3 '''automated testing of the steps of the Samba4 HOWTO'''
6 import wintest, pexpect, time, subprocess
8 def check_prerequesites(t):
9 t.info("Checking prerequesites")
10 t.setvar('HOSTNAME', t.cmd_output("hostname -s").strip())
12 raise Exception("You must run this script as root")
13 t.run_cmd('ifconfig ${INTERFACE} ${INTERFACE_NET} up')
14 if t.getvar('INTERFACE_IPV6'):
15 t.run_cmd('ifconfig ${INTERFACE} inet6 del ${INTERFACE_IPV6}/64', checkfail=False)
16 t.run_cmd('ifconfig ${INTERFACE} inet6 add ${INTERFACE_IPV6}/64 up')
21 t.chdir('${SOURCETREE}/source4')
22 t.putenv('CC', 'ccache gcc')
23 t.run_cmd('make reconfigure || ./configure --enable-auto-reconfigure --enable-developer --prefix=${PREFIX} -C')
25 t.run_cmd('rm -rf ${PREFIX}')
26 t.run_cmd('make -j install')
29 def provision_s4(t, func_level="2008"):
30 '''provision s4 as a DC'''
31 t.info('Provisioning s4')
33 t.del_files(["var", "private"])
34 t.run_cmd("rm -f etc/smb.conf")
35 provision=['sbin/provision',
38 '--adminpass=${PASSWORD1}',
39 '--server-role=domain controller',
40 '--function-level=%s' % func_level,
42 '--option=interfaces=${INTERFACE}',
43 '--host-ip=${INTERFACE_IP}',
44 '--option=bind interfaces only=yes',
45 '--option=rndc command=${RNDC} -c${PREFIX}/etc/rndc.conf']
46 if t.getvar('INTERFACE_IPV6'):
47 provision.append('--host-ip6=${INTERFACE_IPV6}')
49 t.run_cmd('bin/samba-tool newuser testallowed ${PASSWORD1}')
50 t.run_cmd('bin/samba-tool newuser testdenied ${PASSWORD1}')
51 t.run_cmd('bin/samba-tool group addmembers "Allowed RODC Password Replication Group" testallowed')
56 t.info('Starting Samba4')
58 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
59 t.run_cmd(['sbin/samba',
60 '--option', 'panic action=gnome-terminal -e "gdb --pid %PID%"'])
61 t.port_wait("${INTERFACE_IP}", 139)
64 '''Shut down any existing alive VMs, so they do not collide with what we are doing'''
65 t.info('Shutting down any of our VMs already running')
68 t.vm_poweroff(v, checkfail=False)
70 def test_smbclient(t):
72 t.info('Testing smbclient')
74 t.cmd_contains("bin/smbclient --version", ["Version 4.0"])
75 t.retry_cmd('bin/smbclient -L ${INTERFACE_IP} -U%', ["netlogon", "sysvol", "IPC Service"])
76 child = t.pexpect_spawn('bin/smbclient //${INTERFACE_IP}/netlogon -Uadministrator%${PASSWORD1}')
79 child.expect("blocks available")
80 child.sendline("mkdir testdir")
82 child.sendline("cd testdir")
83 child.expect('testdir')
84 child.sendline("cd ..")
