3 '''automated testing of the steps of the Samba4 HOWTO'''
7 import wintest, pexpect
9 def check_prerequesites(t):
10 t.info("Checking prerequesites")
11 t.setvar('HOSTNAME', t.cmd_output("hostname -s").strip())
13 raise Exception("You must run this script as root")
14 t.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf')
15 t.run_cmd('ifconfig ${INTERFACE} ${INTERFACE_NET} up')
16 if t.getvar('INTERFACE_IPV6'):
17 t.run_cmd('ifconfig ${INTERFACE} inet6 del ${INTERFACE_IPV6}/64', checkfail=False)
18 t.run_cmd('ifconfig ${INTERFACE} inet6 add ${INTERFACE_IPV6}/64 up')
24 t.chdir('${SOURCETREE}/source4')
25 t.putenv('CC', 'ccache gcc')
26 t.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C')
28 t.run_cmd('rm -rf ${PREFIX}')
29 t.run_cmd('make -j install')
32 def provision_s4(t, func_level="2008"):
33 '''provision s4 as a DC'''
34 t.info('Provisioning s4')
36 t.del_files(["var", "private"])
37 t.run_cmd("rm -f etc/smb.conf")
38 provision=['sbin/provision',
41 '--adminpass=${PASSWORD1}',
42 '--server-role=domain controller',
43 '--function-level=%s' % func_level,
45 '--option=interfaces=${INTERFACE}',
46 '--host-ip=${INTERFACE_IP}',
47 '--option=bind interfaces only=yes',
48 '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf']
49 if t.getvar('INTERFACE_IPV6'):
50 provision.append('--host-ip6=${INTERFACE_IPV6}')
52 t.run_cmd('bin/samba-tool newuser testallowed ${PASSWORD1}')
53 t.run_cmd('bin/samba-tool newuser testdenied ${PASSWORD1}')
54 t.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed')
59 t.info('Starting Samba4')
61 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
62 t.run_cmd(['sbin/samba',
63 '--option', 'panic action=gnome-terminal -e "gdb --pid %PID%"'])
64 t.port_wait("${INTERFACE_IP}", 139)
67 '''Shut down any existing alive VMs, so they don't collide with what we are doing'''
68 t.info('Shutting down any of our VMs already running')
71 t.vm_poweroff(v, checkfail=False)
73 def test_smbclient(t):
75 t.info('Testing smbclient')
77 t.cmd_contains("bin/smbclient --version", ["Version 4.0"])
78 t.retry_cmd('bin/smbclient -L ${INTERFACE_IP} -U%', ["netlogon", "sysvol", "IPC Service"])
79 child = t.pexpect_spawn('bin/smbclient //${INTERFACE_IP}/netlogon -Uadministrator%${PASSWORD1}')
82 child.expect("blocks available")
83 child.sendline("mkdir testdir")
85 child.sendline("cd testdir")
86 child.expect('testdir')
87 child.sendline("cd ..")
