return 1;
}
-sub check_or_start($$)
+sub check_or_start($$$)
{
- my ($self, $env_vars) = @_;
+ my ($self, $env_vars, $process_model) = @_;
return 0 if ( -p $env_vars->{SAMBA_TEST_FIFO});
unlink($env_vars->{SAMBA_TEST_FIFO});
}
my $samba = Samba::bindir_path($self, "samba");
- # allow selection of the process model using
- # the environment varibale SAMBA_PROCESS_MODEL
- # that allows us to change the process model for
- # individual machines in the build farm
- my $model = "single";
- if (defined($ENV{SAMBA_PROCESS_MODEL})) {
- $model = $ENV{SAMBA_PROCESS_MODEL};
- }
chomp($pwd);
- my $cmdline = "$valgrind ${pwd}/$samba $optarg $env_vars->{CONFIGURATION} -M $model -i";
+ my $cmdline = "$valgrind ${pwd}/$samba $optarg $env_vars->{CONFIGURATION} -M $process_model -i";
my $ret = system("$cmdline");
if ($ret == -1) {
print "Unable to start $cmdline: $ret: $!\n";
push (@provision_options, "--root=$ctx->{unix_name}");
push (@provision_options, "--server-role=\"$ctx->{server_role}\"");
push (@provision_options, "--function-level=\"$ctx->{functional_level}\"");
+ push (@provision_options, "--dns-backend=BIND9_DLZ");
@{$ctx->{provision_options}} = @provision_options;
[global]
acl:search = $acl
netbios name = $ctx->{netbiosname}
- posix:eadb = $ctx->{lockdir}/eadb.tdb
+ posix:eadb = $ctx->{statedir}/eadb.tdb
workgroup = $ctx->{domain}
realm = $ctx->{realm}
private dir = $ctx->{privatedir}
pid directory = $ctx->{piddir}
ncalrpc dir = $ctx->{ncalrpcdir}
lock dir = $ctx->{lockdir}
- state dir = $ctx->{statedir}
- cache dir = $ctx->{cachedir}
+ state directory = $ctx->{statedir}
+ cache directory = $ctx->{cachedir}
winbindd socket directory = $ctx->{winbindd_socket_dir}
winbindd privileged socket directory = $ctx->{winbindd_privileged_socket_dir}
ntp signd socket directory = $ctx->{ntp_signd_socket_dir}
name resolve order = file bcast
interfaces = $ctx->{interfaces}
tls dh params file = $ctx->{tlsdir}/dhparms.pem
- panic action = $RealBin/gdb_backtrace \%PID%
+ panic action = $RealBin/gdb_backtrace \%d
wins support = yes
server role = $ctx->{server_role}
- server services = +echo
+ server services = +echo +dns
notify:inotify = false
ldb:nosync = true
#We don't want to pass our self-tests if the PAC code is wrong
spn update command = $ENV{SRCDIR_ABS}/source4/scripting/bin/samba_spnupdate
resolv:host file = $ctx->{dns_host_file}
dreplsrv:periodic_startup_interval = 0
+ dsdb:schema update allowed = yes
+
+ passdb backend = samba4
+
+ # remove this again, when our smb2 client library
+ # supports signin on compound related requests
+ server signing = on
";
if (defined($ctx->{sid_generator}) && $ctx->{sid_generator} ne "internal") {
$ctx->{kdc_ipv4} = $ctx->{ipv4};
}
- Samba::mk_krb5_conf($ctx);
+ Samba::mk_krb5_conf($ctx, "");
open(PWD, ">$ctx->{nsswrap_passwd}");
print PWD "
posix:oplocktimeout = 3
posix:writetimeupdatedelay = 500000
+[xcopy_share]
+ path = $ctx->{tmpdir}
+ read only = no
+ posix:sharedelay = 10000
+ posix:oplocktimeout = 3
+ posix:writetimeupdatedelay = 500000
+
[test1]
path = $ctx->{tmpdir}/test1
read only = no
ntvfs handler = simple
[sysvol]
- path = $ctx->{lockdir}/sysvol
+ path = $ctx->{statedir}/sysvol
read only = yes
[netlogon]
- path = $ctx->{lockdir}/sysvol/$ctx->{dnsname}/scripts
+ path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
read only = no
[cifsposix]
my $cmd = "";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
- $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} member";
+ $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
+ $cmd .= " --machinepass=machine$ret->{password}";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
my $cmd = "";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
- $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} member";
+ $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} member";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
+ $cmd .= " --machinepass=machine$ret->{password}";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
server max protocol = SMB2
[sysvol]
- path = $ctx->{lockdir}/sysvol
+ path = $ctx->{statedir}/sysvol
read only = yes
[netlogon]
- path = $ctx->{lockdir}/sysvol/$ctx->{dnsname}/scripts
+ path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
read only = no
";
my $cmd = "";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
- $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
- $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
+ $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} DC --realm=$dcvars->{REALM}";
+ $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD} --domain-critical-only";
+ $cmd .= " --machinepass=machine$ret->{password}";
unless (system($cmd) == 0) {
warn("Join failed\n$cmd");
return $ret;
}
+sub provision_subdom_dc($$$)
+{
+ my ($self, $prefix, $dcvars) = @_;
+ print "PROVISIONING SUBDOMAIN DC...";
+
+ # We do this so that we don't run the provision. That's the job of 'net vampire'.
