diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2015-06-12 14:41:20 +1200 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2015-06-24 22:34:57 +0200 |
| commit | c31c30043bdb0b3736f81c4b391ec96f236bc227 (patch) | |
| tree | 0fe80b6313473a5d93cde9a9dadce0d8d524a3d8 /selftest | |
| parent | 45b7992428f646b8586974e1d86e3cdad869b059 (diff) | |
| download | samba-c31c30043bdb0b3736f81c4b391ec96f236bc227.tar.gz | |
s4-winbindd: Remove the winbind rewrite from the samba4 effort
This winbind implementation is undermaintained, out of date and not the
future of even the AD DC, let alone any other purpose.
Removing it will reduce our security and bug exposure on this
off by default subsystem
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 24 22:34:57 CEST 2015 on sn-devel-104
Diffstat (limited to 'selftest')
| -rw-r--r-- | selftest/knownfail | 36 | ||||
| -rwxr-xr-x | selftest/target/Samba4.pm | 4 |
2 files changed, 6 insertions, 34 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index 5ce3d973039..2bf7aecf227 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -239,20 +239,12 @@ ^samba3.rpc.netlogon.admin.*.LogonControl2\(ad_dc\) ^samba3.rpc.netlogon.admin.*.LogonControl\(ad_dc\) # -# The Samba4 winbind does not cover the full winbind protocol, so these are expected -# -^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo -N against ad_dc_ntvfs -^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo -I against ad_dc_ntvfs -^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo --trusted-domains against ad_dc_ntvfs -^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo --all-domains against ad_dc_ntvfs -# # This makes less sense when not running against an AD DC # ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U against ad_member ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G against ad_member ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U check for sane mapping ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G check for sane mapping -^samba4.winbind.struct.show_sequence\(ad_dc_ntvfs:local\) ^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--allocate-uid ^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--allocate-gid ^samba.wbinfo_simple.\(s4member:local\).--allocate-uid @@ -288,38 +280,14 @@ ^samba3.local.nss.reentrant enumeration\(ad_member:local\) ^samba3.local.nss.enumeration\(ad_member:local\) # -# These just happen to fail for some reason (probably because they run against the s4 winbind) -# -^samba4.winbind.struct.getdcname\(ad_member:local\) -^samba4.winbind.struct.lookup_name_sid\(ad_member:local\) -^samba4.winbind.struct.lookup_name_sid\(ad_dc_ntvfs:local\) -^samba4.winbind.struct.list_trustdom\(ad_dc_ntvfs:local\) -^samba4.winbind.struct.domain_info\(ad_dc_ntvfs:local\) -^samba4.winbind.struct.getdcname\(ad_dc_ntvfs:local\) -^samba4.winbind.struct.dsgetdcname\(ad_dc_ntvfs:local\) -^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--all-domains.wbinfo\(ad_dc_ntvfs:local\) -^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--trusted-domains.wbinfo\(ad_dc_ntvfs:local\) -^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--online-status.wbinfo\(ad_dc_ntvfs:local\) -^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--online-status --domain=BUILTIN.wbinfo\(ad_dc_ntvfs:local\) -^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(ad_dc_ntvfs:local\) -^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--change-secret --domain=SAMBADOMAIN.wbinfo\(ad_dc_ntvfs:local\) -^samba.wbinfo_simple.\(ad_dc_ntvfs:local\).--online-status --domain=SAMBADOMAIN.wbinfo\(ad_dc_ntvfs:local\) -^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo -I against ad_dc_ntvfs\(ad_dc_ntvfs:local\) -^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo --trusted-domains against ad_dc_ntvfs\(ad_dc_ntvfs:local\) -^samba.blackbox.wbinfo\(ad_dc_ntvfs:local\).wbinfo --all-domains against ad_dc_ntvfs\(ad_dc_ntvfs:local\) -# -# This will fail against the NTVFS DC, because it requires functionality only in winbindd -# -^samba4.winbind.pac.*\(ad_dc_ntvfs:local\) # Not implemented -# # These do not work against winbindd in member mode for unknown reasons # ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U against ad_member\(ad_member:local\) ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -U check for sane mapping\(ad_member:local\) ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G against ad_member\(ad_member:local\) ^samba.blackbox.wbinfo\(ad_member:local\).wbinfo -G check for sane mapping\(ad_member:local\) -^samba.ntlm_auth.\(ad_dc_ntvfs:local\).ntlm_auth against winbindd with failed require-membership-of -^samba.ntlm_auth.\(ad_dc_ntvfs:local\).ntlm_auth with NTLMSSP gss-spnego-client and gss-spnego server against winbind with failed require-membership-of +^samba4.winbind.struct.getdcname\(ad_member:local\) +^samba4.winbind.struct.lookup_name_sid\(ad_member:local\) ^samba4.winbind.struct.getdcname\(nt4_member:local\) # Works in other modes, just not against the classic/NT4 DC # # Differences in our KDC compared to windows diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 6ee56b393c3..ae7eb235c49 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -1432,6 +1432,10 @@ sub provision_ad_dc_ntvfs($$) { my ($self, $prefix) = @_; + # We keep the old 'winbind' name here in server services to + # ensure upgrades which used that name still work with the now + # alias. + print "PROVISIONING AD DC (NTVFS)..."; my $extra_conf_options = "netbios aliases = localDC1-a server services = +winbind -winbindd"; |