diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-05-04 10:03:41 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:05:36 -0500 |
| commit | 5f4d86f955d939e96ec9b81c8a9d080aab4354b6 (patch) | |
| tree | b785a6c2aa092fea9bd64391cc45915788b31692 /source4/script/tests/test_session_key.sh | |
| parent | 086c9cc5f4a9145ee93060db2eebb3badc325e44 (diff) | |
| download | samba-5f4d86f955d939e96ec9b81c8a9d080aab4354b6.tar.gz samba-5f4d86f955d939e96ec9b81c8a9d080aab4354b6.tar.bz2 samba-5f4d86f955d939e96ec9b81c8a9d080aab4354b6.zip | |
r15426: Implement SPNEGO as the default RPC authentication mechanism. Where
this isn't supported, fallback to NTLM.
Also, where we get a failure as 'logon failure', try and do a '3
tries' for the password, like we already do for CIFS. (Incomplete:
needs a mapping between RPC errors and the logon failure NTSTATUS).
Because we don't yet support Kerberos sign/seal to win2k3 SP1 for
DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos
isn't demanded.
Andrew Bartlett
(This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)
Diffstat (limited to 'source4/script/tests/test_session_key.sh')
| -rwxr-xr-x | source4/script/tests/test_session_key.sh | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/source4/script/tests/test_session_key.sh b/source4/script/tests/test_session_key.sh index 74de90f479..5dbb4052ee 100755 --- a/source4/script/tests/test_session_key.sh +++ b/source4/script/tests/test_session_key.sh @@ -2,7 +2,7 @@ if [ $# -lt 4 ]; then cat <<EOF -Usage: test_session_key.sh SERVER USERNAME PASSWORD DOMAIN +Usage: test_session_key.sh SERVER USERNAME PASSWORD DOMAIN NETBIOSNAME EOF exit 1; fi @@ -11,7 +11,8 @@ server="$1" username="$2" password="$3" domain="$4" -shift 4 +netbios_name="$5" +shift 5 incdir=`dirname $0` . $incdir/test_functions.sh @@ -33,13 +34,16 @@ for bindoptions in validate seal; do "-k no --option=usespnego=yes --option=clientntlmv2auth=yes --option=ntlmssp_client:128bit=no --option=ntlmssp_client:56bit=yes" \ "-k no --option=usespnego=no --option=clientntlmv2auth=yes" \ "-k no --option=gensec:spnego=no --option=clientntlmv2auth=yes" \ - "-k no --option=usespnego=no" \ - ; do + "-k no --option=usespnego=no"; do name="RPC-SECRETS on $transport:$server[$bindoptions] with NTLM2:$ntlm2 KEYEX:$keyexchange LM_KEY:$lm_key $ntlmoptions" - testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" --option=ntlmssp_client:keyexchange=$keyexchange --option=ntlmssp_client:ntlm2=$ntlm2 --option=ntlmssp_client:lm_key=$lm_key $ntlmoptions -U"$username"%"$password" -W $domain RPC-SECRETS "$*" || failed=`expr $failed + 1` + testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" --option=ntlmssp_client:keyexchange=$keyexchange --option=ntlmssp_client:ntlm2=$ntlm2 --option=ntlmssp_client:lm_key=$lm_key $ntlmoptions -U"$username"%"$password" -W $domain --option=gensec:target_hostname=$netbios_name RPC-SECRETS "$*" || failed=`expr $failed + 1` done done done done + name="RPC-SECRETS on $transport:$server[$bindoptions] with Kerberos" + testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" -k yes -U"$username"%"$password" -W $domain "--option=gensec:target_hostname=$netbios_name" RPC-SECRETS "$*" || failed=`expr $failed + 1` + name="RPC-SECRETS on $transport:$server[$bindoptions] with Kerberos (use target principal)" + testit "$name" bin/smbtorture $TORTURE_OPTIONS $transport:"$server[$bindoptions]" -k yes -U"$username"%"$password" -W $domain "--option=clientusespnegoprincipal=yes" "--option=gensec:target_hostname=$netbios_name" RPC-SECRETS "$*" || failed=`expr $failed + 1` done testok $0 $failed |