11 if test -z "$TLS_ENABLED"; then
15 if test -z "$SHARE_BACKEND"; then
19 if test -z "$SMBD_LOGLEVEL"; then
24 USERNAME=administrator
25 REALM=SAMBA.EXAMPLE.COM
26 DNSNAME="samba.example.com"
27 BASEDN="dc=samba,dc=example,dc=com"
29 AUTH="-U$USERNAME%$PASSWORD"
34 if test -z "$ROOT"; then
37 if test -z "$ROOT"; then
42 srcdir=`dirname $0`/../..
43 mkdir -p $PREFIX || exit $?
49 TEST_DATA_PREFIX=$PREFIX_ABS
50 export TEST_DATA_PREFIX
52 TMPDIR=$PREFIX_ABS/tmp
53 ETCDIR=$PREFIX_ABS/etc
54 PIDDIR=$PREFIX_ABS/pid
55 CONFFILE=$ETCDIR/smb.conf
56 KRB5_CONFIG=$ETCDIR/krb5.conf
57 PRIVATEDIR=$PREFIX_ABS/private
58 NCALRPCDIR=$PREFIX_ABS/ncalrpc
59 LOCKDIR=$PREFIX_ABS/lockdir
60 TLSDIR=$PRIVATEDIR/tls
61 DHFILE=$TLSDIR/dhparms.pem
63 CERTFILE=$TLSDIR/cert.pem
64 KEYFILE=$TLSDIR/key.pem
65 WINBINDD_SOCKET_DIR=$PREFIX_ABS/winbind_socket
66 CONFIGURATION="--configfile=$CONFFILE"
67 LDAPDIR=$PREFIX_ABS/ldap
68 SLAPD_CONF=$LDAPDIR/slapd.conf
78 mkdir -p $PRIVATEDIR $ETCDIR $PIDDIR $NCALRPCDIR $LOCKDIR $TMPDIR $TLSDIR $LDAPDIR/db $LDAPDIR/db/bdb-logs $LDAPDIR/db/tmp
80 if [ -z "$VALGRIND" ]; then
88 iconv:native = $nativeiconv
89 netbios name = $NETBIOSNAME
90 netbios aliases = $SERVER
93 private dir = $PRIVATEDIR
94 pid directory = $PIDDIR
95 ncalrpc dir = $NCALRPCDIR
97 share backend = $SHARE_BACKEND
98 setup directory = $SRCDIR/setup
99 js include = $SRCDIR/scripting/libjs
100 winbindd socket directory = $WINBINDD_SOCKET_DIR
101 name resolve order = bcast
102 interfaces = 127.0.0.1/8
103 tls enabled = $TLS_ENABLED
104 tls dh params file = $DHFILE
105 panic action = $SRCDIR/script/gdb_backtrace %PID% %PROG%
107 server role = domain controller
109 server max protocol = SMB2
110 notify:inotify = false
112 torture:subunitdir = $SRCDIR/bin/torture
113 torture:basedir = $TEST_DATA_PREFIX
115 system:anonymous = true
116 #We don't want to pass our self-tests if the PAC code is wrong
117 gensec:require_pac = true
119 log level = $SMBD_LOGLEVEL
124 ntvfs handler = posix
125 posix:sharedelay = 100000
126 posix:eadb = $LOCKDIR/eadb.tdb
131 cifs:server = $SERVER
132 cifs:user = $USERNAME
133 cifs:password = $PASSWORD
134 cifs:domain = $DOMAIN
140 ntvfs handler = simple
144 ntvfs handler = cifsposix
148 ## Override default srahes_config.ldb file
149 rm -f $PRIVATEDIR/share.ldb
150 cat >$PRIVATEDIR/share.ldif<<EOF
158 name: CASE_INSENSITIVE
160 objectClass: CASE_INSENSITIVE
164 objectClass: organizationalUnit
167 ### Default IPC$ Share
168 dn: CN=IPC$,CN=Shares
180 ntvfs-handler: default
182 ### Default ADMIN$ Share
183 dn: CN=ADMIN$,CN=Shares
190 comment: Remote Admin
195 ntvfs-handler: default
204 comment: Temp Dir for Tests
207 posix-sharedelay: 100000
208 posix-eadb: $LOCKDIR/eadb.tdb
210 dn: CN=cifs,CN=Shares
220 cifs-password: $PASSWORD
225 $srcdir/bin/ldbadd -H $PRIVATEDIR/share.ldb < $PRIVATEDIR/share.ldif >/dev/null || exit 1
227 cat >$KRB5_CONFIG<<EOF
229 default_realm = SAMBA.EXAMPLE.COM
230 dns_lookup_realm = false
231 dns_lookup_kdc = false
232 ticket_lifetime = 24h
236 SAMBA.EXAMPLE.COM = {
238 admin_server = 127.0.0.1:88
239 default_domain = samba.example.com
242 .samba.example.com = SAMBA.EXAMPLE.COM
247 -----BEGIN DH PARAMETERS-----
248 MGYCYQC/eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/Cys8j8wLO
249 svCN/jYNyR2NszOmg7ZWcOC/4z/4pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv
251 -----END DH PARAMETERS-----
256 -----BEGIN CERTIFICATE-----
257 MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft
258 YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1
259 dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw
260 NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p
261 c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0
262 ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB
263 jAAwgYgCgYC3WJ7DNQAVnqiJxhf6Tq4pqNyUIlioDFNnkJZ6ycElhblyDb3vaagO
264 9c+saw3cl/4KGWBZK46HtimRApE6ZriV7yHSB4afVjhnHZvlQVccAuTKJatBpIeb
265 kenOX0boUVXrWWj6VVnseab+5nA+uPZQQHinRLEVhUn72I14YdKJOQIDAQABoyUw
266 IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB
267 BQOBgQA5IVkBXU2S4i3dSSM9KmdKJinok1IOGNLZYQSyzduuie9vTmGXCQiQppWb
268 oSjZaf/Zn8La8THvm4QfmwruPkTEL956BRyN9hHYwHWZsebJr7DvSrF1Zugd0jFs
269 DZZFfDUSinYEqApdYzMka/GYTSk1Fa31G5TVD56mIdxmVAdC+A==
270 -----END CERTIFICATE-----
