new Kerberos tests in Samba3

Andrew Bartlett abartlet at samba.org
Tue Apr 5 20:40:59 MDT 2011 

On Wed, 2011-04-06 at 06:45 +1000, Andrew Bartlett wrote:
> On Tue, 2011-04-05 at 16:31 +0200, Guenther Deschner wrote:
> > Hi Andrew,
> > 
> > On 04/04/2011 01:32 PM, Andrew Bartlett wrote:
> > > The branch, master has been updated
> > >         via  a3ef974 s3-rpc_server Remove comment, yes the key is correct.
> > >         via  77e6716 s3-auth consolidate create_local_token() into make_server_info_krb5()
> > >         via  841d0bc s3-selftest Remove more instances of /tmp in test_smbclient_s3.sh
> > >         via  6351dee s3-selftest Add testing of kerberos login
> > >         via  55134c9 s4-credentials Add a command line hook to set the kerberos credentials cache
> > >         via  ffb6003 s3-selftest Disable log rotation in 'make test'
> > >        from  513574a talloc - some documentation changes
> > >
> > > http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> > >
> > >
> > 
> > Wow, that is great stuff! Finally we have some security=ads testing on 
> > the buildfarm! the only problem is that the ktest tests fail quite 
> > often, I tried to nail down the problem using
> > 
> > SMBD_OPTIONS=-d10 make test TESTS=lookupsids FAIL_IMMEDIATELY=1 VALGRIND=1
> > 
> > but the failure seem not to happen when running under valgrind, do you 
> > have any other idea ? If we don't catch it, we should mark the kerberos 
> > tests knownfail for now probably.
> 
> Can you give me what details you have of the failure?
> 
> I ran it here often, and got it past autobuild, so I'll need some
> clues.  
> 
> There is only one thing I came across in my testing: a failure to
> contact a newly running server in the test environment.  This change
> requires that it contact the server by name, not IP, and so if nmbd
> isn't fast enough, or smbd hasn't really started in time, then we could
> have problems.  
> 
> Perhaps that's the issue?  Samba4 puts some 'nmblookup' calls in the
> server starting code to ensure things are up and going in it's selftest.

I don't fully understand why netbios name lookups are not reliable in
make test, but I've pushed a change to autobuild that uses the same
'fake dns host file' that Samba4 uses.  This should avoid the lookups
and make this reliable.

I've also found and fixed a bug where the previous machine trust account
password was not honoured. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list