88 child.sendline("rmdir testdir")
92 '''create some test shares'''
93 t.info("Adding test shares")
95 t.write_file("etc/smb.conf", '''
100 path = ${PREFIX}/var/profiles
104 t.run_cmd("mkdir -p test")
105 t.run_cmd("mkdir -p var/profiles")
108 def set_nameserver(t, nameserver):
109 '''set the nameserver in resolv.conf'''
110 t.write_file("/etc/resolv.conf.wintest", '''
111 # Generated by wintest, the Samba v Windows automated testing system
114 # your original resolv.conf appears below:
115 ''' % t.substitute(nameserver))
116 child = t.pexpect_spawn("cat /etc/resolv.conf", crlf=False)
117 i = child.expect(['your original resolv.conf appears below:', pexpect.EOF])
119 child.expect(pexpect.EOF)
120 contents = child.before.lstrip().replace('\r', '')
121 t.write_file('/etc/resolv.conf.wintest', contents, mode='a')
122 t.write_file('/etc/resolv.conf.wintest-bak', contents)
123 t.run_cmd("mv -f /etc/resolv.conf.wintest /etc/resolv.conf")
124 t.resolv_conf_backup = '/etc/resolv.conf.wintest-bak';
127 def restore_resolv_conf(t):
128 '''restore the /etc/resolv.conf after testing is complete'''
129 if getattr(t, 'resolv_conf_backup', False):
130 t.info("restoring /etc/resolv.conf")
131 t.run_cmd("mv -f %s /etc/resolv.conf" % t.resolv_conf_backup)
133 def rndc_cmd(t, cmd, checkfail=True):
134 '''run a rndc command'''
135 t.run_cmd("${RNDC} -c ${PREFIX}/etc/rndc.conf %s" % cmd, checkfail=checkfail)
139 '''restart the test environment version of bind'''
140 t.info("Restarting bind9")
141 t.putenv('KEYTAB_FILE', '${PREFIX}/private/dns.keytab')
142 t.putenv('KRB5_KTNAME', '${PREFIX}/private/dns.keytab')
144 t.run_cmd("mkdir -p var/named/data")
145 t.run_cmd("chown -R ${BIND_USER} var/named")
147 nameserver = t.get_nameserver()
148 if nameserver == t.getvar('INTERFACE_IP'):
149 raise RuntimeError("old /etc/resolv.conf must not contain %s as a nameserver, this will create loops with the generated dns configuration" % nameserver)
150 t.setvar('DNSSERVER', nameserver)
152 if t.getvar('INTERFACE_IPV6'):
153 ipv6_listen = 'listen-on-v6 port 53 { ${INTERFACE_IPV6}; };'
156 t.setvar('BIND_LISTEN_IPV6', ipv6_listen)
158 t.write_file("etc/named.conf", '''
160 listen-on port 53 { ${INTERFACE_IP}; };
162 directory "${PREFIX}/var/named";
163 dump-file "${PREFIX}/var/named/data/cache_dump.db";
164 pid-file "${PREFIX}/var/named/named.pid";
165 statistics-file "${PREFIX}/var/named/data/named_stats.txt";
166 memstatistics-file "${PREFIX}/var/named/data/named_mem_stats.txt";
167 allow-query { any; };
169 tkey-gssapi-credential "DNS/${HOSTNAME}.${LCREALM}";
170 tkey-domain "${REALM}";
183 secret "lA/cTrno03mt5Ju17ybEYw==";
187 inet ${INTERFACE_IP} port 953
188 allow { any; } keys { "rndc-key"; };
191 include "${PREFIX}/private/named.conf";
194 # add forwarding for the windows domains
195 domains = t.get_domains()
197 t.write_file('etc/named.conf',
206 ''' % (d, domains[d]),
210 t.write_file("etc/rndc.conf", '''
214 secret "lA/cTrno03mt5Ju17ybEYw==";
218 default-key "rndc-key";
219 default-server ${INTERFACE_IP};
224 set_nameserver(t, t.getvar('INTERFACE_IP'))
226 rndc_cmd(t, "stop", checkfail=False)
227 t.port_wait("${INTERFACE_IP}", 53, wait_for_fail=True)
228 t.bind_child = t.run_child("${BIND9} -u ${BIND_USER} -n 1 -c ${PREFIX}/etc/named.conf -g")
230 t.port_wait("${INTERFACE_IP}", 53)
235 '''test that DNS is OK'''
236 t.info("Testing DNS")
237 t.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
238 ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
239 t.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.",
240 ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
241 t.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
242 ['${HOSTNAME}.${LCREALM} has address'])
244 def test_kerberos(t):
245 '''test that kerberos is OK'''
246 t.info("Testing kerberos")