85 child.sendline("rmdir testdir")
89 '''create some test shares'''
90 t.info("Adding test shares")
92 t.write_file("etc/smb.conf", '''
97 path = ${PREFIX}/var/profiles
101 t.run_cmd("mkdir -p test")
102 t.run_cmd("mkdir -p var/profiles")
105 def set_nameserver(t, nameserver):
106 '''set the nameserver in resolv.conf'''
107 t.write_file("/etc/resolv.conf.wintest", '''
108 # Generated by wintest, the Samba v Windows automated testing system
111 # your original resolv.conf appears below:
112 ''' % t.substitute(nameserver))
113 child = t.pexpect_spawn("cat /etc/resolv.conf", crlf=False)
114 i = child.expect(['your original resolv.conf appears below:', pexpect.EOF])
116 child.expect(pexpect.EOF)
117 contents = child.before.lstrip().replace('\r', '')
118 t.write_file('/etc/resolv.conf.wintest', contents, mode='a')
119 t.write_file('/etc/resolv.conf.wintest-bak', contents)
120 t.run_cmd("mv -f /etc/resolv.conf.wintest /etc/resolv.conf")
121 t.resolv_conf_backup = '/etc/resolv.conf.wintest-bak';
124 def restore_resolv_conf(t):
125 '''restore the /etc/resolv.conf after testing is complete'''
126 if getattr(t, 'resolv_conf_backup', False):
127 t.info("restoring /etc/resolv.conf")
128 t.run_cmd("mv -f %s /etc/resolv.conf" % t.resolv_conf_backup)
131 def rndc_cmd(t, cmd, checkfail=True):
132 '''run a rndc command'''
133 t.run_cmd("${RNDC} -c ${PREFIX}/etc/rndc.conf %s" % cmd, checkfail=checkfail)
135 def named_supports_gssapi_keytab(t):
136 '''see if named supports tkey-gssapi-keytab'''
137 t.write_file("${PREFIX}/named.conf.test",
138 'options { tkey-gssapi-keytab "test"; };')
140 t.run_cmd("${NAMED_CHECKCONF} ${PREFIX}/named.conf.test")
141 except subprocess.CalledProcessError:
146 def configure_bind(t):
149 nameserver = t.get_nameserver()
150 if nameserver == t.getvar('INTERFACE_IP'):
151 raise RuntimeError("old /etc/resolv.conf must not contain %s as a nameserver, this will create loops with the generated dns configuration" % nameserver)
152 t.setvar('DNSSERVER', nameserver)
154 if t.getvar('INTERFACE_IPV6'):
155 ipv6_listen = 'listen-on-v6 port 53 { ${INTERFACE_IPV6}; };'
158 t.setvar('BIND_LISTEN_IPV6', ipv6_listen)
160 if named_supports_gssapi_keytab(t):
161 t.setvar("NAMED_TKEY_OPTION",
162 'tkey-gssapi-keytab "${PREFIX}/private/dns.keytab";')
164 t.info("LCREALM=${LCREALM}")
165 t.setvar("NAMED_TKEY_OPTION",
166 '''tkey-gssapi-credential "DNS/${LCREALM}";
167 tkey-domain "${LCREALM}";
169 t.putenv("KRB5_CONFIG", '${PREFIX}/private/krb5.conf')
170 t.putenv('KEYTAB_FILE', '${PREFIX}/private/dns.keytab')
171 t.putenv('KRB5_KTNAME', '${PREFIX}/private/dns.keytab')
173 t.write_file("etc/named.conf", '''
175 listen-on port 53 { ${INTERFACE_IP}; };
177 directory "${PREFIX}/var/named";
178 dump-file "${PREFIX}/var/named/data/cache_dump.db";
179 pid-file "${PREFIX}/var/named/named.pid";
180 statistics-file "${PREFIX}/var/named/data/named_stats.txt";
181 memstatistics-file "${PREFIX}/var/named/data/named_mem_stats.txt";
182 allow-query { any; };
197 secret "lA/cTrno03mt5Ju17ybEYw==";
201 inet ${INTERFACE_IP} port 953
202 allow { any; } keys { "rndc-key"; };
205 include "${PREFIX}/private/named.conf";
208 # add forwarding for the windows domains
209 domains = t.get_domains()
211 t.write_file('etc/named.conf',
220 ''' % (d, domains[d]),
224 t.write_file("etc/rndc.conf", '''
228 secret "lA/cTrno03mt5Ju17ybEYw==";
232 default-key "rndc-key";
233 default-server ${INTERFACE_IP};
238 set_nameserver(t, t.getvar('INTERFACE_IP'))
242 '''Stop our private BIND from listening and operating'''
243 rndc_cmd(t, "stop", checkfail=False)
244 t.port_wait("${INTERFACE_IP}", 53, wait_for_fail=True)
