[PATCH] Implement machinepass= in 'net ads join'

Jeremy Allison jra at samba.org
Mon Mar 4 17:15:29 MST 2013 

On Sat, Mar 02, 2013 at 12:11:03PM +1100, Andrew Bartlett wrote:
> On Fri, 2013-03-01 at 13:07 -0800, Jeremy Allison wrote:
> > On Thu, Feb 28, 2013 at 11:31:17PM +1100, Andrew Bartlett wrote:
> > > G'day,
> > > 
> > > These patches add (and add tests for) a new machinepass= option for 'net
> > > ads join'. 
> > > 
> > > This makes this match 'samba-tool domain join'.  For master and 4.0,
> > > this is not strictly required, as a workaround is to call 'samba-tool
> > > domain join'.  However, I've been asked to backport this to 3.6, for
> > > Univention at least, and I think having the capability is a reasonable
> > > addition in any case.
> > > 
> > > The only thing is that in all these tools, we don't try and wipe the
> > > password from the command line, but I'm not worried by this. 
> > > 
> > > The first patch is needed because the included tests showed that we in
> > > fact did not correct set the machine password in the testsuite's calls
> > > to 'samba-tool', so adding tests here has already been a worthwhile
> > > exercise.  
> > > 
> > > Please review/push/comment.  
> > 
> > Having said "LGTM" and looked at the code it looks really
> > obvious, but I can't push as the new test file :
> > 
> > script/tests/test_smbclient_specified_machine_auth.sh
> > 
> > isn't in the patchset (so my make test failed :-).
> > 
> > Can you add it and re-submit ?
> 
> Sorry about that.

Ok, this causes make test to fail on the "s4member" samba3.wbinfo_s3.(s4member:local)
test. Reproduce by doing:

make test TESTS=samba3.wbinfo_s3

It only seems to be starting the s4 server as a member server, not as a DC
to authenticate against, so I think this part of the patch should change from:

+# this test simply confirms that forcing the machine account password in the join command works
+for env in ["s3member", "s4member"]:
+    plantestsuite("samba3.blackbox.smbclient_specified_machine_auth.plain (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_specified_machine_auth.sh"), '$DC_SERVER', '$SERVER\$', 'machine$PASSWORD', smbclient3, configuration])
+

to:

+# this test simply confirms that forcing the machine account password in the join command works
+for env in ["s3member"]:
+    plantestsuite("samba3.blackbox.smbclient_specified_machine_auth.plain (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_specified_machine_auth.sh"), '$DC_SERVER', '$SERVER\$', 'machine$PASSWORD', smbclient3, configuration])
+

Can you confirm (or fix what I don't understand about the breakage :-)
and re-submit ?

Jeremy.

More information about the samba-technical mailing list