247 t.run_cmd("kdestroy")
248 t.kinit("administrator@${REALM}", "${PASSWORD1}")
249 # this copes with the differences between MIT and Heimdal klist
250 t.cmd_contains("klist", ["rincipal", "administrator@${REALM}"])
254 '''test that dynamic DNS is working'''
256 t.run_cmd("sbin/samba_dnsupdate --fail-immediately")
260 def run_winjoin(t, vm):
261 '''join a windows box to our domain'''
264 t.info("Joining a windows box to the domain")
265 t.vm_poweroff("${WIN_VM}", checkfail=False)
266 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
267 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_USER}", "${WIN_PASS}", set_time=True, set_ip=True)
268 child.sendline("netdom join ${WIN_HOSTNAME} /Domain:${LCREALM} /PasswordD:${PASSWORD1} /UserD:administrator")
269 child.expect("The command completed successfully")
271 child.sendline("shutdown /r -t 0")
273 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_USER}", "${WIN_PASS}", set_time=True, set_ip=True)
274 child.sendline("ipconfig /registerdns")
275 child.expect("Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer")
278 def test_winjoin(t, vm):
279 t.info("Checking the windows join is OK")
281 t.port_wait("${WIN_IP}", 139)
282 t.retry_cmd('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"], retries=100)
283 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
284 t.cmd_contains('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"])
285 t.cmd_contains('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"])
286 t.cmd_contains('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"])
287 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}")
288 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
289 child.expect("The command completed successfully")
290 t.vm_poweroff("${WIN_VM}")
293 def run_dcpromo(t, vm):
294 '''run a dcpromo on windows'''
297 t.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo")
298 t.vm_poweroff("${WIN_VM}", checkfail=False)
299 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
300 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True)
301 child.sendline("copy /Y con answers.txt")
305 RebootOnCompletion=Yes
306 ReplicaOrNewDomain=Replica
307 ReplicaDomainDNSName=${LCREALM}
308 SiteName=Default-First-Site-Name
311 CreateDNSDelegation=No
312 UserDomain=${LCREALM}
313 UserName=${LCREALM}\\administrator
314 Password=${PASSWORD1}
315 DatabasePath="C:\Windows\NTDS"
316 LogPath="C:\Windows\NTDS"
317 SYSVOLPath="C:\Windows\SYSVOL"
318 SafeModeAdminPassword=${PASSWORD1}
321 child.expect("copied.")
324 child.sendline("dcpromo /answer:answers.txt")
325 i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout=120)
327 raise Exception("dcpromo failed")
331 def test_dcpromo(t, vm):
332 '''test that dcpromo worked'''
333 t.info("Checking the dcpromo join is OK")
335 t.port_wait("${WIN_IP}", 139)
336 t.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${INTERFACE_IP}",
337 ['${WIN_HOSTNAME}.${LCREALM} has address'],
338 retries=30, delay=10, casefold=True)
339 t.retry_cmd('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"])
340 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
341 t.cmd_contains('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"])
343 t.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
344 t.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
346 t.kinit("administrator@${REALM}", "${PASSWORD1}")
348 # the first replication will transfer the dnsHostname attribute
349 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"])
351 for nc in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
352 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
353 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
355 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
356 [ "INBOUND NEIGHBORS",
358 "Last attempt .* was successful",
