mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4-winbind: Use winbindd in the AD DC by default
(Including changes to knownfail to match the new winbindd in use in each environment) Change-Id: I9e08086eba98e95e05a99afef28315e2857aae56 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 4 05:19:54 CEST 2014 on sn-devel-104
This commit is contained in:
parent
af7f88721a
commit
f3710320ce
@ -13,6 +13,6 @@
|
||||
<constant>-</constant>. </para>
|
||||
</description>
|
||||
|
||||
<value type="default">s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns</value>
|
||||
<value type="default">s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns</value>
|
||||
<value type="example">-s3fs, +smb</value>
|
||||
</samba:parameter>
|
||||
|
@ -2214,7 +2214,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
|
||||
lpcfg_do_global_parameter(lp_ctx, "max connections", "0");
|
||||
|
||||
lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
|
||||
lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns");
|
||||
lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
|
||||
lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
|
||||
/* the winbind method for domain controllers is for both RODC
|
||||
auth forwarding and for trusted domains */
|
||||
|
@ -247,18 +247,6 @@
|
||||
^samba.blackbox.wbinfo\(dc:local\).wbinfo -I against dc
|
||||
^samba.blackbox.wbinfo\(dc:local\).wbinfo --trusted-domains against dc
|
||||
^samba.blackbox.wbinfo\(dc:local\).wbinfo --all-domains against dc
|
||||
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -N against s4member
|
||||
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -I against s4member
|
||||
^samba.blackbox.wbinfo\(s4member:local\).wbinfo --trusted-domains against s4member
|
||||
^samba.blackbox.wbinfo\(s4member:local\).wbinfo --all-domains against s4member
|
||||
^samba.blackbox.wbinfo\(rodc:local\).wbinfo -N against rodc
|
||||
^samba.blackbox.wbinfo\(rodc:local\).wbinfo -I against rodc
|
||||
^samba.blackbox.wbinfo\(rodc:local\).wbinfo --trusted-domains against rodc
|
||||
^samba.blackbox.wbinfo\(rodc:local\).wbinfo --all-domains against rodc
|
||||
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -N against promoted_dc
|
||||
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -I against promoted_dc
|
||||
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --trusted-domains against promoted_dc
|
||||
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --all-domains against promoted_dc
|
||||
#
|
||||
# This makes less sense when not running against an AD DC
|
||||
#
|
||||
@ -276,12 +264,17 @@
|
||||
#
|
||||
# These do not work against winbindd in member mode for unknown reasons
|
||||
#
|
||||
^samba4.winbind.struct.domain_info\(s4member:local\)
|
||||
^samba4.winbind.struct.getdcname\(s4member:local\)
|
||||
^samba4.winbind.struct.lookup_name_sid\(s4member:local\)
|
||||
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -r against s4member\(s4member:local\)
|
||||
^samba.blackbox.wbinfo\(s4member:local\).wbinfo --user-sids against s4member\(s4member:local\)
|
||||
^samba4.winbind.struct.getpwent\(plugin_s4_dc:local\)
|
||||
^samba.wbinfo_simple.\(s4member:local\).--user-groups
|
||||
^samba.nss.test using winbind\(s4member\)
|
||||
#
|
||||
# These just happen to fail for some reason (probably because they run against the s4 winbind)
|
||||
#
|
||||
^samba4.winbind.pac.pac\(s4member:local\)
|
||||
^samba4.winbind.struct.show_sequence\(s4member:local\)
|
||||
^samba4.winbind.struct.getdcname\(s3member:local\)
|
||||
^samba4.winbind.struct.lookup_name_sid\(s3member:local\)
|
||||
^samba.wbinfo_simple.\(dc:local\).--all-domains.wbinfo\(dc:local\)
|
||||
@ -291,28 +284,12 @@
|
||||
^samba.wbinfo_simple.\(dc:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(dc:local\)
|
||||
^samba.wbinfo_simple.\(dc:local\).--change-secret --domain=SAMBADOMAIN.wbinfo\(dc:local\)
|
||||
^samba.wbinfo_simple.\(dc:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(dc:local\)
|
||||
^samba.wbinfo_simple.\(s4member:local\).--all-domains.wbinfo\(s4member:local\)
|
||||
^samba.wbinfo_simple.\(s4member:local\).--trusted-domains.wbinfo\(s4member:local\)
|
||||
^samba.wbinfo_simple.\(s4member:local\).--online-status.wbinfo\(s4member:local\)
|
||||
^samba.wbinfo_simple.\(s4member:local\).--online-status --domain=BUILTIN.wbinfo\(s4member:local\)
|
||||
^samba.wbinfo_simple.\(s4member:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(s4member:local\)
|
||||
^samba.wbinfo_simple.\(s4member:local\).--change-secret --domain=SAMBADOMAIN.wbinfo\(s4member:local\)
|
||||
^samba.blackbox.wbinfo\(dc:local\).wbinfo -N against dc\(dc:local\)
|
||||
^samba.blackbox.wbinfo\(dc:local\).wbinfo -I against dc\(dc:local\)
