def install(cls, mh):
if cls.domain_level is not None:
domain_level = cls.domain_level
else:
domain_level = cls.master.config.domain_level
tasks.install_topo(cls.topology,
cls.master, cls.replicas,
cls.clients, domain_level,
clients_extra_args=('--mkhomedir',))
cls.ad = cls.ads[0]
cls.smbserver = cls.clients[0]
cls.smbclient = cls.clients[1]
cls.ad_user = '******'.format(cls.ad_user_login, cls.ad.domain.name)
tasks.config_host_resolvconf_with_master_data(cls.master,
cls.smbclient)
tasks.install_adtrust(cls.master)
tasks.configure_dns_for_trust(cls.master, cls.ad)
tasks.configure_windows_dns_for_trust(cls.ad, cls.master)
tasks.establish_trust_with_ad(cls.master, cls.ad.domain.name,
extra_args=['--two-way=true'])
tasks.create_active_user(cls.master, cls.ipa_user1,
password=cls.ipa_user1_password)
tasks.create_active_user(cls.master, cls.ipa_user2,
password=cls.ipa_user2_password)
# Trigger creation of home directories on the SMB server
for user in [cls.ipa_user1, cls.ipa_user2, cls.ad_user]:
tasks.run_command_as_user(cls.smbserver, user, ['stat', '.'])
def test_establish_external_trust_with_shared_secret(self):
tasks.configure_dns_for_trust(self.master, self.ad)
tasks.configure_windows_dns_for_trust(self.ad, self.master)
# create windows side of trust using netdom.exe utility
self.ad.run_command(
['netdom.exe', 'trust', self.master.domain.name,
'/d:' + self.ad.domain.name,
'/passwordt:' + self.shared_secret, '/add', '/oneside:TRUSTED'])
# create ipa side of trust
tasks.establish_trust_with_ad(
self.master, self.ad_domain, shared_secret=self.shared_secret,
extra_args=['--range-type', 'ipa-ad-trust', '--external=True'])
def test_establish_forest_trust_with_shared_secret(self):
tasks.configure_dns_for_trust(self.master, self.ad)
tasks.configure_windows_dns_for_trust(self.ad, self.master)
# this is a workaround for
# https://bugzilla.redhat.com/show_bug.cgi?id=1711958
self.master.run_command([
'ipa', 'dnsrecord-add', self.master.domain.name,
self.srv_gc_record_name, '--srv-rec', self.srv_gc_record_value
])
# create windows side of trust using powershell bindings
# to .Net functions
ps_cmd = ('[System.DirectoryServices.ActiveDirectory.Forest]'
'::getCurrentForest()'
'.CreateLocalSideOfTrustRelationship("{}", 1, "{}")'.format(
self.master.domain.name, self.shared_secret))
self.ad.run_command(['powershell', '-c', ps_cmd])
# create ipa side of trust
tasks.establish_trust_with_ad(self.master,
self.ad_domain,
shared_secret=self.shared_secret)
