From fb5e1f4a65042b89c74e545cb739f1720565807d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 19 Apr 2011 16:38:46 +1000 Subject: selftest: s3member admember test to confirm s3/s4 interopability This checks that Samba3 joins Samba4 correctly, and allows NTLM and Kerberos logons from a live Samba4 DC. This needs the common krb5.conf generation logic, and because we now override KRB5_CONFIG we must update ktest to have a valid krb5.conf. Based on an original patch by metze Andrew Bartlett --- selftest/target/Samba.pm | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) (limited to 'selftest/target/Samba.pm') diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index 820bd9e19c..cec12e528d 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -59,4 +59,60 @@ sub bindir_path($$) { return $path; } +sub mk_krb5_conf($) +{ + my ($ctx) = @_; + + unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) { + die("can't open $ctx->{krb5_conf}$?"); + return undef; + } + print KRB5CONF " +#Generated krb5.conf for $ctx->{realm} + +[libdefaults] + default_realm = $ctx->{realm} + dns_lookup_realm = false + dns_lookup_kdc = false + ticket_lifetime = 24h + forwardable = yes + allow_weak_crypto = yes + +[realms] + $ctx->{realm} = { + kdc = $ctx->{kdc_ipv4}:88 + admin_server = $ctx->{kdc_ipv4}:88 + default_domain = $ctx->{dnsname} + } + $ctx->{dnsname} = { + kdc = $ctx->{kdc_ipv4}:88 + admin_server = $ctx->{kdc_ipv4}:88 + default_domain = $ctx->{dnsname} + } + $ctx->{domain} = { + kdc = $ctx->{kdc_ipv4}:88 + admin_server = $ctx->{kdc_ipv4}:88 + default_domain = $ctx->{dnsname} + } + +[domain_realm] + .$ctx->{dnsname} = $ctx->{realm} +"; + + if (defined($ctx->{tlsdir})) { + print KRB5CONF " + +[appdefaults] + pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem + +[kdc] + enable-pkinit = true + pkinit_identity = FILE:$ctx->{tlsdir}/kdc.pem,$ctx->{tlsdir}/key.pem + pkinit_anchors = FILE:$ctx->{tlsdir}/ca.pem + +"; + } + close(KRB5CONF); +} + 1; -- cgit