The branch, v4-11-test has been updated
via b30b3073f9c libnet_join: add SPNs for additional-dns-hostnames
entries
via 35da7673e88 docs-xml: add "additional dns hostnames" smb.conf option
via 526ad3a904a libnet_join_set_machine_spn: simplify adding uniq spn
to array
via 3f9a9b95dd1 libnet_join_set_machine_spn: simplify memory handling
via 2e7683c937e libnet_join_set_machine_spn: improve style and make a
bit room for indentation
via 0b3503a436a libnet_join: build dnsHostName from netbios name and
lp_dnsdomain()
via 79c2fd908d4 s4:dirsync: fix interaction of dirsync and extended_dn
controls
via b62705398d1 s4:tests/dirsync: add tests for dirsync with extended_dn
from 2958016c30a replace: Only link libnsl and libsocket if requrired
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test
- Log -----------------------------------------------------------------
commit b30b3073f9c0aa052b354385b2878f9a17756bee
Author: Isaac Boukris <[email protected]>
Date: Fri Sep 13 10:56:10 2019 +0300
libnet_join: add SPNs for additional-dns-hostnames entries
and set msDS-AdditionalDnsHostName to the specified list.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Reviewed-by: Alexander Bokovoy <[email protected]>
Autobuild-User(master): Ralph Böhme <[email protected]>
Autobuild-Date(master): Fri Oct 25 10:43:08 UTC 2019 on sn-devel-184
Autobuild-User(v4-11-test): Karolin Seeger <[email protected]>
Autobuild-Date(v4-11-test): Tue Nov 5 13:57:30 UTC 2019 on sn-devel-184
commit 35da7673e882dfc16e95bbfa1bea49ee837d33a5
Author: Isaac Boukris <[email protected]>
Date: Tue Sep 17 21:38:07 2019 +0300
docs-xml: add "additional dns hostnames" smb.conf option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Reviewed-by: Alexander Bokovoy <[email protected]>
commit 526ad3a904ad9d18219cc5d06313cfa2318fc2ef
Author: Isaac Boukris <[email protected]>
Date: Wed Sep 18 23:15:57 2019 +0300
libnet_join_set_machine_spn: simplify adding uniq spn to array
and do not skip adding a fully qualified spn to netbios-aliases
in case a short spn already existed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Reviewed-by: Alexander Bokovoy <[email protected]>
commit 3f9a9b95dd1f128817a979e8687b480d6dc9cab1
Author: Isaac Boukris <[email protected]>
Date: Wed Sep 18 21:29:47 2019 +0300
libnet_join_set_machine_spn: simplify memory handling
and avoid a possible memory leak when passing null to
add_string_to_array() as mem_ctx.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Reviewed-by: Alexander Bokovoy <[email protected]>
commit 2e7683c937e05085770e88cf48288f0404c28092
Author: Isaac Boukris <[email protected]>
Date: Wed Sep 18 20:00:34 2019 +0300
libnet_join_set_machine_spn: improve style and make a bit room for
indentation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Reviewed-by: Alexander Bokovoy <[email protected]>
commit 0b3503a436a37a3e67eed7ce66351a172005c57a
Author: Isaac Boukris <[email protected]>
Date: Fri Aug 30 00:22:15 2019 +0300
libnet_join: build dnsHostName from netbios name and lp_dnsdomain()
This make the join process much more reliable, and avoids "Constraint
violation" error when the fqdn returned from getaddrinfo has already
got assigned an SPN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Reviewed-by: Alexander Bokovoy <[email protected]>
commit 79c2fd908d4eed3fafc76c0635bfad61f293fb8c
Author: Stefan Metzmacher <[email protected]>
Date: Fri Oct 4 14:57:40 2019 +0200
s4:dirsync: fix interaction of dirsync and extended_dn controls
Azure AD connect reports discovery errors:
reference-value-not-ldap-conformant
for attributes member and manager.