246 t.run_cmd("rm -rf var/named")
250 '''restart the test environment version of bind'''
251 t.info("Restarting bind9")
254 set_nameserver(t, t.getvar('INTERFACE_IP'))
256 t.run_cmd("mkdir -p var/named/data")
257 t.run_cmd("chown -R ${BIND_USER} var/named")
259 t.bind_child = t.run_child("${BIND9} -u ${BIND_USER} -n 1 -c ${PREFIX}/etc/named.conf -g")
261 t.port_wait("${INTERFACE_IP}", 53)
270 '''test that DNS is OK'''
271 t.info("Testing DNS")
272 t.cmd_contains("host -t SRV _ldap._tcp.${LCREALM}.",
273 ['_ldap._tcp.${LCREALM} has SRV record 0 100 389 ${HOSTNAME}.${LCREALM}'])
274 t.cmd_contains("host -t SRV _kerberos._udp.${LCREALM}.",
275 ['_kerberos._udp.${LCREALM} has SRV record 0 100 88 ${HOSTNAME}.${LCREALM}'])
276 t.cmd_contains("host -t A ${HOSTNAME}.${LCREALM}",
277 ['${HOSTNAME}.${LCREALM} has address'])
279 def test_kerberos(t):
280 '''test that kerberos is OK'''
281 t.info("Testing kerberos")
282 t.run_cmd("kdestroy")
283 t.kinit("administrator@${REALM}", "${PASSWORD1}")
284 # this copes with the differences between MIT and Heimdal klist
285 t.cmd_contains("klist", ["rincipal", "administrator@${REALM}"])
289 '''test that dynamic DNS is working'''
291 t.run_cmd("sbin/samba_dnsupdate --fail-immediately")
295 def run_winjoin(t, vm):
296 '''join a windows box to our domain'''
299 t.info("Joining a windows box to the domain")
300 t.vm_poweroff("${WIN_VM}", checkfail=False)
301 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
302 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_USER}", "${WIN_PASS}", set_time=True, set_ip=True)
303 child.sendline("netdom join ${WIN_HOSTNAME} /Domain:${LCREALM} /PasswordD:${PASSWORD1} /UserD:administrator")
304 child.expect("The command completed successfully")
306 child.sendline("shutdown /r -t 0")
308 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_USER}", "${WIN_PASS}", set_time=True, set_ip=True)
309 child.sendline("ipconfig /registerdns")
310 child.expect("Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer")
313 def test_winjoin(t, vm):
314 t.info("Checking the windows join is OK")
316 t.port_wait("${WIN_IP}", 139)
317 t.retry_cmd('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"], retries=100)
318 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
319 t.cmd_contains('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"])
320 t.cmd_contains('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -k no -Utestallowed@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"])
321 t.cmd_contains('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -k yes -Utestallowed@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"])
322 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}")
323 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
324 child.expect("The command completed successfully")
325 t.vm_poweroff("${WIN_VM}")
328 def run_dcpromo(t, vm):
329 '''run a dcpromo on windows'''
332 t.info("Joining a windows VM ${WIN_VM} to the domain as a DC using dcpromo")
333 t.vm_poweroff("${WIN_VM}", checkfail=False)
334 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
335 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True)
336 child.sendline("copy /Y con answers.txt")
340 RebootOnCompletion=Yes
341 ReplicaOrNewDomain=Replica
342 ReplicaDomainDNSName=${LCREALM}
343 SiteName=Default-First-Site-Name
346 CreateDNSDelegation=No
347 UserDomain=${LCREALM}
348 UserName=${LCREALM}\\administrator
349 Password=${PASSWORD1}
350 DatabasePath="C:\Windows\NTDS"
351 LogPath="C:\Windows\NTDS"
352 SYSVOLPath="C:\Windows\SYSVOL"
353 SafeModeAdminPassword=${PASSWORD1}
356 child.expect("copied.")
