diff options
author | Andrew Bartlett <abartlet@samba.org> | 2016-12-14 14:50:20 +1300 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2016-12-14 11:55:18 +0100 |
commit | ecb1f569d7a297dda6ff6ce040d3555a89404fd7 (patch) | |
tree | 97e030aec5016dff6a2df8fcc521313bcacc3122 /selftest | |
parent | 91d5ea2ae90140cad0fa8021f07dad3f3d7b7734 (diff) | |
download | samba-ecb1f569d7a297dda6ff6ce040d3555a89404fd7.tar.gz |
torture: Add credentials downgrade and challenge reuse test to rpc.netlogon
This test confirms that the challenge set up is available
after the ServerAuthenticate has failed at the NT_STATUS_DOWNGRADE_DETECTED
check.
This is needed for NetApp ONTAP member servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11291
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'selftest')
-rw-r--r-- | selftest/knownfail | 2 | ||||
-rwxr-xr-x | selftest/target/Samba4.pm | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index 97ec6ef1d64..0e168ab7eca 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -79,6 +79,8 @@ ^samba4.rpc.netlogon.*.NetrEnumerateTrustedDomainsEx ^samba4.rpc.netlogon.*.GetPassword ^samba4.rpc.netlogon.*.DatabaseRedo +^samba4.rpc.netlogon.*.netlogon.SetupCredentialsDowngrade\(ad_dc_ntvfs\) # Broken by allowing NT4 crypto on this environment +^samba4.rpc.netlogon.*.netlogon.SetupCredentialsDowngrade\(ad_dc_ntvfs:local\) # Broken by allowing NT4 crypto on this environment ^samba4.rpc.drsuapi.*ncacn_ip_tcp.*validate # should only work with seal ^samba4.rpc.drsuapi.*ncacn_ip_tcp.*bigendian # should only work with seal ^samba4.rpc.samr.passwords.validate.*ncacn_ip_tcp.*with.validate # should only work with seal diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index da60c4402b6..9e3047577c9 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -860,7 +860,6 @@ sub provision($$$$$$$$$$) server max protocol = SMB2 host msdfs = $msdfs lanman auth = yes - allow nt4 crypto = yes # fruit:copyfile is a global option fruit:copyfile = yes @@ -1399,6 +1398,7 @@ sub provision_ad_dc_ntvfs($$) my $extra_conf_options = "netbios aliases = localDC1-a server services = +winbind -winbindd ldap server require strong auth = allow_sasl_over_tls + allow nt4 crypto = yes "; my $ret = $self->provision($prefix, "domain controller", |