+ my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
+ "localsubdc",
+ "SAMBASUBDOM",
+ "sub.samba.example.com",
+ "2008",
+ 31, $dcvars->{PASSWORD},
+ undef);
+
+ $ctx->{smb_conf_extra_options} = "
+ max xmit = 32K
+ server max protocol = SMB2
+
+[sysvol]
+ path = $ctx->{statedir}/sysvol
+ read only = yes
+
+[netlogon]
+ path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
+ read only = no
+
+";
+
+ my $ret = $self->provision_raw_step1($ctx);
+ unless ($ret) {
+ return undef;
+ }
+
+ my $dc_realms = Samba::mk_realms_stanza($dcvars->{REALM}, lc($dcvars->{REALM}),
+ $dcvars->{DOMAIN}, $dcvars->{SERVER_IP});
+ Samba::mk_krb5_conf($ctx, $dc_realms);
+
+ my $samba_tool = Samba::bindir_path($self, "samba-tool");
+ my $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
+ $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $ctx->{realm} subdomain ";
+ $cmd .= "--parent-domain=$dcvars->{REALM} -U$dcvars->{DC_USERNAME}\@$dcvars->{REALM}\%$dcvars->{DC_PASSWORD}";
+ $cmd .= " --machinepass=machine$ret->{password}";
+
+ unless (system($cmd) == 0) {
+ warn("Join failed\n$cmd");
+ return undef;
+ }
+
+ $ret->{SUBDOM_DC_SERVER} = $ret->{SERVER};
+ $ret->{SUBDOM_DC_SERVER_IP} = $ret->{SERVER_IP};
+ $ret->{SUBDOM_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
+
+ $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
+ $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
+ $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
+ $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
+ $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
+
+ return $ret;
+}
+
sub provision_dc($$)
{
my ($self, $prefix) = @_;
"2008",
21,
"locDCpass1",
- undef, "netbios aliases = DC1");
+ undef, "netbios aliases = localDC1-a");
return undef unless(defined $ret);
unless($self->add_wins_config("$prefix/private")) {
warn("Unable to add wins configuration");
return undef;
}
-
- $ret->{NETBIOSALIAS} = "DC1";
+ $ret->{NETBIOSALIAS} = "localdc1-a";
$ret->{DC_SERVER} = $ret->{SERVER};
$ret->{DC_SERVER_IP} = $ret->{SERVER_IP};
$ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
server max protocol = SMB2
[sysvol]
- path = $ctx->{lockdir}/sysvol
+ path = $ctx->{statedir}/sysvol
read only = yes
[netlogon]
- path = $ctx->{lockdir}/sysvol/$ctx->{dnsname}/scripts
+ path = $ctx->{statedir}/sysvol/$ctx->{dnsname}/scripts
read only = yes
[tmp]
my $cmd = "";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
$cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
- $cmd .= "$samba_tool join $ret->{CONFIGURATION} $dcvars->{REALM} RODC";
+ $cmd .= "$samba_tool domain join $ret->{CONFIGURATION} $dcvars->{REALM} RODC";
$cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
$cmd .= " --server=$dcvars->{DC_SERVER}";
my ($self, $prefix) = @_;
my $extra_smbconf_options = "
-server services = -winbind, -smb
+server services = -smb
+dcerpc endpoint servers = -unixinfo -rpcecho -spoolss -winreg -wkssvc -srvsvc
";
print "PROVISIONING PLUGIN S4 DC...";
$self->setup_dc("$path/dc");
}
return $self->setup_vampire_dc("$path/vampire_dc", $self->{vars}->{dc});
+ } elsif ($envname eq "subdom_dc") {
+ if (not defined($self->{vars}->{dc})) {
+ $self->setup_dc("$path/dc");
+ }
+ return $self->setup_subdom_dc("$path/subdom_dc", $self->{vars}->{dc});
} elsif ($envname eq "s4member") {
if (not defined($self->{vars}->{dc})) {
$self->setup_dc("$path/dc");
return $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 29);
} elsif ($envname eq "plugin_s4_dc") {
return $self->setup_plugin_s4_dc("$path/plugin_s4_dc");
- } elsif ($envname eq "all") {
- if (not defined($self->{vars}->{dc})) {
- $ENV{ENVNAME} = "dc";
- $self->setup_dc("$path/dc");
- }
- my $ret = $self->setup_member("$path/s4member", $self->{vars}->{dc});
- if (not defined($self->{vars}->{rpc_proxy})) {
- $ENV{ENVNAME} = "rpc_proxy";
- my $rpc_proxy_ret = $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{dc});
-
- $ret->{RPC_PROXY_SERVER} = $rpc_proxy_ret->{SERVER};
- $ret->{RPC_PROXY_SERVER_IP} = $rpc_proxy_ret->{SERVER_IP};
- $ret->{RPC_PROXY_NETBIOSNAME} = $rpc_proxy_ret->{NETBIOSNAME};
- $ret->{RPC_PROXY_USERNAME} = $rpc_proxy_ret->{USERNAME};
- $ret->{RPC_PROXY_PASSWORD} = $rpc_proxy_ret->{PASSWORD};
- }
- if (not defined($self->{vars}->{fl2000dc})) {
- $ENV{ENVNAME} = "fl2000dc";
- my $fl2000dc_ret = $self->setup_fl2000dc("$path/fl2000dc", $self->{vars}->{dc});
-
- $ret->{FL2000DC_SERVER} = $fl2000dc_ret->{SERVER};
- $ret->{FL2000DC_SERVER_IP} = $fl2000dc_ret->{SERVER_IP};
- $ret->{FL2000DC_NETBIOSNAME} = $fl2000dc_ret->{NETBIOSNAME};
- $ret->{FL2000DC_USERNAME} = $fl2000dc_ret->{USERNAME};
- $ret->{FL2000DC_PASSWORD} = $fl2000dc_ret->{PASSWORD};
- }
- if (not defined($self->{vars}->{fl2003dc})) {
- $ENV{ENVNAME} = "fl2003dc";
- my $fl2003dc_ret = $self->setup_fl2003dc("$path/fl2003dc", $self->{vars}->{dc});
-
- $ret->{FL2003DC_SERVER} = $fl2003dc_ret->{SERVER};
- $ret->{FL2003DC_SERVER_IP} = $fl2003dc_ret->{SERVER_IP};
- $ret->{FL2003DC_NETBIOSNAME} = $fl2003dc_ret->{NETBIOSNAME};
- $ret->{FL2003DC_USERNAME} = $fl2003dc_ret->{USERNAME};
- $ret->{FL2003DC_PASSWORD} = $fl2003dc_ret->{PASSWORD};
- }
- if (not defined($self->{vars}->{fl2008r2dc})) {
- $ENV{ENVNAME} = "fl2008r2dc";
- my $fl2008r2dc_ret = $self->setup_fl2008r2dc("$path/fl2008r2dc", $self->{vars}->{dc});
-
- $ret->{FL2008R2DC_SERVER} = $fl2008r2dc_ret->{SERVER};
- $ret->{FL2008R2DC_SERVER_IP} = $fl2008r2dc_ret->{SERVER_IP};
- $ret->{FL2008R2DC_NETBIOSNAME} = $fl2008r2dc_ret->{NETBIOSNAME};
- $ret->{FL2008R2DC_USERNAME} = $fl2008r2dc_ret->{USERNAME};
- $ret->{FL2008R2DC_PASSWORD} = $fl2008r2dc_ret->{PASSWORD};
- }
- if (not defined($self->{vars}->{s3member})) {
- $ENV{ENVNAME} = "s3member";
- my $s3member_ret = $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 29);
- $self->{vars}->{s3member} = $s3member_ret;
-
- $ret->{S3MEMBER_SERVER} = $s3member_ret->{SERVER};
- $ret->{S3MEMBER_SERVER_IP} = $s3member_ret->{SERVER_IP};
- $ret->{S3MEMBER_NETBIOSNAME} = $s3member_ret->{NETBIOSNAME};
- $ret->{S3MEMBER_NETBIOSALIAS} = $s3member_ret->{NETBIOSALIAS};
- $ret->{S3MEMBER_USERNAME} = $s3member_ret->{USERNAME};
- $ret->{S3MEMBER_PASSWORD} = $s3member_ret->{PASSWORD};
- }
- return $ret;
} else {
return undef;
}
my $env = $self->provision_member($path, $dc_vars);
if (defined $env) {
- $self->check_or_start($env);
+ $self->check_or_start($env, "single");
$self->wait_for_start($env);
my $env = $self->provision_rpc_proxy($path, $dc_vars);
if (defined $env) {
- $self->check_or_start($env);
+ $self->check_or_start($env, "single");
$self->wait_for_start($env);
my $env = $self->provision_dc($path);
if (defined $env) {
- $self->check_or_start($env);
+ $self->check_or_start($env, "standard");
$self->wait_for_start($env);