359 child.sendline("dcpromo /answer:answers.txt")
360 i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout=120)
362 raise Exception("dcpromo failed")
366 def test_dcpromo(t, vm):
367 '''test that dcpromo worked'''
368 t.info("Checking the dcpromo join is OK")
370 t.port_wait("${WIN_IP}", 139)
371 t.retry_cmd("host -t A ${WIN_HOSTNAME}.${LCREALM}. ${INTERFACE_IP}",
372 ['${WIN_HOSTNAME}.${LCREALM} has address'],
373 retries=30, delay=10, casefold=True)
374 t.retry_cmd('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"])
375 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
376 t.cmd_contains('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"])
378 t.cmd_contains("bin/samba-tool drs kcc ${HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
379 t.retry_cmd("bin/samba-tool drs kcc ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}", ['Consistency check', 'successful'])
381 t.kinit("administrator@${REALM}", "${PASSWORD1}")
383 # the first replication will transfer the dnsHostname attribute
384 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME} CN=Configuration,${BASEDN} -k yes", ["was successful"])
386 for nc in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
387 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${LCREALM} ${WIN_HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
388 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s -k yes" % nc, ["was successful"])
390 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM} -k yes",
391 [ "INBOUND NEIGHBORS",
393 "Last attempt .* was successful",
394 "CN=Configuration,${BASEDN}",
395 "Last attempt .* was successful",
396 "CN=Configuration,${BASEDN}", # cope with either order
397 "Last attempt .* was successful",
398 "OUTBOUND NEIGHBORS",
401 "CN=Configuration,${BASEDN}",
403 "CN=Configuration,${BASEDN}",
408 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${LCREALM} -k yes",
409 [ "INBOUND NEIGHBORS",
411 "Last attempt .* was successful",
412 "CN=Configuration,${BASEDN}",
413 "Last attempt .* was successful",
414 "CN=Configuration,${BASEDN}",
415 "Last attempt .* was successful",
416 "OUTBOUND NEIGHBORS",
419 "CN=Configuration,${BASEDN}",
421 "CN=Configuration,${BASEDN}",
426 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
427 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
430 i = child.expect(["The command completed successfully", "The network path was not found"])
431 while i == 1 and retries > 0:
434 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
435 i = child.expect(["The command completed successfully", "The network path was not found"])
438 t.run_net_time(child)
440 t.info("Checking if showrepl is happy")
441 child.sendline("repadmin /showrepl")
442 child.expect("${BASEDN}")
443 child.expect("was successful")
444 child.expect("CN=Configuration,${BASEDN}")
445 child.expect("was successful")
446 child.expect("CN=Schema,CN=Configuration,${BASEDN}")
447 child.expect("was successful")
449 t.info("Checking if new users propogate to windows")
450 t.retry_cmd('bin/samba-tool newuser test2 ${PASSWORD2}', ["created successfully"])
451 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k no", ['Sharename', 'Remote IPC'])
452 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k yes", ['Sharename', 'Remote IPC'])
454 t.info("Checking if new users on windows propogate to samba")
455 child.sendline("net user test3 ${PASSWORD3} /add")
457 i = child.expect(["The command completed successfully",
458 "The directory service was unable to allocate a relative identifier"])
463 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${LCREALM} -Utest3%${PASSWORD3} -k no", ['Sharename', 'IPC'])
464 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${LCREALM} -Utest3%${PASSWORD3} -k yes", ['Sharename', 'IPC'])
466 t.info("Checking propogation of user deletion")
467 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
468 child.sendline("net user test3 /del")
469 child.expect("The command completed successfully")
471 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k no", ['LOGON_FAILURE'])
472 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${LCREALM} -Utest3%${PASSWORD3} -k no", ['LOGON_FAILURE'])
473 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k yes", ['LOGON_FAILURE'])
474 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${LCREALM} -Utest3%${PASSWORD3} -k yes", ['LOGON_FAILURE'])
475 t.vm_poweroff("${WIN_VM}")
478 def run_dcpromo_rodc(t, vm):
479 '''run a RODC dcpromo to join a windows DC to the samba domain'''
481 t.info("Joining a w2k8 box to the domain as a RODC")
482 t.vm_poweroff("${WIN_VM}", checkfail=False)
483 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
484 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True)
485 child.sendline("copy /Y con answers.txt")
488 ReplicaOrNewDomain=ReadOnlyReplica
489 ReplicaDomainDNSName=${LCREALM}
490 PasswordReplicationDenied="BUILTIN\Administrators"
491 PasswordReplicationDenied="BUILTIN\Server Operators"
492 PasswordReplicationDenied="BUILTIN\Backup Operators"
493 PasswordReplicationDenied="BUILTIN\Account Operators"
494 PasswordReplicationDenied="${DOMAIN}\Denied RODC Password Replication Group"
495 PasswordReplicationAllowed="${DOMAIN}\Allowed RODC Password Replication Group"
496 DelegatedAdmin="${DOMAIN}\\Administrator"
497 SiteName=Default-First-Site-Name
500 CreateDNSDelegation=No
501 UserDomain=${LCREALM}
502 UserName=${LCREALM}\\administrator
503 Password=${PASSWORD1}
504 DatabasePath="C:\Windows\NTDS"
505 LogPath="C:\Windows\NTDS"
506 SYSVOLPath="C:\Windows\SYSVOL"
507 SafeModeAdminPassword=${PASSWORD1}
508 RebootOnCompletion=No
511 child.expect("copied.")