359 "CN=Configuration,${BASEDN}",
360 "Last attempt .* was successful",
361 "CN=Configuration,${BASEDN}", # cope with either order
362 "Last attempt .* was successful",
363 "OUTBOUND NEIGHBORS",
366 "CN=Configuration,${BASEDN}",
368 "CN=Configuration,${BASEDN}",
373 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
374 [ "INBOUND NEIGHBORS",
376 "Last attempt .* was successful",
377 "CN=Configuration,${BASEDN}",
378 "Last attempt .* was successful",
379 "CN=Configuration,${BASEDN}",
380 "Last attempt .* was successful",
381 "OUTBOUND NEIGHBORS",
384 "CN=Configuration,${BASEDN}",
386 "CN=Configuration,${BASEDN}",
391 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
392 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
393 child.expect("The command completed successfully")
395 t.run_net_time(child)
397 t.info("Checking if showrepl is happy")
398 child.sendline("repadmin /showrepl")
399 child.expect("${BASEDN}")
400 child.expect("was successful")
401 child.expect("CN=Configuration,${BASEDN}")
402 child.expect("was successful")
403 child.expect("CN=Schema,CN=Configuration,${BASEDN}")
404 child.expect("was successful")
406 t.info("Checking if new users propogate to windows")
407 t.retry_cmd('bin/samba-tool newuser test2 ${PASSWORD2}', ["created successfully"])
408 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k no", ['Sharename', 'Remote IPC'])
409 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k yes", ['Sharename', 'Remote IPC'])
411 t.info("Checking if new users on windows propogate to samba")
412 child.sendline("net user test3 ${PASSWORD3} /add")
414 i = child.expect(["The command completed successfully",
415 "The directory service was unable to allocate a relative identifier"])
420 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${LCREALM} -Utest3%${PASSWORD3} -k no", ['Sharename', 'IPC'])
421 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${LCREALM} -Utest3%${PASSWORD3} -k yes", ['Sharename', 'IPC'])
423 t.info("Checking propogation of user deletion")
424 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
425 child.sendline("net user test3 /del")
426 child.expect("The command completed successfully")
428 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k no", ['LOGON_FAILURE'])
429 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${LCREALM} -Utest3%${PASSWORD3} -k no", ['LOGON_FAILURE'])
430 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k yes", ['LOGON_FAILURE'])
431 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${LCREALM} -Utest3%${PASSWORD3} -k yes", ['LOGON_FAILURE'])
432 t.vm_poweroff("${WIN_VM}")
435 def run_dcpromo_rodc(t, vm):
436 '''run a RODC dcpromo to join a windows DC to the samba domain'''
438 t.info("Joining a w2k8 box to the domain as a RODC")
439 t.vm_poweroff("${WIN_VM}", checkfail=False)
440 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
441 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True)
442 child.sendline("copy /Y con answers.txt")
445 ReplicaOrNewDomain=ReadOnlyReplica
446 ReplicaDomainDNSName=${LCREALM}
447 PasswordReplicationDenied="BUILTIN\Administrators"
448 PasswordReplicationDenied="BUILTIN\Server Operators"
449 PasswordReplicationDenied="BUILTIN\Backup Operators"
450 PasswordReplicationDenied="BUILTIN\Account Operators"
451 PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group"
452 PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group"
453 DelegatedAdmin="${DOMAIN}\\Administrator"
454 SiteName=Default-First-Site-Name
457 CreateDNSDelegation=No
458 UserDomain=${LCREALM}
459 UserName=${LCREALM}\\administrator
460 Password=${PASSWORD1}
461 DatabasePath="C:\Windows\NTDS"
462 LogPath="C:\Windows\NTDS"
463 SYSVOLPath="C:\Windows\SYSVOL"
464 SafeModeAdminPassword=${PASSWORD1}
465 RebootOnCompletion=No
468 child.expect("copied.")
