In UCS@School multi-school domains running Samba4 on the Master, the Samba shares of the DC Master need to be accessible by accounts at a school. The most basic test would be to create a student account located at a school branch and simply attempt to connect to any share on the DC Master using the smbclient tool (or a python-samba API equivalent). "Any share" could be netlogon or sysvol, simply.
We need two test cases for this, authenticating with kerberos ticket and without.
r53431: * Bug #34224: 90_ucsschool/94_samba4_check_shares_access: test the DC-Master shares access from DC-Slave. (In reply to Arvid Requate from comment #1) > We need two test cases for this, authenticating with kerberos ticket and > without. Kerberos case is implemented but disabled as failing ATM, possibly due to Bug #31919.
Running the Test on a UCS@school Samba4 Slave PDC results in a traceback. I guess the test expects import_user to be present which is not the case. ===================== *** 90_ucsschool/94_samba4_check_shares_access *** Test the DC Locator Master shares access from DC-Slave. *** Obtatining Administrator username and password for the test from the UCR Creating a student for the test with a name 'ucs_test_school_user_uradijwv' and a password 'Foo3hj5zrjdb' Selecting the School OU for the test *** Calling following command: ['/usr/share/ucs-school-import/scripts/import_user', '/tmp/tmpxuefcE'] Traceback (most recent call last): File "94_samba4_check_shares_access", line 105, in <module> exit(TestDCLocatorShares.main()) File "94_samba4_check_shares_access", line 89, in main student_name, student_dn, student_password = self.create_student() File "94_samba4_check_shares_access", line 75, in create_student password=student_password)[1] File "/usr/lib/pymodules/python2.6/univention/testing/ucsschool.py", line 282, in create_user retval = subprocess.call(cmd) File "/usr/lib/python2.6/subprocess.py", line 470, in call return Popen(*popenargs, **kwargs).wait() File "/usr/lib/python2.6/subprocess.py", line 623, in __init__ errread, errwrite) File "/usr/lib/python2.6/subprocess.py", line 1141, in _execute_child raise child_exception OSError: [Errno 2] No such file or directory *** END *** 1 *** =====================
(In reply to Arvid Requate from comment #3) > Running the Test on a UCS@school Samba4 Slave PDC results in a traceback. I > guess the test expects import_user to be present which is not the case. Cannot reproduce traceback on any of my DC-Slave(s). I have two DC-Slaves exactly as created by Jenkins template: /ucs-3.2-3/test/ucs-ec2-tools/examples/jenkins/autotest-203-ucsschool-multiserver-s4.cfg (+ ucs-test-framework there and all up-to date). The full test output from one of my DCs can be found: http://hutten.knut.univention.de/pastebin/m1e18ff5f and from another: http://hutten.knut.univention.de/pastebin/m4e018e53 > Creating a student for the test with a name 'ucs_test_school_user_uradijwv' > and a password 'Foo3hj5zrjdb' > > Selecting the School OU for the test > *** Calling following command: > ['/usr/share/ucs-school-import/scripts/import_user', '/tmp/tmpxuefcE'] > Traceback (most recent call last): .... > File "/usr/lib/pymodules/python2.6/univention/testing/ucsschool.py", line > 282, in create_user > retval = subprocess.call(cmd) Also, if I open the "/usr/lib/pymodules/python2.6/univention/testing/ucsschool.py" on my DC-Slave(s), line 282 would be in different function (create_ou, not the create_user) and with different code. Perhaps, you have older version?
Ok, some minor thing: Currently the test also runs in autotest-204-ucsschool-multiserver-s4-school-only.cfg and shows an interesting behaviour: The connection to the master fails (since there is not Samba4 in that jenins setup) but the test result sais that it succeeded: http://jenkins.knut.univention.de:8080/job/UCSschool%204.0/job/UCSschool%204.0%20Multiserver/SambaVersion=s4-school-only/15/testReport/90_ucsschool/94_samba4_check_shares_access/test/ So we should improve this by A) fixing the detection of failure and B) somehow restricting the test to be skipped in domains where Samba4 is not on the master. We could add a function like "samba4_on_master" to the library functions which does something like: univention-ldapsearch -xLLL \ '(&(univentionserverrole=master)(univentionService=Samba 4))' dn Please note in this context that UCR "ldap/master" is not the best choice for Samba4 related tests.
See Bug 34216 Comment 7 , your code can simply be reused for this.
(In reply to Arvid Requate from comment #5) > So we should improve this by A) fixing the detection of failure and B) > somehow restricting the test to be skipped in domains where Samba4 is not on > the master. r57829: * 90_ucsschool/94_samba4_check_shares_access: skip the test if there is no Samba4 on DC-Master; perform extra checks on smbclient stdout (Bug #34224). > Please note in this context that UCR "ldap/master" is not the best choice > for Samba4 related tests. You mean the 'ldap/master' can actually be different from the DC-Master (with no S4)?
The UCS Master ( == 'ldap/master' for all practical purposes) doesn't need to be running Samba, so ldap/master is not the best target for Samba related checks.
(In reply to Arvid Requate from comment #8) > The UCS Master ( == 'ldap/master' for all practical purposes) doesn't need > to be running Samba, so ldap/master is not the best target for Samba related > checks. I think it's OK now: the check for DC-Master running Samba4 is done as: 'ldap_master' in udm computers/domaincontroller_master list --filter "service=Samba 4".
Ok.