512 child.sendline("dcpromo /answer:answers.txt")
513 i = child.expect(["You must restart this computer", "failed"], timeout=120)
515 raise Exception("dcpromo failed")
516 child.sendline("shutdown -r -t 0")
521 def test_dcpromo_rodc(t, vm):
522 '''test the RODC dcpromo worked'''
523 t.info("Checking the w2k8 RODC join is OK")
525 t.port_wait("${WIN_IP}", 139)
526 child = t.open_telnet("${WIN_HOSTNAME}", "${DOMAIN}\\administrator", "${PASSWORD1}", set_time=True)
527 child.sendline("ipconfig /registerdns")
528 t.retry_cmd('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Uadministrator@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"])
529 t.cmd_contains("host -t A ${WIN_HOSTNAME}.${LCREALM}.", ['has address'])
530 t.cmd_contains('bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utestallowed@${LCREALM}%${PASSWORD1}', ["C$", "IPC$", "Sharename"])
531 child.sendline("net use t: \\\\${HOSTNAME}.${LCREALM}\\test")
532 child.expect("The command completed successfully")
534 t.info("Checking if showrepl is happy")
535 child.sendline("repadmin /showrepl")
536 child.expect("${BASEDN}")
537 child.expect("was successful")
538 child.expect("CN=Configuration,${BASEDN}")
539 child.expect("was successful")
540 child.expect("CN=Configuration,${BASEDN}")
541 child.expect("was successful")
543 for nc in [ '${BASEDN}', 'CN=Configuration,${BASEDN}', 'CN=Schema,CN=Configuration,${BASEDN}' ]:
544 t.cmd_contains("bin/samba-tool drs replicate --add-ref ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} %s" % nc, ["was successful"])
546 t.cmd_contains("bin/samba-tool drs showrepl ${HOSTNAME}.${LCREALM}",
547 [ "INBOUND NEIGHBORS",
548 "OUTBOUND NEIGHBORS",
550 "Last attempt.*was successful",
551 "CN=Configuration,${BASEDN}",
552 "Last attempt.*was successful",
553 "CN=Configuration,${BASEDN}",
554 "Last attempt.*was successful" ],
558 t.info("Checking if new users are available on windows")
559 t.run_cmd('bin/samba-tool newuser test2 ${PASSWORD2}')
560 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k yes", ['Sharename', 'Remote IPC'])
561 t.retry_cmd("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${LCREALM} ${HOSTNAME}.${LCREALM} ${BASEDN}", ["was successful"])
562 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k no", ['Sharename', 'Remote IPC'])
563 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${LCREALM}%${PASSWORD1}')
564 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k yes", ['LOGON_FAILURE'])
565 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${LCREALM} -Utest2%${PASSWORD2} -k no", ['LOGON_FAILURE'])
566 t.vm_poweroff("${WIN_VM}")
569 def prep_join_as_dc(t, vm):
570 '''start VM and shutdown Samba in preperation to join a windows domain as a DC'''
572 t.info("Starting VMs for joining ${WIN_VM} as a second DC using samba-tool join DC")
574 t.run_cmd('killall -9 -q samba smbd nmbd winbindd', checkfail=False)
575 t.vm_poweroff("${WIN_VM}", checkfail=False)
576 t.vm_restore("${WIN_VM}", "${WIN_SNAPSHOT}")
578 t.run_cmd("rm -rf etc/smb.conf private")
579 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
580 t.get_ipconfig(child)
582 def join_as_dc(t, vm):
583 '''join a windows domain as a DC'''
585 t.info("Joining ${WIN_VM} as a second DC using samba-tool join DC")
586 t.port_wait("${WIN_IP}", 389)
587 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
589 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
590 t.run_cmd('bin/samba-tool join ${WIN_REALM} DC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