The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without
an ExtendedDNRequestValue blob, which means the flag value should
be treated as 0 and the HEX string format should be used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153
RN: Prevent azure ad connect from reporting discovery errors:
reference-value-not-ldap-conformant
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Autobuild-User(master): Andrew Bartlett <[email protected]>
Autobuild-Date(master): Thu Oct 24 11:06:58 UTC 2019 on sn-devel-184
(cherry picked from commit d0f566c4ad32d69a1cf896e2dde56fc2489bb7fc)
commit b62705398d13bdad54e5abb65a23fa0d94c3571d
Author: Stefan Metzmacher <[email protected]>
Date: Tue Oct 22 12:12:32 2019 +0200
s4:tests/dirsync: add tests for dirsync with extended_dn
This demonstrates a problems that the extended_dn returned
by the dirsync module always uses the SDDL format for GUID/SID
components.
Azure AD connect reports discovery errors:
reference-value-not-ldap-conformant
for attributes member and manager.
The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without
an ExtendedDNRequestValue blob, which means the flag value should
be treated as 0 and the HEX string format should be used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
(cherry picked from commit 6d43d82b49c8cd47da2f1489fe8b52d5a873a19c)
-----------------------------------------------------------------------
Summary of changes:
.../smbdotconf/base/additionaldnshostnames.xml | 11 ++
source3/libnet/libnet_join.c | 195 +++++++++++----------
source4/dsdb/samdb/ldb_modules/dirsync.c | 19 +-
source4/dsdb/tests/python/dirsync.py | 31 ++++
testprogs/blackbox/test_net_ads.sh | 17 +-
5 files changed, 179 insertions(+), 94 deletions(-)
create mode 100644 docs-xml/smbdotconf/base/additionaldnshostnames.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/base/additionaldnshostnames.xml
b/docs-xml/smbdotconf/base/additionaldnshostnames.xml
new file mode 100644
index 00000000000..ddc04ee9f81
--- /dev/null
+++ b/docs-xml/smbdotconf/base/additionaldnshostnames.xml
@@ -0,0 +1,11 @@
+<samba:parameter name="additional dns hostnames"
+ context="G"
+ type="cmdlist"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc";>
+ <description>
+ <para> A list of additional DNS names by which this host can be
identified
+ </para>
+</description>
+<value type="default"><comment>empty string (no additional dns
names)</comment></value>
+<value type="example"> host2.example.com host3.other.com </value>
+</samba:parameter>
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 1052afde641..9d4f656ffec 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -483,6 +483,19 @@ static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX
*mem_ctx,
return status;
}
+static ADS_STATUS add_uniq_spn(TALLOC_CTX *mem_ctx, const char *spn,
+ const char ***array, size_t *num)
+{
+ bool ok = ads_element_in_array(*array, *num, spn);
+ if (!ok) {
+ ok = add_string_to_array(mem_ctx, spn, array, num);
+ if (!ok) {
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ }
+ }
+ return ADS_SUCCESS;
+}
+
/****************************************************************
Set a machines dNSHostName and servicePrincipalName attributes
****************************************************************/
@@ -490,14 +503,15 @@ static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX
*mem_ctx,
static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
struct libnet_JoinCtx *r)
{
+ TALLOC_CTX *frame = talloc_stackframe();
ADS_STATUS status;
ADS_MODLIST mods;
fstring my_fqdn;
const char **spn_array = NULL;
size_t num_spns = 0;
char *spn = NULL;
- bool ok;
const char **netbios_aliases = NULL;
+ const char **addl_hostnames = NULL;
/* Find our DN */
@@ -506,7 +520,7 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX
*mem_ctx,
return status;
}
- status = libnet_join_get_machine_spns(mem_ctx,
+ status = libnet_join_get_machine_spns(frame,
r,
