_child.kill()
 703
 704
 705 if __name__ == '__main__':
 706     t = wintest.wintest()
 707
 708     t.setup("test-s4-howto.py", "source4")
 709
 710     try:
 711         test_howto(t)
 712     except:
 713         if not t.opts.nocleanup:
 714             test_cleanup(t)
 715         raise
 716
 717     if not t.opts.nocleanup:
 718         test_cleanup(t)
 719     t.info("S4 howto test: All OK")