591 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
594 def test_join_as_dc(t, vm):
595 '''test the join of a windows domain as a DC'''
596 t.info("Checking the DC join is OK")
598 t.retry_cmd('bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}', ["C$", "IPC$", "Sharename"])
599 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
600 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
602 t.info("Forcing kcc runs, and replication")
603 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
604 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
606 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
607 for nc in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
608 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
609 t.cmd_contains("bin/samba-tool drs replicate ${WIN_HOSTNAME}.${WIN_REALM} ${HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
613 while i == 1 and retries > 0:
614 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
615 i = child.expect(["The command completed successfully", "The network path was not found"])
621 t.info("Checking if showrepl is happy")
622 child.sendline("repadmin /showrepl")
623 child.expect("${WIN_BASEDN}")
624 child.expect("was successful")
625 child.expect("CN=Configuration,${WIN_BASEDN}")
626 child.expect("was successful")
627 child.expect("CN=Configuration,${WIN_BASEDN}")
628 child.expect("was successful")
630 t.info("Checking if new users propogate to windows")
631 t.retry_cmd('bin/samba-tool newuser test2 ${PASSWORD2}', ["created successfully"])
632 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%${PASSWORD2} -k no", ['Sharename', 'Remote IPC'])
633 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%${PASSWORD2} -k yes", ['Sharename', 'Remote IPC'])
635 t.info("Checking if new users on windows propogate to samba")
636 child.sendline("net user test3 ${PASSWORD3} /add")
637 child.expect("The command completed successfully")
638 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k no", ['Sharename', 'IPC'])
639 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k yes", ['Sharename', 'IPC'])
641 t.info("Checking propogation of user deletion")
642 t.run_cmd('bin/samba-tool user delete test2 -Uadministrator@${WIN_REALM}%${WIN_PASS}')
643 child.sendline("net user test3 /del")
644 child.expect("The command completed successfully")
646 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%${PASSWORD2} -k no", ['LOGON_FAILURE'])
647 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k no", ['LOGON_FAILURE'])
648 t.retry_cmd("bin/smbclient -L ${WIN_HOSTNAME}.${WIN_REALM} -Utest2%${PASSWORD2} -k yes", ['LOGON_FAILURE'])
649 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k yes", ['LOGON_FAILURE'])
650 t.vm_poweroff("${WIN_VM}")
653 def join_as_rodc(t, vm):
654 '''join a windows domain as a RODC'''
656 t.info("Joining ${WIN_VM} as a RODC using samba-tool join DC")
657 t.port_wait("${WIN_IP}", 389)
658 t.retry_cmd("host -t SRV _ldap._tcp.${WIN_REALM} ${WIN_IP}", ['has SRV record'] )
659 t.retry_cmd("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator%${WIN_PASS}", ['INBOUND NEIGHBORS'] )
660 t.run_cmd('bin/samba-tool join ${WIN_REALM} RODC -Uadministrator%${WIN_PASS} -d${DEBUGLEVEL} --option=interfaces=${INTERFACE}')
661 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
664 def test_join_as_rodc(t, vm):
665 '''test a windows domain RODC join'''
666 t.info("Checking the RODC join is OK")
668 t.retry_cmd('bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}', ["C$", "IPC$", "Sharename"])