469 child.sendline("dcpromo /answer:answers.txt")
470 i = child.expect(["You must restart this computer", "failed"], timeout=120)
472 raise Exception("dcpromo failed")
473 child.sendline("shutdown -r -t 0")
478 def test_dcpromo_rodc(t, vm):
479 '''test the RODC dcpromo worked'''
480 t.info("Checking the w2k8 RODC join is OK")
482 t.port_wait("${WIN_IP}", 139)
483 t.retry_cmd('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"])
484 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
485 t.cmd_contains('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"])
486 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
487 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
488 child.expect("The command completed successfully")
490 t.info("Checking if showrepl is happy")
491 child.sendline("repadmin /showrepl")
492 child.expect("${BASEDN}")
493 child.expect("was successful")
494 child.expect("CN=Configuration,${BASEDN}")
495 child.expect("was successful")
496 child.expect("CN=Configuration,${BASEDN}")
497 child.expect("was successful")
499 t.info("Checking if new users are available on windows")
500 t.run_cmd('bin/samba-tool newuser test2 ${PASSWORD2}')
501 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k yes", ['Sharename', 'Remote IPC'])
502 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k no", ['LOGON_FAILURE'])
503 t.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN} -k yes", ["was successful"])
504 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k no", ['Sharename', 'Remote IPC'])
505 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
506 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k yes", ['LOGON_FAILURE'])
507 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k no", ['LOGON_FAILURE'])
508 t.vm_poweroff("${WIN_VM}")
511 def prep_join_as_dc(t, vm):
512 '''start VM and shutdown Samba in preperation to join a windows domain as a DC'''
514 t.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool join DC")
516 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
517 t.vm_poweroff("${WIN_VM}", checkfail=False)
518 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
520 t.run_cmd("rm -rf etc/smb.conf private")
521 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
522 t.get_ipconfig(child)
524 def join_as_dc(t, vm):
525 '''join a windows domain as a DC'''
527 t.info("Joining ${WIN_VM} as a second DC using samba-tool join DC")
528 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
529 t.run_cmd('bin/samba-tool join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
530 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
533 def test_join_as_dc(t, vm):
534 '''test the join of a windows domain as a DC'''
535 t.info("Checking the DC join is OK")
537 t.retry_cmd('bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}', ["C$", "IPC$", "Sharename"])
538 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
539 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
541 t.info("Forcing kcc runs, and replication")
542 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
543 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
545 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
546 for nc in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
547 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
548 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
550 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
551 child.expect("The command completed successfully")
553 t.info("Checking if showrepl is happy")
554 child.sendline("repadmin /showrepl")
555 child.expect("${WIN_BASEDN}")
556 child.expect("was successful")
557 child.expect("CN=Configuration,${WIN_BASEDN}")
558 child.expect("was successful")
559 child.expect("CN=Configuration,${WIN_BASEDN}")
560 child.expect("was successful")
562 t.info("Checking if new users propogate to windows")
563 t.run_cmd('bin/samba-tool newuser test2 ${PASSWORD2}')
564 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%${PASSWORD2} -k no", ['Sharename', 'Remote IPC'])
565 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%${PASSWORD2} -k yes", ['Sharename', 'Remote IPC'])
567 t.info("Checking if new users on windows propogate to samba")
568 child.sendline("net user test3 ${PASSWORD3} /add")
569 child.expect("The command completed successfully")
570 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k no", ['Sharename', 'IPC'])
571 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k yes", ['Sharename', 'IPC'])
