LSA forest trust tests
sbose at redhat.com
Mon Dec 12 01:57:00 MST 2011
On Sat, Dec 10, 2011 at 03:07:01PM +1100, Andrew Bartlett wrote:
> I've been looking into the rpc.lsa.forest.trust test that you wrote,
> because running it against Samba4 found some segfaults, and it looks
> like a really good way to properly cover our inter-domain trust logic.
> However in doing this, I have some questions:
> Which version of windows and what functional level is this expected to
> pass against? I'm guessing it was written to Win2008 with functional
> level Windows 2000, but I wanted to double-check.
I think it was Win2008 with a functional level Win2008, but I'm not sure
since I delete the test environment some time ago. I did test with
Windows 2003 R3 as well, but mostly I used Win2008. So chances are that
the current version might have some issues with 2003 as you mention
> The reason that I'm a little confused is that this test expects that
> both LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES exist, and
> TRUST_ATTRIBUTE_FOREST_TRANSITIVE be supported. I've been testing with
> Windows 2003 R2 in functional level Windows 2003 R2, and that particular
> combination supports neither, so I have modified the test to cope.
> I also cannot find any instance where this test is currently run in
> Samba, so I presume it was written for some manual testing. Can you
> fill me in on any details I should know of, so I can avoid breaking it
> as I fix up the test?
I used the test primarily to test the work I did for IPA. Günther is
planning to enhance tdbsam so that the tests can also be used with 'make
check'. Since he hasn't started I think your changes will not break
> I would also like to modify the test to not use a fixed password, but to
> generate a random one at runtime. This will avoid leaving fixed
> passwords on domains that may have been placed under test if the test is
> interrupted and the trust not removed. Would that be OK?
Yes, please do. It would be nice if you can send me a note when you are
done. Then I will check if my environment still passes the new tests
which I expect to be more rigid and profound than my simple ones.
> My changes so far are in:
> Andrew Bartlett
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
More information about the samba-technical