669 t.cmd_contains("host -t A ${HOSTNAME}.${WIN_REALM}.", ['has address'])
670 child = t.open_telnet("${WIN_HOSTNAME}", "${WIN_DOMAIN}\\administrator", "${WIN_PASS}", set_time=True)
672 t.info("Forcing kcc runs, and replication")
673 t.run_cmd('bin/samba-tool drs kcc ${HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
674 t.run_cmd('bin/samba-tool drs kcc ${WIN_HOSTNAME}.${WIN_REALM} -Uadministrator@${WIN_REALM}%${WIN_PASS}')
676 t.kinit("administrator@${WIN_REALM}", "${WIN_PASS}")
677 for nc in [ '${WIN_BASEDN}', 'CN=Configuration,${WIN_BASEDN}', 'CN=Schema,CN=Configuration,${WIN_BASEDN}' ]:
678 t.cmd_contains("bin/samba-tool drs replicate ${HOSTNAME}.${WIN_REALM} ${WIN_HOSTNAME}.${WIN_REALM} %s -k yes" % nc, ["was successful"])
682 while i == 1 and retries > 0:
683 child.sendline("net use t: \\\\${HOSTNAME}.${WIN_REALM}\\test")
684 i = child.expect(["The command completed successfully", "The network path was not found"])
690 t.info("Checking if showrepl is happy")
691 child.sendline("repadmin /showrepl")
692 child.expect("DSA invocationID")
694 t.cmd_contains("bin/samba-tool drs showrepl ${WIN_HOSTNAME}.${WIN_REALM} -k yes",
695 [ "INBOUND NEIGHBORS",
696 "OUTBOUND NEIGHBORS",
698 "Last attempt .* was successful",
699 "CN=Configuration,${WIN_BASEDN}",
700 "Last attempt .* was successful",
701 "CN=Configuration,${WIN_BASEDN}",
702 "Last attempt .* was successful" ],
706 t.info("Checking if new users on windows propogate to samba")
707 child.sendline("net user test3 ${PASSWORD3} /add")
708 child.expect("The command completed successfully")
709 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k no", ['Sharename', 'IPC'])
710 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k yes", ['Sharename', 'IPC'])
713 t.info("Checking if new users propogate to windows")
714 t.cmd_contains('bin/samba-tool newuser test2 ${PASSWORD2}', ['No RID Set DN'])
716 t.info("Checking propogation of user deletion")
717 child.sendline("net user test3 /del")
718 child.expect("The command completed successfully")
720 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k no", ['LOGON_FAILURE'])
721 t.retry_cmd("bin/smbclient -L ${HOSTNAME}.${WIN_REALM} -Utest3%${PASSWORD3} -k yes", ['LOGON_FAILURE'])
722 t.vm_poweroff("${WIN_VM}")
725 def run_dcpromo_as_first_dc(t, vm, func_level=None):
727 t.info("Configuring a windows VM ${WIN_VM} at the first DC in the domain using dcpromo")
728 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_time=True)
729 if t.get_is_dc(child):
732 if func_level == '2008r2':
733 t.setvar("FUNCTION_LEVEL_INT", str(4))
734 elif func_level == '2003':
735 t.setvar("FUNCTION_LEVEL_INT", str(1))
737 t.setvar("FUNCTION_LEVEL_INT", str(0))
739 child = t.open_telnet("${WIN_HOSTNAME}", "administrator", "${WIN_PASS}", set_ip=True)
741 """This server must therefore not yet be a directory server, so we must promote it"""
742 child.sendline("copy /Y con answers.txt")
745 ; New forest promotion
746 ReplicaOrNewDomain=Domain
748 NewDomainDNSName=${WIN_REALM}
749 ForestLevel=${FUNCTION_LEVEL_INT}
750 DomainNetbiosName=${WIN_DOMAIN}
751 DomainLevel=${FUNCTION_LEVEL_INT}
754 CreateDNSDelegation=No
755 DatabasePath="C:\Windows\NTDS"
756 LogPath="C:\Windows\NTDS"
757 SYSVOLPath="C:\Windows\SYSVOL"
758 ; Set SafeModeAdminPassword to the correct value prior to using the unattend file
759 SafeModeAdminPassword=${WIN_PASS}
760 ; Run-time flags (optional)
761 RebootOnCompletion=No
764 child.expect("copied.")
