def winbind_server(session_multihost, request):
""" Winbind Server """
master = sssdTools(session_multihost.master[0], session_multihost.ad[0])
client = sssdTools(session_multihost.client[0], session_multihost.ad[0])
master.server_install_pkgs()
smb_master = sambaTools(session_multihost.master[0],
session_multihost.ad[0])
smb_master.enable_winbind()
smb_client = sambaTools(session_multihost.client[0],
session_multihost.ad[0])
smb_client.enable_winbind()
def disable():
""" Disable winbind """
print("we are disabling winbind")
master.disjoin_ad()
client.disjoin_ad()
smb_master.disable_winbind()
smb_master.clear_samba_cache()
smb_master.remove_smbconf()
smb_client.disable_winbind()
smb_client.clear_samba_cache()
smb_client.remove_smbconf()
request.addfinalizer(disable)
def test_004_multiplespn(self, multihost, keytab_sssd_conf):
"""
:title: IDM-SSSD-TC: AD-Provider Keytab Rotation:
Add Multiple SPN(http,nfs) to the client host and
verify all the SPN entries are rotated
:id: a66c325f-09e2-4a81-8b76-b863dead7e92
:steps:
1. ADD HTTP SPN for client using net ads keytab cli
2. ADD NFS SPN for client using net ads keytab cli
3. Reset Machine password by setting pwdLastSet to 0
4. Restart sssd
5. klist -k /etc/krb5.keytab
:expectedresults:
1. klist -k /etc/krb5.keytab should HTTP entries
2. klist -k /etc/krb5.keytab should NFS entries
3. pwdLastSet attribute should be 0
4. sssd service should be restarted successfully
5. New HTTP and NFS entries with new kvno should be added to
/etc/krb5.keytab
"""
client = sssdTools(multihost.client[0], multihost.ad[0])
client.reset_machine_password()
sambaclient = sambaTools(multihost.client[0], multihost.ad[0])
sambaclient.smbadsconf()
domain_name = client.get_domain_section_name()
services_list = ['HTTP', 'NFS']
client.add_service_principals(services_list)
klist_cmd = "klist -k /etc/krb5.keytab"
cmd = multihost.client[0].run_command(klist_cmd, raiseonerr=False)
realm = multihost.ad[0].realm
hostname = multihost.client[0].sys_hostname
remove_logs = "rm -f /var/log/sssd/sssd_%s.log" % (domain_name)
multihost.client[0].run_command(remove_logs)
restart_sssd = 'systemctl restart sssd'
https_princ = 'HTTP/%s@%s' % (hostname, realm)
kvno_cmd = 'kvno %s' % (https_princ)
cmd = multihost.client[0].run_command(kvno_cmd, raiseonerr=False)
kvno = cmd.stdout_text.split('=')[1].strip()
try:
multihost.client[0].run_command(restart_sssd)
except subprocess.CalledProcessError:
multihost.client[0].multihost.client[0].run_command(
'journalctl -x -n 50 --no-pager -u sssd', raiseonerr=False)
pytest.fail("Cannot restart sssd service")
time.sleep(45)
cmd = multihost.client[0].run_command(klist_cmd, raiseonerr=False)
spn_list = [val.strip() for val in cmd.stdout_text.splitlines()]
new_kvno = int(kvno) + 1
nfs_entry = '{} {}/{}@{}'.format(new_kvno, 'NFS', hostname, realm)
http_entry = '{} {}/{}@{}'.format(new_kvno, 'HTTP', hostname, realm)
assert nfs_entry and http_entry in spn_list[3:]
client.remove_service_principals(services_list)
remove_smb_conf = 'rm -f /etc/samba/smb.conf'
multihost.client[0].run_command(remove_smb_conf, raiseonerr=False)
def test_005_deletespn(self, multihost, keytab_sssd_conf):
"""
:title: IDM-SSSD-TC: AD-Provider Keytab Rotation:
Removing SPN from AD and verify removed SPN entries
are not renewed upon renewal
:id: 6430387a-a715-44b4-81e3-7c012d887e00
:steps:
1. Delete HTTP SPN using setspn.exe cli from AD
2. Reset Machine password by setting pwdLastSet attribute to 0
3. Restart sssd
4. klist -k /etc/krb5.keytab
:expectedresults:
1. HTTP SPN should be deleted
2. pwdLastSet attribute should be 0
3. sssd service should be restarted successfuly
4. Verify no new HTTP Entries with new KVNO are added in
/etc/krb5.keytab
"""
client = sssdTools(multihost.client[0], multihost.ad[0])
sambaclient = sambaTools(multihost.client[0], multihost.ad[0])
sambaclient.smbadsconf()
services_list = ['HTTP']
client.add_service_principals(services_list)
client.reset_machine_password()
domain_name = client.get_domain_section_name()
klist_cmd = "klist -k /etc/krb5.keytab"
cmd = multihost.client[0].run_command(klist_cmd, raiseonerr=False)
realm = multihost.ad[0].realm
hostname = multihost.client[0].sys_hostname
remove_logs = "rm -f /var/log/sssd/sssd_%s.log" % (domain_name)
