[PATCH 14/22] selftest: Improve connection between primary domain and subdomain for krb5

[abartlet at samba.org]

From: Andrew Bartlett <abartlet at samba.org>

Two things help here: The join is done on the lower case name, so we
can match it in the krb5.conf, and we share the krb5.conf between the
"dc" environment and the "subdom_dc" environment.  Between these two
measures, this means we can get tickets using the domain trust.

Andrew Bartlett

Change-Id: If378915112728aaf47aa68ce0b071a7e09d756ad
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
 selftest/target/Samba4.pm | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 7565cce..4050db6 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1250,15 +1250,23 @@ sub provision_subdom_dc($$$)
 		return undef;
 	}
 
+        # This ensures we share the krb5.conf with the main DC, so
+        # they can find each other.  Sadly only works between 'dc' and
+        # 'subdom_dc', the other DCs won't see it
+
         my $dc_realms = Samba::mk_realms_stanza($dcvars->{REALM}, lc($dcvars->{REALM}),
                                                 $dcvars->{DOMAIN}, $dcvars->{SERVER_IP});
+
+        $ret->{KRB5_CONFIG} = $dcvars->{KRB5_CONFIG};
+        $ctx->{krb5_conf} = $dcvars->{KRB5_CONFIG};
+
 	Samba::mk_krb5_conf($ctx, $dc_realms);
 
 	my $samba_tool =  Samba::bindir_path($self, "samba-tool");
 	my $cmd = "";
 	$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
 	$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
-	$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{realm} subdomain ";
+	$cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{dnsname} subdomain ";
 	$cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}";
 	$cmd .= " --machinepass=machine$ret->{PASSWORD} --use-ntvfs";
 	$cmd .= " --adminpass=$ret->{PASSWORD}";
-- 
2.0.1