discard_const_p(char **,
&spn_array),
&num_spns);
@@ -516,134 +530,137 @@ static ADS_STATUS
libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
/* Windows only creates HOST/shortname & HOST/fqdn. */
- spn = talloc_asprintf(mem_ctx, "HOST/%s", r->in.machine_name);
- if (!spn) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ spn = talloc_asprintf(frame, "HOST/%s", r->in.machine_name);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
if (!strupper_m(spn)) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
- ok = ads_element_in_array(spn_array, num_spns, spn);
- if (!ok) {
- ok = add_string_to_array(spn_array, spn,
- &spn_array, &num_spns);
- if (!ok) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
}
- if (!name_to_fqdn(my_fqdn, r->in.machine_name)
- || (strchr(my_fqdn, '.') == NULL)) {
- fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name,
- r->out.dns_domain_name);
- }
+ fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name, lp_dnsdomain());
if (!strlower_m(my_fqdn)) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
- if (!strequal(my_fqdn, r->in.machine_name)) {
- spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn);
- if (!spn) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ spn = talloc_asprintf(frame, "HOST/%s", my_fqdn);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ for (netbios_aliases = lp_netbios_aliases();
+ netbios_aliases != NULL && *netbios_aliases != NULL;
+ netbios_aliases++) {
+ /*
+ * Add HOST/NETBIOSNAME
+ */
+ spn = talloc_asprintf(frame, "HOST/%s", *netbios_aliases);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+ if (!strupper_m(spn)) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
- ok = ads_element_in_array(spn_array, num_spns, spn);
- if (!ok) {
- ok = add_string_to_array(spn_array, spn,
- &spn_array, &num_spns);
- if (!ok) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
}
- }
- netbios_aliases = lp_netbios_aliases();
- if (netbios_aliases != NULL) {
- for (; *netbios_aliases != NULL; netbios_aliases++) {
- /*
- * Add HOST/NETBIOSNAME
- */
- spn = talloc_asprintf(mem_ctx, "HOST/%s",
*netbios_aliases);
- if (spn == NULL) {
- TALLOC_FREE(spn);
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
- if (!strupper_m(spn)) {
- TALLOC_FREE(spn);
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
+ /*
+ * Add HOST/netbiosname.domainname
+ */
+ fstr_sprintf(my_fqdn, "%s.%s",
+ *netbios_aliases,
+ lp_dnsdomain());
- ok = ads_element_in_array(spn_array, num_spns, spn);
- if (ok) {
- TALLOC_FREE(spn);
- continue;
- }
- ok = add_string_to_array(spn_array, spn,
- &spn_array, &num_spns);
- if (!ok) {
- TALLOC_FREE(spn);
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
- TALLOC_FREE(spn);
+ spn = talloc_asprintf(frame, "HOST/%s", my_fqdn);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
- /*
- * Add HOST/netbiosname.domainname
- */
- if (r->out.dns_domain_name == NULL) {
- continue;
- }
- fstr_sprintf(my_fqdn, "%s.%s",
- *netbios_aliases,
- r->out.dns_domain_name);
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+ }
- spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn);
- if (spn == NULL) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
+ for (addl_hostnames = lp_additional_dns_hostnames();
+ addl_hostnames != NULL && *addl_hostnames != NULL;
+ addl_hostnames++) {
- ok = ads_element_in_array(spn_array, num_spns, spn);
- if (ok) {
- TALLOC_FREE(spn);
- continue;
- }
- ok = add_string_to_array(spn_array, spn,
- &spn_array, &num_spns);
- if (!ok) {
- TALLOC_FREE(spn);
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
- }
- TALLOC_FREE(spn);
+ spn = talloc_asprintf(frame, "HOST/%s", *addl_hostnames);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
}
}
/* make sure to NULL terminate the array */
- spn_array = talloc_realloc(mem_ctx, spn_array, const char *, num_spns +
1);
+ spn_array = talloc_realloc(frame, spn_array, const char *, num_spns +
1);
