1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4-winbind: Use winbindd in the AD DC by default

(Including changes to knownfail to match the new winbindd in use in each environment)

Change-Id: I9e08086eba98e95e05a99afef28315e2857aae56
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul  4 05:19:54 CEST 2014 on sn-devel-104
This commit is contained in:
Andrew Bartlett 2014-05-20 10:15:31 +12:00
parent af7f88721a
commit f3710320ce
5 changed files with 22 additions and 44 deletions

View File

@ -13,6 +13,6 @@
<constant>-</constant>. </para>
</description>
<value type="default">s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns</value>
<value type="default">s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns</value>
<value type="example">-s3fs, +smb</value>
</samba:parameter>

View File

@ -2214,7 +2214,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "max connections", "0");
lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns");
lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
/* the winbind method for domain controllers is for both RODC
auth forwarding and for trusted domains */

View File

@ -247,18 +247,6 @@
^samba.blackbox.wbinfo\(dc:local\).wbinfo -I against dc
^samba.blackbox.wbinfo\(dc:local\).wbinfo --trusted-domains against dc
^samba.blackbox.wbinfo\(dc:local\).wbinfo --all-domains against dc
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -N against s4member
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -I against s4member
^samba.blackbox.wbinfo\(s4member:local\).wbinfo --trusted-domains against s4member
^samba.blackbox.wbinfo\(s4member:local\).wbinfo --all-domains against s4member
^samba.blackbox.wbinfo\(rodc:local\).wbinfo -N against rodc
^samba.blackbox.wbinfo\(rodc:local\).wbinfo -I against rodc
^samba.blackbox.wbinfo\(rodc:local\).wbinfo --trusted-domains against rodc
^samba.blackbox.wbinfo\(rodc:local\).wbinfo --all-domains against rodc
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -N against promoted_dc
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -I against promoted_dc
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --trusted-domains against promoted_dc
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --all-domains against promoted_dc
#
# This makes less sense when not running against an AD DC
#
@ -276,12 +264,17 @@
#
# These do not work against winbindd in member mode for unknown reasons
#
^samba4.winbind.struct.domain_info\(s4member:local\)
^samba4.winbind.struct.getdcname\(s4member:local\)
^samba4.winbind.struct.lookup_name_sid\(s4member:local\)
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -r against s4member\(s4member:local\)
^samba.blackbox.wbinfo\(s4member:local\).wbinfo --user-sids against s4member\(s4member:local\)
^samba4.winbind.struct.getpwent\(plugin_s4_dc:local\)
^samba.wbinfo_simple.\(s4member:local\).--user-groups
^samba.nss.test using winbind\(s4member\)
#
# These just happen to fail for some reason (probably because they run against the s4 winbind)
#
^samba4.winbind.pac.pac\(s4member:local\)
^samba4.winbind.struct.show_sequence\(s4member:local\)
^samba4.winbind.struct.getdcname\(s3member:local\)
^samba4.winbind.struct.lookup_name_sid\(s3member:local\)
^samba.wbinfo_simple.\(dc:local\).--all-domains.wbinfo\(dc:local\)
@ -291,28 +284,12 @@
^samba.wbinfo_simple.\(dc:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(dc:local\)
^samba.wbinfo_simple.\(dc:local\).--change-secret --domain=SAMBADOMAIN.wbinfo\(dc:local\)
^samba.wbinfo_simple.\(dc:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(dc:local\)
^samba.wbinfo_simple.\(s4member:local\).--all-domains.wbinfo\(s4member:local\)
^samba.wbinfo_simple.\(s4member:local\).--trusted-domains.wbinfo\(s4member:local\)
^samba.wbinfo_simple.\(s4member:local\).--online-status.wbinfo\(s4member:local\)
^samba.wbinfo_simple.\(s4member:local\).--online-status --domain=BUILTIN.wbinfo\(s4member:local\)
^samba.wbinfo_simple.\(s4member:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(s4member:local\)
^samba.wbinfo_simple.\(s4member:local\).--change-secret --domain=SAMBADOMAIN.wbinfo\(s4member:local\)
^samba.blackbox.wbinfo\(dc:local\).wbinfo -N against dc\(dc:local\)
^samba.blackbox.wbinfo\(dc:local\).wbinfo -I against dc\(dc:local\)
^samba.blackbox.wbinfo\(dc:local\).wbinfo --trusted-domains against dc\(dc:local\)
^samba.blackbox.wbinfo\(dc:local\).wbinfo --all-domains against dc\(dc:local\)
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -N against s4member\(s4member:local\)
^samba.blackbox.wbinfo\(s4member:local\).wbinfo -I against s4member\(s4member:local\)
^samba.blackbox.wbinfo\(s4member:local\).wbinfo --trusted-domains against s4member\(s4member:local\)
^samba.blackbox.wbinfo\(s4member:local\).wbinfo --all-domains against s4member\(s4member:local\)
^samba.blackbox.wbinfo\(rodc:local\).wbinfo -N against rodc\(rodc:local\)
^samba.blackbox.wbinfo\(rodc:local\).wbinfo -I against rodc\(rodc:local\)
^samba.blackbox.wbinfo\(rodc:local\).wbinfo --trusted-domains against rodc\(rodc:local\)
^samba.blackbox.wbinfo\(rodc:local\).wbinfo --all-domains against rodc\(rodc:local\)
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -N against promoted_dc\(promoted_dc:local\)
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo -I against promoted_dc\(promoted_dc:local\)
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --trusted-domains against promoted_dc\(promoted_dc:local\)
^samba.blackbox.wbinfo\(promoted_dc:local\).wbinfo --all-domains against promoted_dc\(promoted_dc:local\)
#
# These do not work against winbindd in member mode for unknown reasons
#
^samba.blackbox.wbinfo\(s3member:local\).wbinfo -U against s3member\(s3member:local\)
^samba.blackbox.wbinfo\(s3member:local\).wbinfo -U check for sane mapping\(s3member:local\)
^samba.blackbox.wbinfo\(s3member:local\).wbinfo -G against s3member\(s3member:local\)

