diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-04-06 19:44:16 +0200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-04-10 01:11:20 +0200 |
| commit | 3caca9b7fb61196c1f7285cd6be8a257b306ff67 (patch) | |
| tree | 967773531c6dc6af645c66c7cc08622bba62223a /selftest | |
| parent | 2de1994e6f969973d3de2f2f39b52fbcec2e11c8 (diff) | |
| download | samba-3caca9b7fb61196c1f7285cd6be8a257b306ff67.tar.gz | |
s4:selftest: run test_trust_ntlm.sh against various environments
This shows that NTLM authentication is currently completely broken
on an DCs of AD domains with trusts.
Currently we completely ignore the client provided domain
and try to authenticate against the username in our local sam.ldb.
If the same username/password combination exists in both domains,
the user of the trusted domain silenty impersonates the user
of the local domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'selftest')
| -rw-r--r-- | selftest/knownfail | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index 07b4cdb0a6b..0df493da665 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -317,3 +317,17 @@ # rap password tests don't function in the ad_dc_ntvfs:local environment # ^samba.tests.auth_log_pass_change.samba.tests.auth_log_pass_change.AuthLogPassChangeTests.test_rap_change_password\(ad_dc_ntvfs:local\) +# +# The following should pass once we have trust support +^samba4.blackbox.trust_ntlm.Test07.*client.*with.ADDOMAIN\\Administrator%locDCpass1\(fl2008r2dc:local\) +^samba4.blackbox.trust_ntlm.Test08.*client.*with.ADDOM.SAMBA.EXAMPLE.COM\\Administrator%locDCpass1\(fl2008r2dc:local\) +^samba4.blackbox.trust_ntlm.Test09.*client.*with.Administrator@ADDOMAIN%locDCpass1\(fl2008r2dc:local\) +^samba4.blackbox.trust_ntlm.Test10.*client.*with.Administrator@ADDOM.SAMBA.EXAMPLE.COM%locDCpass1\(fl2008r2dc:local\) +^samba4.blackbox.trust_ntlm.Test07.*client.*with.ADDOMAIN\\Administrator%locDCpass1\(fl2003dc:local\) +^samba4.blackbox.trust_ntlm.Test08.*client.*with.ADDOM.SAMBA.EXAMPLE.COM\\Administrator%locDCpass1\(fl2003dc:local\) +^samba4.blackbox.trust_ntlm.Test09.*client.*with.Administrator@ADDOMAIN%locDCpass1\(fl2003dc:local\) +^samba4.blackbox.trust_ntlm.Test10.*client.*with.Administrator@ADDOM.SAMBA.EXAMPLE.COM%locDCpass1\(fl2003dc:local\) +# +# The following should work once we don't map trusts to our domain +^samba4.blackbox.trust_ntlm.Fail06.*client.*with.ADDOMAIN\\Administrator%locDCpass7\(fl2008r2dc:local\) +^samba4.blackbox.trust_ntlm.Fail06.*client.*with.ADDOMAIN\\Administrator%locDCpass6\(fl2003dc:local\) |