LSA forest trust tests
abartlet at samba.org
Fri Dec 9 21:07:01 MST 2011
I've been looking into the rpc.lsa.forest.trust test that you wrote,
because running it against Samba4 found some segfaults, and it looks
like a really good way to properly cover our inter-domain trust logic.
However in doing this, I have some questions:
Which version of windows and what functional level is this expected to
pass against? I'm guessing it was written to Win2008 with functional
level Windows 2000, but I wanted to double-check.
The reason that I'm a little confused is that this test expects that
both LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES exist, and
TRUST_ATTRIBUTE_FOREST_TRANSITIVE be supported. I've been testing with
Windows 2003 R2 in functional level Windows 2003 R2, and that particular
combination supports neither, so I have modified the test to cope.
I also cannot find any instance where this test is currently run in
Samba, so I presume it was written for some manual testing. Can you
fill me in on any details I should know of, so I can avoid breaking it
as I fix up the test?
I would also like to modify the test to not use a fixed password, but to
generate a random one at runtime. This will avoid leaving fixed
passwords on domains that may have been placed under test if the test is
interrupted and the trust not removed. Would that be OK?
My changes so far are in:
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical