The Samba-Bugzilla – Attachment 10527 Details for
Bug 10891
Joining Samba3 BDC fails with Samba4.2 rc1
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
v4-2-test patch
42.patch (text/plain), 9.76 KB, created by
Andreas Schneider
on 2014-12-12 09:56:01 UTC
(
hide
)
Description:
v4-2-test patch
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2014-12-12 09:56:01 UTC
Size:
9.76 KB
patch
obsolete
>From 83fe679fb8058f9a15ff1b2e6260be01a1ebe990 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 11 Dec 2013 14:59:20 +1300 >Subject: [PATCH 1/5] netapi: Move DC check to NetJoinDomain() where it is > needed. > >This partially reverts 15f6e27bd5a9065c8b781fa21f5989ce2c355776. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=10891 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit b299409410751ff3c8c775bd073e34d914a54efc) >--- > source3/lib/netapi/joindomain.c | 4 ++++ > source3/libnet/libnet_join.c | 4 ---- > 2 files changed, 4 insertions(+), 4 deletions(-) > >diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c >index 9da1bdc..632c8c6 100644 >--- a/source3/lib/netapi/joindomain.c >+++ b/source3/lib/netapi/joindomain.c >@@ -115,6 +115,10 @@ WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx, > struct dcerpc_binding_handle *b; > DATA_BLOB session_key; > >+ if (IS_DC) { >+ return WERR_SETUP_DOMAIN_CONTROLLER; >+ } >+ > werr = libnetapi_open_pipe(ctx, r->in.server, > &ndr_table_wkssvc, > &pipe_cli); >diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c >index 187e524..962fc1f 100644 >--- a/source3/libnet/libnet_join.c >+++ b/source3/libnet/libnet_join.c >@@ -1957,10 +1957,6 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx, > return WERR_INVALID_PARAM; > } > >- if (IS_DC) { >- return WERR_SETUP_DOMAIN_CONTROLLER; >- } >- > if (!r->in.admin_domain) { > char *admin_domain = NULL; > char *admin_account = NULL; >-- >2.2.0 > > >From e71a1cf9dcd56432f17b62c99a720bd3568a83f8 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 11 Dec 2014 16:41:55 +0100 >Subject: [PATCH 2/5] selftest: Add 'net dom join' test which fails cause we > are a DC > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 6d6c673c6d33ceb1379c66d6b4d78a52077b928a) >--- > source3/script/tests/test_net_dom_join_fail_dc.sh | 22 ++++++++++++++++++++++ > source3/selftest/tests.py | 5 +++++ > 2 files changed, 27 insertions(+) > create mode 100755 source3/script/tests/test_net_dom_join_fail_dc.sh > >diff --git a/source3/script/tests/test_net_dom_join_fail_dc.sh b/source3/script/tests/test_net_dom_join_fail_dc.sh >new file mode 100755 >index 0000000..135e1da >--- /dev/null >+++ b/source3/script/tests/test_net_dom_join_fail_dc.sh >@@ -0,0 +1,22 @@ >+#!/bin/sh >+ >+if [ $# -lt 4 ]; then >+cat <<EOF >+Usage: test_net_dom_join_fail_dc.sh USERNAME PASSWORD DOMAIN PREFIX >+EOF >+exit 1; >+fi >+ >+DC_USERNAME="$1" >+DC_PASSWORD="$2" >+DOMAIN="$3" >+PREFIX="$4" >+shift 4 >+ADDARGS="$*" >+ >+incdir=`dirname $0`/../../../testprogs/blackbox >+. $incdir/subunit.sh >+mkdir -p $PREFIX/private >+testit_expect_failure "net_dom_join_fail_dc" $VALGRIND $BINDIR/net dom join domain=$DOMAIN account=$USERNAME password=$PASSWORD --option=netbiosname=netrpcjointest --option=domainlogons=yes --option=privatedir=$PREFIX/private $ADDARGS || failed=`expr $failed + 1` >+ >+testok $0 $failed >diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py >index 40599c3..092d9cc 100755 >--- a/source3/selftest/tests.py >+++ b/source3/selftest/tests.py >@@ -411,6 +411,11 @@ for s in signseal_options: > plantestsuite("samba3.blackbox.rpcclient_samlogon", "s3member:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient_samlogon.sh"), > "$DC_USERNAME", "$DC_PASSWORD", "ncacn_np:$DC_SERVER", configuration]) > >+plantestsuite("samba3.blackbox.net_dom_join_fail_dc", "s3dc", >+ [os.path.join(samba3srcdir, "script/tests/test_net_dom_join_fail_dc.sh"), >+ "$USERNAME", "$PASSWORD", "$SERVER", "$PREFIX/net_dom_join_fail_dc", >+ configuration]) >+ > options_list = ["", "-e"] > for options in options_list: > plantestsuite("samba3.blackbox.smbclient_krb5 old ccache %s" % options, "ktest:local", >-- >2.2.0 > > >From 9342bd31aad4fa8574b3fa28cf95fa072de793b9 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 11 Dec 2013 15:39:38 +1300 >Subject: [PATCH 3/5] auth: Allow domain join to itself when we are a PDC > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=10891 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit c3b5f9cff56defedb0fc1e99fbbb528b1ce22f6d) >--- > source3/libnet/libnet_join.