def winbind_server(session_multihost, request): """ Winbind Server """ master = sssdTools(session_multihost.master[0], session_multihost.ad[0]) client = sssdTools(session_multihost.client[0], session_multihost.ad[0]) master.server_install_pkgs() smb_master = sambaTools(session_multihost.master[0], session_multihost.ad[0]) smb_master.enable_winbind() smb_client = sambaTools(session_multihost.client[0], session_multihost.ad[0]) smb_client.enable_winbind() def disable(): """ Disable winbind """ print("we are disabling winbind") master.disjoin_ad() client.disjoin_ad() smb_master.disable_winbind() smb_master.clear_samba_cache() smb_master.remove_smbconf() smb_client.disable_winbind() smb_client.clear_samba_cache() smb_client.remove_smbconf() request.addfinalizer(disable)
def test_004_multiplespn(self, multihost, keytab_sssd_conf): """ :title: IDM-SSSD-TC: AD-Provider Keytab Rotation: Add Multiple SPN(http,nfs) to the client host and verify all the SPN entries are rotated :id: a66c325f-09e2-4a81-8b76-b863dead7e92 :steps: 1. ADD HTTP SPN for client using net ads keytab cli 2. ADD NFS SPN for client using net ads keytab cli 3. Reset Machine password by setting pwdLastSet to 0 4. Restart sssd 5. klist -k /etc/krb5.keytab :expectedresults: 1. klist -k /etc/krb5.keytab should HTTP entries 2. klist -k /etc/krb5.keytab should NFS entries 3. pwdLastSet attribute should be 0 4. sssd service should be restarted successfully 5. New HTTP and NFS entries with new kvno should be added to /etc/krb5.keytab """ client = sssdTools(multihost.client[0], multihost.ad[0]) client.reset_machine_password() sambaclient = sambaTools(multihost.client[0], multihost.ad[0]) sambaclient.smbadsconf() domain_name = client.get_domain_section_name() services_list = ['HTTP', 'NFS'] client.add_service_principals(services_list) klist_cmd = "klist -k /etc/krb5.keytab" cmd = multihost.client[0].run_command(klist_cmd, raiseonerr=False) realm = multihost.ad[0].realm hostname = multihost.client[0].sys_hostname remove_logs = "rm -f /var/log/sssd/sssd_%s.log" % (domain_name) multihost.client[0].run_command(remove_logs) restart_sssd = 'systemctl restart sssd' https_princ = 'HTTP/%s@%s' % (hostname, realm) kvno_cmd = 'kvno %s' % (https_princ) cmd = multihost.client[0].run_command(kvno_cmd, raiseonerr=False) kvno = cmd.stdout_text.split('=')[1].strip() try: multihost.client[0].run_command(restart_sssd) except subprocess.CalledProcessError: multihost.client[0].multihost.client[0].run_command( 'journalctl -x -n 50 --no-pager -u sssd', raiseonerr=False) pytest.fail("Cannot restart sssd service") time.sleep(45) cmd = multihost.client[0].run_command(klist_cmd, raiseonerr=False) spn_list = [val.strip() for val in cmd.stdout_text.splitlines()] new_kvno = int(kvno) + 1 nfs_entry = '{} {}/{}@{}'.format(new_kvno, 'NFS', hostname, realm) http_entry = '{} {}/{}@{}'.format(new_kvno, 'HTTP', hostname, realm) assert nfs_entry and http_entry in spn_list[3:] client.remove_service_principals(services_list) remove_smb_conf = 'rm -f /etc/samba/smb.conf' multihost.client[0].run_command(remove_smb_conf, raiseonerr=False)
def test_005_deletespn(self, multihost, keytab_sssd_conf): """ :title: IDM-SSSD-TC: AD-Provider Keytab Rotation: Removing SPN from AD and verify removed SPN entries are not renewed upon renewal :id: 6430387a-a715-44b4-81e3-7c012d887e00 :steps: 1. Delete HTTP SPN using setspn.exe cli from AD 2. Reset Machine password by setting pwdLastSet attribute to 0 3. Restart sssd 4. klist -k /etc/krb5.keytab :expectedresults: 1. HTTP SPN should be deleted 2. pwdLastSet attribute should be 0 3. sssd service should be restarted successfuly 4. Verify no new HTTP Entries with new KVNO are added in /etc/krb5.keytab """ client = sssdTools(multihost.client[0], multihost.ad[0]) sambaclient = sambaTools(multihost.client[0], multihost.ad[0]) sambaclient.smbadsconf() services_list = ['HTTP'] client.add_service_principals(services_list) client.reset_machine_password() domain_name = client.get_domain_section_name() klist_cmd = "klist -k /etc/krb5.keytab" cmd = multihost.client[0].run_command(klist_cmd, raiseonerr=False) realm = multihost.ad[0].realm hostname = multihost.client[0].sys_hostname remove_logs = "rm -f /var/log/sssd/sssd_%s.log" % (domain_name) multihost.client[0].run_command(remove_logs) restart_sssd = 'systemctl restart sssd' https_princ = 'HTTP/%s@%s' % (hostname, realm) kvno_cmd = 'kvno %s' % (https_princ) cmd = multihost.client[0].run_command(kvno_cmd, raiseonerr=False) kvno = cmd.stdout_text.split('=')[1].strip() client.remove_service_principals(services_list) try: multihost.client[0].run_command(restart_sssd) except subprocess.CalledProcessError: multihost.client[0].multihost.client[0].run_command( 'journalctl -x -n 50 --no-pager -u sssd', raiseonerr=False) pytest.fail("Cannot restart sssd service") time.sleep(45) cmd = multihost.client[0].run_command(klist_cmd, raiseonerr=False) spn_list = [val.strip() for val in cmd.stdout_text.splitlines()] new_kvno = int(kvno) + 1 http_entry = '{} {}/{}@{}'.format(new_kvno, 'HTTP', hostname, realm) assert http_entry in spn_list[3:] cmd = multihost.client[0].run_command(klist_cmd, raiseonerr=False) remove_smb_conf = 'rm -f /etc/samba/smb.conf' multihost.client[0].run_command(remove_smb_conf, raiseonerr=False)
def smbconfig(session_multihost, request): """ Configure smb.conf """ sambaclient = sambaTools(session_multihost.client[0], session_multihost.ad[0]) sambaclient.smbadsconf() def restore(): """ Restore smb.conf """ restoresmb = 'cp -f /etc/samba/smb.conf.orig /etc/samba/smb.conf' session_multihost.client[0].run_command(restoresmb, raiseonerr=False) removebkup = 'rm -f /etc/samba/smb.conf.orig' session_multihost.client[0].run_command(removebkup, raiseonerr=False) request.addfinalizer(restore)
def configure_samba(session_multihost, request): """ samba server """ master = sambaTools(session_multihost.master[0], session_multihost.ad[0]) master.add_share_definition('share1', '/mnt/samba/share1') master.service_smb(action='restart') time.sleep(20) def stop_samba_server(): """ Stop samba server """ print("we are stopping samba server") master.service_smb(action='stop') master.clear_samba_cache() master.remove_smbconf() request.addfinalizer(stop_samba_server)
def samba_share_permissions(session_multihost, request): """ Set permissions on samba share """ smbTools = sambaTools(session_multihost.master[0], session_multihost.ad[0]) adops = ADOperations(session_multihost.ad[0]) share_name = 'share1' share_path = '/mnt/samba/%s' % share_name smbTools.create_samba_share(share_path) realm = session_multihost.ad[0].realm for idx in range(1, 3): ad_user = '******' % idx ad_group = 'idmfoogroup%d' % idx all_group = 'idmfooallgroup' adops.delete_ad_user_group(ad_group) adops.delete_ad_user_group(ad_user) adops.delete_ad_user_group(all_group) adops.create_ad_unix_group(all_group) for idx in range(1, 3): ad_user = '******' % idx ad_group = 'idmfoogroup%d' % idx adops.create_ad_unix_user_group(ad_user, ad_group) adops.add_user_member_of_group(all_group, ad_user) session_multihost.master[0].service_sssd('restart') time.sleep(30) for idx in range(1, 3): ad_user = '******' % idx ad_group = 'idmfoogroup%d' % idx directory = '/mnt/samba/share1/idmfoogroup%d' % idx create_dir = 'mkdir -p %s' % directory session_multihost.master[0].run_command(create_dir) chmod = 'chmod 2770 %s' % directory session_multihost.master[0].run_command(chmod) chgrp = "chgrp '%s@%s' %s " % (ad_group, realm, directory) session_multihost.master[0].run_command(chgrp) all_group = 'idmfooallgroup' common_dir = 'mkdir -p /mnt/samba/share1/allgroup' session_multihost.master[0].run_command(common_dir) chgrp = "chgrp '%s@%s' /mnt/samba/share1/allgroup " % (all_group, realm) chmod = "chmod 2770 /mnt/samba/share1/allgroup" session_multihost.master[0].run_command(chgrp) session_multihost.master[0].run_command(chmod) # create mount point on client mount_point = 'mkdir -p %s' % share_path session_multihost.client[0].run_command(mount_point) def delete_share_directory(): """ Delete share directory """ print("we are deleting samba share directory") smbTools.delete_samba_share(share_path) remove_mount_point = "rm -rf %s" % share_path session_multihost.client[0].run_command(remove_mount_point) for idx in range(1, 3): ad_user = '******' % idx ad_group = 'idmfoogroup%d' % idx all_group = 'idmfooallgroup' adops.delete_ad_user_group(ad_group) adops.delete_ad_user_group(all_group) adops.delete_ad_user_group(ad_user) request.addfinalizer(delete_share_directory)