573 t.info("Checking propogation of user deletion")
574 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}')
575 child.sendline("net user test3 /del")
576 child.expect("The command completed successfully")
578 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%${PASSWORD2} -k no", ['LOGON_FAILURE'])
579 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k no", ['LOGON_FAILURE'])
580 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%${PASSWORD2} -k yes", ['LOGON_FAILURE'])
581 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k yes", ['LOGON_FAILURE'])
582 t.vm_poweroff("${WIN_VM}")
585 def join_as_rodc(t, vm):
586 '''join a windows domain as a RODC'''
588 t.info("Joining ${WIN_VM} as a RODC using samba-tool join DC")
590 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
591 t.vm_poweroff("${WIN_VM}", checkfail=False)
592 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
594 t.run_cmd("rm -rf etc/smb.conf private")
595 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
596 t.get_ipconfig(child)
597 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
598 t.run_cmd('bin/samba-tool join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
599 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
602 def test_join_as_rodc(t, vm):
603 '''test a windows domain RODC join'''
604 t.info("Checking the RODC join is OK")
606 t.retry_cmd('bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}', ["C$", "IPC$", "Sharename"])
607 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
608 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
610 t.info("Forcing kcc runs, and replication")
611 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
612 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
614 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
615 for nc in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
616 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
618 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
619 child.expect("The command completed successfully")
621 t.info("Checking if showrepl is happy")
622 child.sendline("repadmin /showrepl")
623 child.expect("DSA invocationID")
625 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
626 [ "INBOUND NEIGHBORS",
627 "OUTBOUND NEIGHBORS",
629 "Last attempt .* was successful",
630 "CN=Configuration,${WIN_BASEDN}",
631 "Last attempt .* was successful",
632 "CN=Configuration,${WIN_BASEDN}",
633 "Last attempt .* was successful" ],
637 t.info("Checking if new users on windows propogate to samba")
638 child.sendline("net user test3 ${PASSWORD3} /add")
639 child.expect("The command completed successfully")
640 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k no", ['Sharename', 'IPC'])
641 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k yes", ['Sharename', 'IPC'])
644 t.info("Checking if new users propogate to windows")
645 t.cmd_contains('bin/samba-tool newuser test2 ${PASSWORD2}', ['No RID Set DN'])
647 t.info("Checking propogation of user deletion")
648 child.sendline("net user test3 /del")
649 child.expect("The command completed successfully")
651 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k no", ['LOGON_FAILURE'])
652 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k yes", ['LOGON_FAILURE'])
653 t.vm_poweroff("${WIN_VM}")
656 def run_dcpromo_as_first_dc(t, vm, func_level=None):
658 t.info("Configuring a windows VM ${WIN_VM} at the first DC in the domain using dcpromo")
659 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_time=True)
660 child.sendline("dcdiag");
661 if t.get_is_dc(child):
664 if func_level == '2008r2':
665 t.setvar("FUNCTION_LEVEL_INT", str(4))
666 elif func_level == '2003':
667 t.setvar("FUNCTION_LEVEL_INT", str(1))
669 t.setvar("FUNCTION_LEVEL_INT", str(0))
671 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True)
672 child.sendline("dcdiag");
674 """This server must therefore not yet be a directory server, so we must promote it"""
675 child.sendline("copy /Y con answers.txt")
678 ; New forest promotion
679 ReplicaOrNewDomain=Domain
681 NewDomainDNSName=${WIN_REALM}
682 ForestLevel=${FUNCTION_LEVEL_INT}
683 DomainNetbiosName=${WIN_DOMAIN}
684 DomainLevel=${FUNCTION_LEVEL_INT}
687 CreateDNSDelegation=No
688 DatabasePath="C:\Windows\NTDS"
689 LogPath="C:\Windows\NTDS"
690 SYSVOLPath="C:\Windows\SYSVOL"
691 ; Set SafeModeAdminPassword to the correct value prior to using the unattend file
692 SafeModeAdminPassword=${WIN_PASS}
693 ; Run-time flags (optional)
694 RebootOnCompletion=No
697 child.expect("copied.")
