Testing adding SPNs at join (was: Re: [PATCH] Patch for bug 1703)
Ralph Boehme
slow at samba.org
Sat Jun 18 17:45:05 UTC 2016
On Fri, May 06, 2016 at 05:53:58AM +1200, Andrew Bartlett wrote:
> Can we have a test for this added?
attached. Please review&push if ok.
> With regards to the DNS name, do we attempt to register netbios aliases
> as DNS names?
yes. Why? No idea. :) Any issue with it? If yes, metze suggested
this, so I'd have to ask him for the reasoning behind it.
Cheerio!
-slow
-------------- next part --------------
From 43fb3e2cd4388ff585974a15fbe5c9d28c7e1939 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Sat, 18 Jun 2016 19:30:46 +0200
Subject: [PATCH] selftest: Kerberos auth with netbios alias SPNs
Since commit 0f6d51f34baa816b6ec422c8bc28687f0a3073de libnet_join
automatically adds netbios aliases as SPNs to the machine account.
This commit adds a simple test with smbclient -k against the aliases.
Signed-off-by: Ralph Boehme <slow at samba.org>
---
selftest/target/Samba3.pm | 1 +
.../script/tests/test_smbclient_netbios_aliases.sh | 40 ++++++++++++++++++++++
source3/selftest/tests.py | 5 +++
3 files changed, 46 insertions(+)
create mode 100755 source3/script/tests/test_smbclient_netbios_aliases.sh
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 7a67e77..3f6fd1e 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -380,6 +380,7 @@ sub setup_admember($$$$)
security = ads
workgroup = $dcvars->{DOMAIN}
realm = $dcvars->{REALM}
+ netbios aliases = foo bar
";
my $ret = $self->provision($prefix,
diff --git a/source3/script/tests/test_smbclient_netbios_aliases.sh b/source3/script/tests/test_smbclient_netbios_aliases.sh
new file mode 100755
index 0000000..cb0d967
--- /dev/null
+++ b/source3/script/tests/test_smbclient_netbios_aliases.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+cat <<EOF
+Usage: test_smbclient.sh smbclient3 SERVER USERNAME PASSWORD PREFIX <smbclient args>
+EOF
+exit 1;
+fi
+
+SMBCLIENT3=$1
+SERVER=$2
+USERNAME=$3
+PASSWORD=$4
+PREFIX=$5
+shift 5
+ADDARGS="$*"
+
+samba4bindir="$BINDIR"
+samba4srcdir="$SRCDIR/source4"
+samba4kinit=kinit
+if test -x $BINDIR/samba4kinit; then
+ samba4kinit=$BINDIR/samba4kinit
+fi
+
+KRB5CCNAME_PATH="$PREFIX/tmpccache"
+KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+export KRB5CCNAME
+rm -rf $KRB5CCNAME_PATH
+
+incdir=`dirname $0`/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+echo $PASSWORD > $PREFIX/tmppassfile
+testit "kinit" $samba4kinit --password-file=$PREFIX/tmppassfile $USERNAME || failed=`expr $failed + 1`
+rm -f $PREFIX/tmppassfile
+testit "smbclient" $VALGRIND $SMBCLIENT3 -k //$SERVER/tmp -c 'ls' $ADDARGS || failed=`expr $failed + 1`
+
+rm -rf $KRB5CCNAME_PATH
+
+testok $0 $failed
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index f20e4ec..a45ef77 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -496,6 +496,11 @@ for options in options_list:
"none",
smbclient3, "$SERVER", "$PREFIX", options, "-U$USERNAME%$PASSWORD " + configuration])
+for alias in ["foo", "bar"]:
+ plantestsuite("samba3.blackbox.smbclient_netbios_aliases [%s]" % alias, "ad_member:local",
+ [os.path.join(samba3srcdir, "script/tests/test_smbclient_netbios_aliases.sh"),
+ smbclient3, alias, "$DC_USERNAME", "$DC_PASSWORD", "$PREFIX", options, configuration])
+
for e in endianness_options:
for a in auth_options:
for s in signseal_options:
--
2.5.0
More information about the samba-technical
mailing list