my $env = $self->provision_fl2000dc($path);
if (defined $env) {
- $self->check_or_start($env);
+ $self->check_or_start($env, "single");
$self->wait_for_start($env);
my $env = $self->provision_fl2003dc($path);
if (defined $env) {
- $self->check_or_start($env);
+ $self->check_or_start($env, "single");
$self->wait_for_start($env);
my $env = $self->provision_fl2008r2dc($path);
if (defined $env) {
- $self->check_or_start($env);
+ $self->check_or_start($env, "single");
$self->wait_for_start($env);
my $env = $self->provision_vampire_dc($path, $dc_vars);
if (defined $env) {
- $self->check_or_start($env);
+ $self->check_or_start($env, "single");
$self->wait_for_start($env);
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
$cmd .= " $samba_tool drs kcc $env->{DC_SERVER}";
+ $cmd .= " $env->{CONFIGURATION}";
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
unless (system($cmd) == 0) {
warn("Failed to exec kcc\n$cmd");
$cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
$cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
$cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{VAMPIRE_DC_SERVER}";
+ $cmd .= " $dc_vars->{CONFIGURATION}";
$cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD}";
# replicate Configuration NC
my $cmd_repl = "$cmd \"CN=Configuration,$base_dn\"";
return $env;
}
+sub setup_subdom_dc($$$)
+{
+ my ($self, $path, $dc_vars) = @_;
+
+ my $env = $self->provision_subdom_dc($path, $dc_vars);
+
+ if (defined $env) {
+ $self->check_or_start($env, "single");
+
+ $self->wait_for_start($env);
+
+ $self->{vars}->{subdom_dc} = $env;
+
+ # force replicated DC to update repsTo/repsFrom
+ # for primary domain partitions
+ my $samba_tool = Samba::bindir_path($self, "samba-tool");
+ my $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
+ $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
+ $cmd .= " $samba_tool drs kcc $env->{DC_SERVER}";
+ $cmd .= " $env->{CONFIGURATION}";
+ $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}";
+ unless (system($cmd) == 0) {
+ warn("Failed to exec kcc\n$cmd");
+ return undef;
+ }
+
+ # as 'subdomain' dc may add data in its local replica
+ # we need to synchronize data between DCs
+ my $base_dn = "DC=".join(",DC=", split(/\./, $env->{REALM}));
+ my $config_dn = "CN=Configuration,DC=".join(",DC=", split(/\./, $dc_vars->{REALM}));
+ $cmd = "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\"";
+ $cmd .= " KRB5_CONFIG=\"$env->{KRB5_CONFIG}\"";
+ $cmd .= " $samba_tool drs replicate $env->{DC_SERVER} $env->{SUBDOM_DC_SERVER}";
+ $cmd .= " $dc_vars->{CONFIGURATION}";
+ $cmd .= " -U$dc_vars->{DC_USERNAME}\%$dc_vars->{DC_PASSWORD} --realm=$dc_vars->{DC_REALM}";
+ # replicate Configuration NC
+ my $cmd_repl = "$cmd \"$config_dn\"";
+ unless(system($cmd_repl) == 0) {
+ warn("Failed to replicate\n$cmd_repl");
+ return undef;
+ }
+ # replicate Default NC
+ $cmd_repl = "$cmd \"$base_dn\"";
+ unless(system($cmd_repl) == 0) {
+ warn("Failed to replicate\n$cmd_repl");
+ return undef;
+ }
+ }
+
+ return $env;
+}
+
sub setup_rodc($$$)
{
my ($self, $path, $dc_vars) = @_;
return undef;
}
- $self->check_or_start($env);
+ $self->check_or_start($env, "single");
$self->wait_for_start($env);
my $env = $self->provision_plugin_s4_dc($path);
if (defined $env) {
- $self->check_or_start($env);
+ $self->check_or_start($env, "single");
$self->wait_for_start($env);