multihost.client[0].run_command(remove_logs)
restart_sssd = 'systemctl restart sssd'
https_princ = 'HTTP/%s@%s' % (hostname, realm)
kvno_cmd = 'kvno %s' % (https_princ)
cmd = multihost.client[0].run_command(kvno_cmd, raiseonerr=False)
kvno = cmd.stdout_text.split('=')[1].strip()
client.remove_service_principals(services_list)
try:
multihost.client[0].run_command(restart_sssd)
except subprocess.CalledProcessError:
multihost.client[0].multihost.client[0].run_command(
'journalctl -x -n 50 --no-pager -u sssd', raiseonerr=False)
pytest.fail("Cannot restart sssd service")
time.sleep(45)
cmd = multihost.client[0].run_command(klist_cmd, raiseonerr=False)
spn_list = [val.strip() for val in cmd.stdout_text.splitlines()]
new_kvno = int(kvno) + 1
http_entry = '{} {}/{}@{}'.format(new_kvno, 'HTTP', hostname, realm)
assert http_entry in spn_list[3:]
cmd = multihost.client[0].run_command(klist_cmd, raiseonerr=False)
remove_smb_conf = 'rm -f /etc/samba/smb.conf'
multihost.client[0].run_command(remove_smb_conf, raiseonerr=False)
def smbconfig(session_multihost, request):
""" Configure smb.conf """
sambaclient = sambaTools(session_multihost.client[0],
session_multihost.ad[0])
sambaclient.smbadsconf()
def restore():
""" Restore smb.conf """
restoresmb = 'cp -f /etc/samba/smb.conf.orig /etc/samba/smb.conf'
session_multihost.client[0].run_command(restoresmb, raiseonerr=False)
removebkup = 'rm -f /etc/samba/smb.conf.orig'
session_multihost.client[0].run_command(removebkup, raiseonerr=False)
request.addfinalizer(restore)
def configure_samba(session_multihost, request):
""" samba server """
master = sambaTools(session_multihost.master[0], session_multihost.ad[0])
master.add_share_definition('share1', '/mnt/samba/share1')
master.service_smb(action='restart')
time.sleep(20)
def stop_samba_server():
""" Stop samba server """
print("we are stopping samba server")
master.service_smb(action='stop')
master.clear_samba_cache()
master.remove_smbconf()
request.addfinalizer(stop_samba_server)
def samba_share_permissions(session_multihost, request):
""" Set permissions on samba share """
smbTools = sambaTools(session_multihost.master[0], session_multihost.ad[0])
adops = ADOperations(session_multihost.ad[0])
share_name = 'share1'
share_path = '/mnt/samba/%s' % share_name
smbTools.create_samba_share(share_path)
realm = session_multihost.ad[0].realm
for idx in range(1, 3):
ad_user = '******' % idx
ad_group = 'idmfoogroup%d' % idx
all_group = 'idmfooallgroup'
adops.delete_ad_user_group(ad_group)
adops.delete_ad_user_group(ad_user)
adops.delete_ad_user_group(all_group)
adops.create_ad_unix_group(all_group)
for idx in range(1, 3):
ad_user = '******' % idx
ad_group = 'idmfoogroup%d' % idx
adops.create_ad_unix_user_group(ad_user, ad_group)
adops.add_user_member_of_group(all_group, ad_user)
session_multihost.master[0].service_sssd('restart')
time.sleep(30)
for idx in range(1, 3):
ad_user = '******' % idx
ad_group = 'idmfoogroup%d' % idx
directory = '/mnt/samba/share1/idmfoogroup%d' % idx
create_dir = 'mkdir -p %s' % directory
session_multihost.master[0].run_command(create_dir)
chmod = 'chmod 2770 %s' % directory
session_multihost.master[0].run_command(chmod)
chgrp = "chgrp '%s@%s' %s " % (ad_group, realm, directory)
session_multihost.master[0].run_command(chgrp)
all_group = 'idmfooallgroup'
common_dir = 'mkdir -p /mnt/samba/share1/allgroup'
session_multihost.master[0].run_command(common_dir)
chgrp = "chgrp '%s@%s' /mnt/samba/share1/allgroup " % (all_group, realm)
chmod = "chmod 2770 /mnt/samba/share1/allgroup"
session_multihost.master[0].run_command(chgrp)
session_multihost.master[0].run_command(chmod)
# create mount point on client
mount_point = 'mkdir -p %s' % share_path
session_multihost.client[0].run_command(mount_point)
def delete_share_directory():
""" Delete share directory """
print("we are deleting samba share directory")
smbTools.delete_samba_share(share_path)
remove_mount_point = "rm -rf %s" % share_path
session_multihost.client[0].run_command(remove_mount_point)
for idx in range(1, 3):
ad_user = '******' % idx
ad_group = 'idmfoogroup%d' % idx
all_group = 'idmfooallgroup'
adops.delete_ad_user_group(ad_group)
adops.delete_ad_user_group(all_group)
adops.delete_ad_user_group(ad_user)
request.addfinalizer(delete_share_directory)