View File

@ -1276,7 +1276,8 @@ sub provision_dc($$)
my ($self, $prefix) = @_;
print "PROVISIONING DC...";
my $extra_conf_options = "netbios aliases = localDC1-a";
my $extra_conf_options = "netbios aliases = localDC1-a
server services = +winbind -winbindd";
my $ret = $self->provision($prefix,
"domain controller",
"localdc",
@ -1328,8 +1329,7 @@ sub provision_fl2003dc($$)
my ($self, $prefix) = @_;
print "PROVISIONING DC...";
my $extra_conf_options = "allow dns updates = nonsecure and secure
server services = +winbindd -winbind";
my $extra_conf_options = "allow dns updates = nonsecure and secure";
my $ret = $self->provision($prefix,
"domain controller",
"dc6",
@ -1527,8 +1527,6 @@ sub provision_plugin_s4_dc($$)
queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p
lpq cache time = 0
print notify backchannel = yes
server services = +winbindd -winbind
";
my $extra_smbconf_shares = "
@ -1603,6 +1601,7 @@ sub provision_chgdcpass($$)
print "PROVISIONING CHGDCPASS...";
my $extra_provision_options = undef;
push (@{$extra_provision_options}, "--dns-backend=BIND9_DLZ");
my $extra_conf_options = "server services = +winbind -winbindd";
my $ret = $self->provision($prefix,
"domain controller",
"chgdcpass",
@ -1610,7 +1609,7 @@ sub provision_chgdcpass($$)
"chgdcpassword.samba.example.com",
"2008",
"chgDCpass1",
undef, "", "",
undef, $extra_conf_options, "",
$extra_provision_options);
return undef unless(defined $ret);
@ -1619,8 +1618,10 @@ sub provision_chgdcpass($$)
return undef;
}
# Remove secrets.tdb from this environment to test that we still start up
# on systems without the new matching secrets.tdb records
# Remove secrets.tdb from this environment to test that we
# still start up on systems without the new matching
# secrets.tdb records. For this reason we don't run winbindd
# in this environment
unless (unlink("$ret->{PRIVATEDIR}/secrets.tdb") || unlink("$ret->{PRIVATEDIR}/secrets.ntdb")) {
warn("Unable to remove $ret->{PRIVATEDIR}/secrets.tdb added during provision");
return undef;

View File

@ -969,7 +969,7 @@ static void init_globals(bool reinit_globals)
string_set(Globals.ctx, &Globals.ncalrpc_dir, get_dyn_NCALRPCDIR());
Globals.server_services = (const char **)str_list_make_v3(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns", NULL);
Globals.server_services = (const char **)str_list_make_v3(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
Globals.dcerpc_endpoint_servers = (const char **)str_list_make_v3(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);