|
||||
^samba.blackbox.wbinfo\(dc:local\).wbinfo --trusted-domains against dc\(dc:local\)
|
||||
^samba.blackbox.wbinfo\(dc:local\).wbinfo --all-domains against dc\(dc:local\)
|
||||
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -N against s4member\(s4member:local\)
|
||||
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -I against s4member\(s4member:local\)
|
||||
^samba.blackbox.wbinfo\(s4member:local\).wbinfo --trusted-domains against s4member\(s4member:local\)
|
||||
^samba.blackbox.wbinfo\(s4member:local\).wbinfo --all-domains against s4member\(s4member:local\)
|
||||
^samba.blackbox.wbinfo\(rodc:local\).wbinfo -N against rodc\(rodc:local\)
|
||||
^samba.blackbox.wbinfo\(rodc:local\).wbinfo -I against rodc\(rodc:local\)
|
||||
^samba.blackbox.wbinfo\(rodc:local\).wbinfo --trusted-domains against rodc\(rodc:local\)
|
||||
^samba.blackbox.wbinfo\(rodc:local\).wbinfo --all-domains against rodc\(rodc:local\)
|
||||
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -N against promoted_dc\(promoted_dc:local\)
|
||||
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -I against promoted_dc\(promoted_dc:local\)
|
||||
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --trusted-domains against promoted_dc\(promoted_dc:local\)
|
||||
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --all-domains against promoted_dc\(promoted_dc:local\)
|
||||
#
|
||||
# These do not work against winbindd in member mode for unknown reasons
|
||||
#
|
||||
^samba.blackbox.wbinfo\(s3member:local\).wbinfo -U against s3member\(s3member:local\)
|
||||
^samba.blackbox.wbinfo\(s3member:local\).wbinfo -U check for sane mapping\(s3member:local\)
|
||||
^samba.blackbox.wbinfo\(s3member:local\).wbinfo -G against s3member\(s3member:local\)
|
||||
|
@ -1276,7 +1276,8 @@ sub provision_dc($$)
|
||||
my ($self, $prefix) = @_;
|
||||
|
||||
print "PROVISIONING DC...";
|
||||
my $extra_conf_options = "netbios aliases = localDC1-a";
|
||||
my $extra_conf_options = "netbios aliases = localDC1-a
|
||||
server services = +winbind -winbindd";
|
||||
my $ret = $self->provision($prefix,
|
||||
"domain controller",
|
||||
"localdc",
|
||||
@ -1328,8 +1329,7 @@ sub provision_fl2003dc($$)
|
||||
my ($self, $prefix) = @_;
|
||||
|
||||
print "PROVISIONING DC...";
|
||||
my $extra_conf_options = "allow dns updates = nonsecure and secure
|
||||
server services = +winbindd -winbind";
|
||||
my $extra_conf_options = "allow dns updates = nonsecure and secure";
|
||||
my $ret = $self->provision($prefix,
|
||||
"domain controller",
|
||||
"dc6",
|
||||
@ -1527,8 +1527,6 @@ sub provision_plugin_s4_dc($$)
|
||||
queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p
|
||||
lpq cache time = 0
|
||||
print notify backchannel = yes
|
||||
|
||||
server services = +winbindd -winbind
|
||||
";
|
||||
|
||||
my $extra_smbconf_shares = "
|
||||
@ -1603,6 +1601,7 @@ sub provision_chgdcpass($$)
|
||||
print "PROVISIONING CHGDCPASS...";
|
||||
my $extra_provision_options = undef;
|
||||
push (@{$extra_provision_options}, "--dns-backend=BIND9_DLZ");
|
||||
my $extra_conf_options = "server services = +winbind -winbindd";
|
||||
my $ret = $self->provision($prefix,
|
||||
"domain controller",
|
||||
"chgdcpass",
|
||||
@ -1610,7 +1609,7 @@ sub provision_chgdcpass($$)
|
||||
"chgdcpassword.samba.example.com",
|
||||
"2008",
|
||||
"chgDCpass1",
|
||||
undef, "", "",
|
||||
undef, $extra_conf_options, "",
|
||||
$extra_provision_options);
|
||||
|
||||
return undef unless(defined $ret);
|
||||
@ -1619,8 +1618,10 @@ sub provision_chgdcpass($$)
|
||||
return undef;
|
||||
}
|
||||
|
||||
# Remove secrets.tdb from this environment to test that we still start up
|
||||
# on systems without the new matching secrets.tdb records
|
||||
# Remove secrets.tdb from this environment to test that we
|
||||
# still start up on systems without the new matching
|
||||
# secrets.tdb records. For this reason we don't run winbindd
|
||||
# in this environment
|
||||
unless (unlink("$ret->{PRIVATEDIR}/secrets.tdb") || unlink("$ret->{PRIVATEDIR}/secrets.ntdb")) {
|
||||
warn("Unable to remove $ret->{PRIVATEDIR}/secrets.tdb added during provision");
|
||||
return undef;
|
||||
|
@ -969,7 +969,7 @@ static void init_globals(bool reinit_globals)
|
||||
|
||||
string_set(Globals.ctx, &Globals.ncalrpc_dir, get_dyn_NCALRPCDIR());
|
||||
|
||||
Globals.server_services = (const char **)str_list_make_v3(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns", NULL);
|
||||
Globals.server_services = (const char **)str_list_make_v3(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
|
||||
|
||||
Globals.dcerpc_endpoint_servers = (const char **)str_list_make_v3(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user