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > >diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c >index 962fc1f..942455c 100644 >--- a/source3/libnet/libnet_join.c >+++ b/source3/libnet/libnet_join.c >@@ -2139,7 +2139,9 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, > > switch (r->out.domain_is_ad) { > case false: >- valid_security = (lp_security() == SEC_DOMAIN); >+ valid_security = (lp_security() == SEC_DOMAIN) >+ || (lp_server_role() == ROLE_DOMAIN_PDC) >+ || (lp_server_role() == ROLE_DOMAIN_BDC); > if (valid_workgroup && valid_security) { > /* nothing to be done */ > return WERR_OK; >-- >2.2.0 > > >From b68628341ee7939b704cb09fa4fba284614d9228 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 23 Oct 2014 12:28:48 +1300 >Subject: [PATCH 4/5] libsmb: Allow change of BDC trust account password > >This account is otherwise just like the workstation trust acocunt, so use that code. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=10891 > >Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit e6ec265a405e76e5d4ea59b8025da0f57b3d3ad1) >--- > source3/libsmb/trusts_util.c | 3 +++ > 1 file changed, 3 insertions(+) > >diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c >index bb2e977..7503ef0 100644 >--- a/source3/libsmb/trusts_util.c >+++ b/source3/libsmb/trusts_util.c >@@ -111,6 +111,7 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context, > > switch (sec_channel_type) { > case SEC_CHAN_WKSTA: >+ case SEC_CHAN_BDC: > pwd = secrets_fetch_machine_password(domain, > &pass_last_set_time, > NULL); >@@ -188,6 +189,7 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context, > switch (sec_channel_type) { > > case SEC_CHAN_WKSTA: >+ case SEC_CHAN_BDC: > if (!secrets_store_machine_password(new_trust_passwd, domain, sec_channel_type)) { > TALLOC_FREE(frame); > return NT_STATUS_INTERNAL_DB_CORRUPTION; >@@ -206,6 +208,7 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context, > break; > > default: >+ smb_panic("Unsupported secure channel type"); > break; > } > >-- >2.2.0 > > >From 6bb9fabdec93cd620f23973a04eaf1f1a59d8b81 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 23 Oct 2014 12:38:15 +1300 >Subject: [PATCH 5/5] selftest: Add test for joining a Samba classic DC as a > BDC > >This does not join the DC itself, so as not to pertrub the test >environment mid-run, but does confirm that the join works and the >password can be changed. > >Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> > >Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> >Autobuild-Date(master): Thu Dec 11 21:40:27 CET 2014 on sn-devel-104 > >(cherry picked from commit 0da3ab96739df436b54fcf6c7e138229271b0866) >--- > source3/script/tests/test_net_rpc_join.sh | 25 +++++++++++++++++++++++++ > source3/selftest/tests.py | 4 ++++ > 2 files changed, 29 insertions(+) > create mode 100755 source3/script/tests/test_net_rpc_join.sh > >diff --git a/source3/script/tests/test_net_rpc_join.sh b/source3/script/tests/test_net_rpc_join.sh >new file mode 100755 >index 0000000..a7810a9 >--- /dev/null >+++ b/source3/script/tests/test_net_rpc_join.sh >@@ -0,0 +1,25 @@ >+#!/bin/sh >+ >+if [ $# -lt 4 ]; then >+cat <<EOF >+Usage: test_net_rpc_join.sh USERNAME PASSWORD SERVER PREFIX >+EOF >+exit 1; >+fi >+ >+USERNAME="$1" >+PASSWORD="$2" >+SERVER="$3" >+PREFIX="$4" >+shift 4 >+ADDARGS="$*" >+ >+incdir=`dirname $0`/../../../testprogs/blackbox >+. $incdir/subunit.sh >+mkdir -p $PREFIX/private >+testit "net_rpc_join" $VALGRIND $BINDIR/net rpc join -S $SERVER --option=netbiosname=netrpcjointest --option=domainlogons=yes --option=privatedir=$PREFIX/private -U$USERNAME%$PASSWORD $ADDARGS || failed=`expr $failed + 1` >+testit "net_rpc_testjoin" $VALGRIND $BINDIR/net rpc testjoin -S $SERVER --option=netbiosname=netrpcjointest --option=domainlogons=yes --option=privatedir=$PREFIX/private $ADDARGS || failed=`expr $failed + 1` >+testit "net_rpc_changetrustpw" $VALGRIND $BINDIR/net rpc changetrustpw -S $SERVER --option=netbiosname=netrpcjointest --option=domainlogons=yes --option=privatedir=$PREFIX/private $ADDARGS || failed=`expr $failed + 1` >+testit "net_rpc_testjoin2" $VALGRIND $BINDIR/net rpc testjoin -S $SERVER --option=netbiosname=netrpcjointest --option=domainlogons=yes --option=privatedir=$PREFIX/private $ADDARGS || failed=`expr $failed + 1` >+ >+testok $0 $failed >diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py >index 092d9cc..c60f531 100755 >--- a/source3/selftest/tests.py >+++ b/source3/selftest/tests.py >@@ -415,6 +415,10 @@ plantestsuite("samba3.blackbox.net_dom_join_fail_dc", "s3dc", > [os.path.join(samba3srcdir, "script/tests/test_net_dom_join_fail_dc.sh"), > "$USERNAME", "$PASSWORD", "$SERVER", "$PREFIX/net_dom_join_fail_dc", > configuration]) >+plantestsuite("samba3.blackbox.net_rpc_join", "s3dc", >+ [os.path.join(samba3srcdir, "script/tests/test_net_rpc_join.sh"), >+ "$USERNAME", "$PASSWORD", "$SERVER", "$PREFIX/net_rpc_join", >+ configuration]) > > options_list = ["", "-e"] > for options in options_list: >-- >2.2.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
gd
:
review+
Actions:
View
Attachments on
bug 10891
:
10365
| 10527 |
10528