[PATCH 14/22] selftest: Improve connection between primary domain and subdomain for krb5
abartlet at samba.org
abartlet at samba.org
Tue Aug 19 20:06:49 MDT 2014
From: Andrew Bartlett <abartlet at samba.org>
Two things help here: The join is done on the lower case name, so we
can match it in the krb5.conf, and we share the krb5.conf between the
"dc" environment and the "subdom_dc" environment. Between these two
measures, this means we can get tickets using the domain trust.
Andrew Bartlett
Change-Id: If378915112728aaf47aa68ce0b071a7e09d756ad
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
selftest/target/Samba4.pm | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 7565cce..4050db6 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1250,15 +1250,23 @@ sub provision_subdom_dc($$$)
return undef;
}
+ # This ensures we share the krb5.conf with the main DC, so
+ # they can find each other. Sadly only works between 'dc' and
+ # 'subdom_dc', the other DCs won't see it
+
my $dc_realms = Samba::mk_realms_stanza($dcvars->{REALM}, lc($dcvars->{REALM}),
$dcvars->{DOMAIN}, $dcvars->{SERVER_IP});
+
+ $ret->{KRB5_CONFIG} = $dcvars->{KRB5_CONFIG};
+ $ctx->{krb5_conf} = $dcvars->{KRB5_CONFIG};
+
Samba::mk_krb5_conf($ctx, $dc_realms);
my $samba_tool = Samba::bindir_path($self, "samba-tool");
my $cmd = "";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
- $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{realm} subdomain ";
+ $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{dnsname} subdomain ";
$cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}";
$cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs";
$cmd .= " --adminpass=$ret->{PASSWORD}";
--
2.0.1
More information about the samba-technical
mailing list