if (spn_array == NULL) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
spn_array[num_spns] = NULL;
mods = ads_init_mods(mem_ctx);
if (!mods) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
/* fields of primary importance */
status = ads_mod_str(mem_ctx, &mods, "dNSHostName", my_fqdn);
if (!ADS_ERR_OK(status)) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
status = ads_mod_strlist(mem_ctx, &mods, "servicePrincipalName",
spn_array);
if (!ADS_ERR_OK(status)) {
- return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
}
- return ads_gen_mod(r->in.ads, r->out.dn, mods);
+ addl_hostnames = lp_additional_dns_hostnames();
+ if (addl_hostnames != NULL && *addl_hostnames != NULL) {
+ status = ads_mod_strlist(mem_ctx, &mods,
+ "msDS-AdditionalDnsHostName",
+ addl_hostnames);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+ }
+
+ status = ads_gen_mod(r->in.ads, r->out.dn, mods);
+
+done:
+ TALLOC_FREE(frame);
+ return status;
}
/****************************************************************
diff --git a/source4/dsdb/samdb/ldb_modules/dirsync.c
b/source4/dsdb/samdb/ldb_modules/dirsync.c
index 96cec7774cf..dfa72a1d203 100644
--- a/source4/dsdb/samdb/ldb_modules/dirsync.c
+++ b/source4/dsdb/samdb/ldb_modules/dirsync.c
@@ -51,6 +51,7 @@ struct dirsync_context {
uint64_t fromreqUSN;
uint32_t cursor_size;
bool noextended;
+ int extended_type;
bool linkIncrVal;
bool localonly;
bool partial;
@@ -481,7 +482,8 @@ skip:
}
ldb_dn_extended_filter(dn->dn, myaccept);
- dn_ln = ldb_dn_get_extended_linearized(dn,
dn->dn, 1);
+ dn_ln = dsdb_dn_get_extended_linearized(dn, dn,
+ dsc->extended_type);
if (dn_ln == NULL)
{
talloc_free(dn);
@@ -998,6 +1000,7 @@ static int dirsync_ldb_search(struct ldb_module *module,
struct ldb_request *req
struct ldb_control *control;
struct ldb_result *acl_res;
struct ldb_dirsync_control *dirsync_ctl;
+ struct ldb_control *extended = NULL;
struct ldb_request *down_req;
struct dirsync_context *dsc;
struct ldb_context *ldb;
@@ -1229,7 +1232,19 @@ static int dirsync_ldb_search(struct ldb_module *module,
struct ldb_request *req
dsc->nbDefaultAttrs = 3;
}
- if (!ldb_request_get_control(req, LDB_CONTROL_EXTENDED_DN_OID)) {
+ /* check if there's an extended dn control */
+ extended = ldb_request_get_control(req, LDB_CONTROL_EXTENDED_DN_OID);
+ if (extended != NULL) {
+ struct ldb_extended_dn_control *extended_ctrl = NULL;
+
+ if (extended->data != NULL) {
+ extended_ctrl = talloc_get_type(extended->data,
+ struct ldb_extended_dn_control);
+ }
+ if (extended_ctrl != NULL) {
+ dsc->extended_type = extended_ctrl->type;
+ }
+ } else {
ret = ldb_request_add_control(req, LDB_CONTROL_EXTENDED_DN_OID,
false, NULL);
if (ret != LDB_SUCCESS) {
return ret;
diff --git a/source4/dsdb/tests/python/dirsync.py
b/source4/dsdb/tests/python/dirsync.py
index 78117bc364b..0a22ac4239a 100755
--- a/source4/dsdb/tests/python/dirsync.py
+++ b/source4/dsdb/tests/python/dirsync.py
@@ -681,6 +681,37 @@ class ExtendedDirsyncTests(SimpleDirsyncTests):
self.assertEqual(res[0].get("member;range=1-1"), None)
self.assertEqual(len(res[0].get("member;range=0-0")), 2)
+ def test_dirsync_extended_dn(self):
+ """Check that dirsync works together with the extended_dn control"""
+ # Let's search for members
+ self.ldb_simple = self.get_ldb_connection(self.simple_user,
self.user_pass)
+ res = self.ldb_simple.search(self.base_dn,
+ expression="(name=Administrators)",
+ controls=["dirsync:1:1:1"])
+
+ self.assertTrue(len(res[0].get("member")) > 0)
+ size = len(res[0].get("member"))
+
+ resEX1 = self.ldb_simple.search(self.base_dn,
+ expression="(name=Administrators)",
+
controls=["dirsync:1:1:1","extended_dn:1:1"])
+ self.assertTrue(len(resEX1[0].get("member")) > 0)
+ sizeEX1 = len(resEX1[0].get("member"))
+ self.assertEqual(sizeEX1, size)
+ self.assertIn(res[0]["member"][0], resEX1[0]["member"][0])
+ self.assertIn(b"<GUID=", resEX1[0]["member"][0])
+ self.assertIn(b">;<SID=S-1-5-21-", resEX1[0]["member"][0])