275 -----BEGIN CERTIFICATE-----
276 MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft
277 YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1
278 dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw
279 NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p
280 c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0
281 ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB
282 jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+
283 S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+p
284 PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABoyUw
285 IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB
286 BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm/SAZBFyG
287 LYOChvh6hPU7joMdDwGfbiLrBnMag+BtGlmPLWwp/Kt1wNmrRhduyTQFhN3PP6fz
288 nBr9vVny2FewB2gHmelaPS//tXdxivSXKz3NFqqXLDJjq7P8wA==
289 -----END CERTIFICATE-----
294 -----BEGIN RSA PRIVATE KEY-----
295 MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpc
296 ol3+S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H
297 6H+pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQAB
298 AoGAAqDLzFRR/BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6
299 HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq
300 szNW4PRjaA9KkLQVTwnzdXGkBSkn/nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p
301 9/xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/dilpY88Nb+xok/X
302 8Z8OvgAXAkEA+pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ
303 vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC
304 kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu
305 jNKEKnbf+TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz
306 Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4/nN4IJXUW6AmPVOYIA5215itgki
307 cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ+aFvqSG
308 -----END RSA PRIVATE KEY-----
312 cat >$SLAPD_CONF <<EOF
315 include $LDAPDIR/ad.schema
317 pidfile $PIDDIR/slapd.pid
318 argsfile $LDAPDIR/slapd.args
320 access to * by * write
325 uid=([^,]*),cn=$DNSNAME,cn=digest-md5,cn=auth
326 ldap:///$BASEDN??sub?(samAccountName=\$1)
329 uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
330 ldap:///$BASEDN??sub?(samAccountName=\$1)
332 include $LDAPDIR/modules.conf
334 defaultsearchbase "$BASEDN"
339 rootdn "cn=Manager,$BASEDN"
341 directory $LDAPDIR/db
343 index samAccountName eq
346 index objectCategory eq
353 index lDAPDisplayName eq
356 index nETBIOSName eq pres
359 syncprov-checkpoint 100 10
360 syncprov-sessionlog 100
364 cat > $LDAPDIR/db/DB_CONFIG <<EOF
366 # Set the database in memory cache size.
368 set_cachesize 0 524288 0
372 # Set database flags (this is a test environment, we don't need to fsync()).
374 set_flags DB_TXN_NOSYNC
379 set_lg_regionmax 104857
382 set_lg_dir $LDAPDIR/db/bdb-logs
386 # Set temporary file creation directory.
388 set_tmp_dir $LDAPDIR/db/tmp
391 PROVISION_OPTIONS="$CONFIGURATION --host-name=$NETBIOSNAME --host-ip=127.0.0.1"
392 PROVISION_OPTIONS="$PROVISION_OPTIONS --quiet --domain $DOMAIN --realm $REALM"
393 PROVISION_OPTIONS="$PROVISION_OPTIONS --adminpass $PASSWORD --root=$ROOT"
394 PROVISION_OPTIONS="$PROVISION_OPTIONS --simple-bind-dn=cn=Manager,$BASEDN --password=$PASSWORD --root=$ROOT"
395 $srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS
397 LDAPI="ldapi://$LDAPDIR/ldapi"
398 LDAPI_ESCAPE="ldapi://"`echo $LDAPDIR/ldapi | sed 's|/|%2F|g'`
402 #This uses the provision we just did, to read out the schema
403 $srcdir/bin/ad2oLschema $CONFIGURATION -H $PRIVATEDIR/sam.ldb -I $srcdir/setup/schema-map-openldap-2.3 -O $LDAPDIR/ad.schema
404 #Now create an LDAP baseDN
405 $srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS --ldap-base
408 PATH=/usr/local/sbin:/usr/sbin:/sbin:$PATH
411 MODCONF=$LDAPDIR/modules.conf
415 slaptest -u -f $SLAPD_CONF > /dev/null 2>&1 || {
416 echo "enabling slapd modules"
418 modulepath /usr/lib/ldap
423 if slaptest -u -f $SLAPD_CONF; then
424 slapadd -f $SLAPD_CONF < $PRIVATEDIR/$DNSNAME.ldif || {
425 echo "slapadd failed"
428 slaptest -f $SLAPD_CONF || {
429 echo "slaptest after database load failed"
437 cat >$PRIVATEDIR/wins_config.ldif<<EOF
438 dn: name=TORTURE_6,CN=PARTNERS
439 objectClass: wreplPartner
447 $srcdir/bin/ldbadd -H $PRIVATEDIR/wins_config.ldb < $PRIVATEDIR/wins_config.ldif >/dev/null || exit 1