767 child.sendline("dcpromo /answer:answers.txt")
768 i = child.expect(["You must restart this computer", "failed", "Active Directory Domain Services was not installed", "C:"], timeout=120)
770 raise Exception("dcpromo failed")
771 child.sendline("shutdown -r -t 0")
772 t.port_wait("${WIN_IP}", 139, wait_for_fail=True)
773 t.port_wait("${WIN_IP}", 139)
777 '''test the Samba4 howto'''
779 check_prerequesites(t)
781 # we don't need fsync safety in these tests
782 t.putenv('TDB_NO_FSYNC', '1')
784 if not t.skip("configure_bind"):
786 if not t.skip("stop_bind"):
788 if not t.skip("stop_vms"):
791 if not t.skip("build"):
794 if not t.skip("provision"):
797 if not t.skip("create-shares"):
800 if not t.skip("starts4"):
802 if not t.skip("smbclient"):
804 if not t.skip("configure_bind2"):
806 if not t.skip("start_bind"):
808 if not t.skip("dns"):
810 if not t.skip("kerberos"):
812 if not t.skip("dyndns"):
815 if t.have_vm('WINDOWS7') and not t.skip("windows7"):
816 run_winjoin(t, "WINDOWS7")
817 test_winjoin(t, "WINDOWS7")
819 if t.have_vm('WINXP') and not t.skip("winxp"):
820 run_winjoin(t, "WINXP")
821 test_winjoin(t, "WINXP")
823 if t.have_vm('W2K8R2C') and not t.skip("dcpromo_rodc"):
824 t.info("Testing w2k8r2 RODC dcpromo")
825 run_dcpromo_rodc(t, "W2K8R2C")
826 test_dcpromo_rodc(t, "W2K8R2C")
828 if t.have_vm('W2K8R2B') and not t.skip("dcpromo_w2k8r2"):
829 t.info("Testing w2k8r2 dcpromo")
830 run_dcpromo(t, "W2K8R2B")
831 test_dcpromo(t, "W2K8R2B")
833 if t.have_vm('W2K8B') and not t.skip("dcpromo_w2k8"):
834 t.info("Testing w2k8 dcpromo")
835 run_dcpromo(t, "W2K8B")
836 test_dcpromo(t, "W2K8B")
838 if t.have_vm('W2K3B') and not t.skip("dcpromo_w2k3"):
839 t.info("Testing w2k3 dcpromo")
840 t.info("Changing to 2003 functional level")
841 provision_s4(t, func_level='2003')
849 run_dcpromo(t, "W2K3B")
850 test_dcpromo(t, "W2K3B")
852 if t.have_vm('W2K8R2A') and not t.skip("join_w2k8r2"):
853 prep_join_as_dc(t, "W2K8R2A")
854 run_dcpromo_as_first_dc(t, "W2K8R2A", func_level='2008r2')
855 join_as_dc(t, "W2K8R2A")
859 test_join_as_dc(t, "W2K8R2A")
861 if t.have_vm('W2K8R2A') and not t.skip("join_rodc"):
862 prep_join_as_dc(t, "W2K8R2A")
863 run_dcpromo_as_first_dc(t, "W2K8R2A", func_level='2008r2')
864 join_as_rodc(t, "W2K8R2A")
868 test_join_as_rodc(t, "W2K8R2A")
870 if t.have_vm('W2K3A') and not t.skip("join_w2k3"):
871 prep_join_as_dc(t, "W2K3A")
872 run_dcpromo_as_first_dc(t, "W2K3A", func_level='2003')
873 join_as_dc(t, "W2K3A")
877 test_join_as_dc(t, "W2K3A")
879 t.info("Howto test: All OK")
883 '''cleanup after tests'''
884 t.info("Cleaning up ...")
885 restore_resolv_conf(t)
886 if getattr(t, 'bind_child', False):
890 if __name__ == '__main__':
891 t = wintest.wintest()
893 t.setup("test-s4-howto.py", "source4")
898 if not t.opts.nocleanup:
902 if not t.opts.nocleanup:
904 t.info("S4 howto test: All OK")
git.samba.org / nivanova / samba-autobuild / .git / blob