+
+ resEX0 = self.ldb_simple.search(self.base_dn,
+ expression="(name=Administrators)",
+
controls=["dirsync:1:1:1","extended_dn:1:0"])
+ self.assertTrue(len(resEX0[0].get("member")) > 0)
+ sizeEX0 = len(resEX0[0].get("member"))
+ self.assertEqual(sizeEX0, size)
+ self.assertIn(res[0]["member"][0], resEX0[0]["member"][0])
+ self.assertIn(b"<GUID=", resEX0[0]["member"][0])
+ self.assertIn(b">;<SID=010500000000000515", resEX0[0]["member"][0])
+
def test_dirsync_deleted_items(self):
"""Check that dirsync returnd deleted objects too"""
# Let's create an OU
diff --git a/testprogs/blackbox/test_net_ads.sh
b/testprogs/blackbox/test_net_ads.sh
index cc8345c4624..8bcff006b8e 100755
--- a/testprogs/blackbox/test_net_ads.sh
+++ b/testprogs/blackbox/test_net_ads.sh
@@ -81,7 +81,7 @@ testit "testjoin (dedicated keytab)" $VALGRIND $net_tool ads
testjoin -kP || fai
netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= |
awk '{$1=$1};1')
uc_netbios=$(echo $netbios | tr '[:lower:]' '[:upper:]')
lc_realm=$(echo $REALM | tr '[:upper:]' '[:lower:]')
-fqdns="$netbios.$lc_realm"
+fqdn="$netbios.$lc_realm"
krb_princ="primary/instance@$REALM"
testit "test (dedicated keytab) add a fully qualified krb5 principal"
$VALGRIND $net_tool ads keytab add $krb_princ -U$DC_USERNAME%$DC_PASSWORD
--option="kerberosmethod=dedicatedkeytab"
--option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed +
1`
@@ -99,7 +99,7 @@ testit "test (dedicated keytab) at least one krb5 principal
created from $machin
service="nfs"
testit "test (dedicated keytab) add a $service service to keytab" $VALGRIND
$net_tool ads keytab add $service -U$DC_USERNAME%$DC_PASSWORD
--option="kerberosmethod=dedicatedkeytab"
--option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed +
1`
-search_str="$service/$fqdns@$REALM"
+search_str="$service/$fqdn@$REALM"
found=`$net_tool ads keytab list -U$DC_USERNAME%$DC_PASSWORD
--option="kerberosmethod=dedicatedkeytab"
--option="dedicatedkeytabfile=$dedicated_keytab_file" | grep $search_str | wc
-l`
testit "test (dedicated keytab) at least one (long form) krb5 principal
created from service added is present in keytab" test $found -gt 1 ||
failed=`expr $failed + 1`
@@ -202,10 +202,21 @@ base_dn="DC=addom,DC=samba,DC=example,DC=com"
computers_dn="CN=Computers,$base_dn"
testit "ldb check for existence of machine account" $ldbsearch
-U$DC_USERNAME%$DC_PASSWORD -H ldap://$SERVER.$REALM -s base -b
"cn=$HOSTNAME,$computers_dn" || failed=`expr $failed + 1`
-testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD ||
failed=`expr $failed + 1`
+dns_alias1="${netbios}_alias1.other.${lc_realm}"
+dns_alias2="${netbios}_alias2.other2.${lc_realm}"
+testit "join" $VALGRIND $net_tool
--option=additionaldnshostnames=$dns_alias1,$dns_alias2 ads join
-U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
testit "testjoin" $VALGRIND $net_tool ads testjoin || failed=`expr $failed + 1`
+testit_grep "check dNSHostName" $fqdn $VALGRIND $net_tool ads search -P
samaccountname=$netbios\$ dNSHostName || failed=`expr $failed + 1`
+testit_grep "check SPN" ${uc_netbios}.${lc_realm} $VALGRIND $net_tool ads
search -P samaccountname=$netbios\$ servicePrincipalName || failed=`expr
$failed + 1`
+
+testit_grep "dns alias SPN" $dns_alias1 $VALGRIND $net_tool ads search -P
samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
+testit_grep "dns alias SPN" $dns_alias2 $VALGRIND $net_tool ads search -P
samaccountname=$netbios\$ servicePrincipalName || failed=`expr $failed + 1`
+
+testit_grep "dns alias addl" $dns_alias1 $VALGRIND $net_tool ads search -P
samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed +
1`
+testit_grep "dns alias addl" $dns_alias2 $VALGRIND $net_tool ads search -P
samaccountname=$netbios\$ msDS-AdditionalDnsHostName || failed=`expr $failed +
1`
+
##Goodbye...
testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD ||
failed=`expr $failed + 1`
--
Samba Shared Repository