700 child.sendline("dcpromo /answer:answers.txt")
701 i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout=120)
703 raise Exception("dcpromo failed")
704 child.sendline("shutdown -r -t 0")
705 t.port_wait("${WIN_IP}", 139, wait_for_fail=True)
706 t.port_wait("${WIN_IP}", 139)
709 '''test the Samba4 howto'''
711 check_prerequesites(t)
713 # we don't need fsync safety in these tests
714 t.putenv('TDB_NO_FSYNC', '1')
716 if not t.skip("build"):
719 if not t.skip("provision"):
722 if not t.skip("create-shares"):
725 if not t.skip("starts4"):
727 if not t.skip("stop_vms"):
729 if not t.skip("smbclient"):
731 if not t.skip("startbind"):
733 if not t.skip("dns"):
735 if not t.skip("kerberos"):
737 if not t.skip("dyndns"):
740 if t.have_vm('WINDOWS7') and not t.skip("windows7"):
741 run_winjoin(t, "WINDOWS7")
742 test_winjoin(t, "WINDOWS7")
744 if t.have_vm('WINXP') and not t.skip("winxp"):
745 run_winjoin(t, "WINXP")
746 test_winjoin(t, "WINXP")
748 if t.have_vm('W2K8R2C') and not t.skip("dcpromo_rodc"):
749 t.info("Testing w2k8r2 RODC dcpromo")
750 run_dcpromo_rodc(t, "W2K8R2C")
751 test_dcpromo_rodc(t, "W2K8R2C")
753 if t.have_vm('W2K8R2B') and not t.skip("dcpromo_w2k8r2"):
754 t.info("Testing w2k8r2 dcpromo")
755 run_dcpromo(t, "W2K8R2B")
756 test_dcpromo(t, "W2K8R2B")
758 if t.have_vm('W2K8B') and not t.skip("dcpromo_w2k8"):
759 t.info("Testing w2k8 dcpromo")
760 run_dcpromo(t, "W2K8B")
761 test_dcpromo(t, "W2K8B")
763 if t.have_vm('W2K3B') and not t.skip("dcpromo_w2k3"):
764 t.info("Testing w2k3 dcpromo")
765 t.info("Changing to 2003 functional level")
766 provision_s4(t, func_level='2003')
774 run_dcpromo(t, "W2K3B")
775 test_dcpromo(t, "W2K3B")
777 if t.have_vm('W2K8R2A') and not t.skip("join_w2k8r2"):
778 prep_join_as_dc(t, "W2K8R2A")
779 run_dcpromo_as_first_dc(t, "W2K8R2A", func_level='2008r2')
780 join_as_dc(t, "W2K8R2A")
784 test_join_as_dc(t, "W2K8R2A")
786 if t.have_vm('W2K8R2A') and not t.skip("join_rodc"):
787 prep_join_as_rodc(t, "W2K8R2A")
788 run_dcpromo_as_first_dc(t, "W2K8R2A", func_level='2008r2')
789 join_as_rodc(t, "W2K8R2A")
793 test_join_as_rodc(t, "W2K8R2A")
795 if t.have_vm('W2K3A') and not t.skip("join_w2k3"):
796 prep_join_as_dc(t, "W2K3A")
797 run_dcpromo_as_first_dc(t, "W2K3A", func_level='2003')
798 join_as_dc(t, "W2K3A")
802 test_join_as_dc(t, "W2K3A")
804 t.info("Howto test: All OK")
808 '''cleanup after tests'''
809 t.info("Cleaning up ...")
810 restore_resolv_conf(t)
811 if getattr(t, 'bind_child', False):
815 if __name__ == '__main__':
816 parser = optparse.OptionParser("test-howto.py")
817 parser.add_option("--conf", type='string', default='', help='config file')
818 parser.add_option("--skip", type='string', default='', help='list of steps to skip (comma separated)')
819 parser.add_option("--vms", type='string', default=None, help='list of VMs to use (comma separated)')
820 parser.add_option("--list", action='store_true', default=False, help='list the available steps')
821 parser.add_option("--rebase", action='store_true', default=False, help='do a git pull --rebase')
822 parser.add_option("--clean", action='store_true', default=False, help='clean the tree')
823 parser.add_option("--prefix", type='string', default=None, help='override install prefix')
824 parser.add_option("--sourcetree", type='string', default=None, help='override sourcetree location')
825 parser.add_option("--nocleanup", action='store_true', default=False, help='disable cleanup code')
827 opts, args = parser.parse_args()
830 print("Please specify a config file with --conf")
833 t = wintest.wintest()
834 t.load_config(opts.conf)
836 t.set_skip(opts.skip)
843 t.setvar('PREFIX', opts.prefix)
846 t.setvar('SOURCETREE', opts.sourcetree)
850 t.chdir('${SOURCETREE}')
851 t.run_cmd('git pull --rebase')
855 t.chdir('${SOURCETREE}/source4')
856 t.run_cmd('rm -rf bin')
861 if not opts.nocleanup:
865 if not opts.nocleanup:
867 t.info("S4 howto test: All OK")