RFC4533_TEST_SERVER: ldap://${{ inputs.ldap_test_server }}:${{ inputs.ldap_test_server_port }}/
PERSISTENT_SEARCH_TEST_SERVER: ldap://${{ inputs.ldap389_test_server }}:${{ inputs.ldap389_test_server_port }}/
ACTIVE_DIRECTORY_TEST_SERVER: ${{ inputs.active_directory_test_server }}
+ WINBIND_TEST_SERVER: ${{ inputs.active_directory_test_server }}
REST_TEST_SERVER: ${{ inputs.rest_test_server }}
REST_TEST_SERVER_PORT: ${{ inputs.rest_test_port }}
REST_TEST_SERVER_SSL_PORT: ${{ inputs.rest_test_ssl_port }}
# Allow non TLS LDAP connections to Samba
sudo sed -i 's/\[global\]/\[global\]\n\tldap server require strong auth = no/' /etc/samba/smb.conf
+# Create user for testing winbind auth
+sudo /usr/bin/samba-tool user create aduser secret_123
+
# Start the domain controller
if [ "$USE_DOCKER" != "true" ]; then
sudo systemctl start samba-ad-dc
authenticate pap {
pap
}
+
+ $-INCLUDE $ENV{MODULE_TEST_DIR}/authenticate.conf
}
policy {
--- /dev/null
+#
+# Test the "winbind" module
+#
+
+# Don't test winbind if WINBIND_TEST_SERVER ENV is not set
+winbind_require_test_server := 1
--- /dev/null
+#
+# Input packet
+#
+Packet-Type = Access-Request
+User-Name = 'aduser'
+User-Password = 'secret_123'
+
+#
+# Expected answer
+#
+Packet-Type == Access-Accept
--- /dev/null
+# Test "authenticate" winbind call.
+winbind
+
+if !(&control.Auth-Type == winbind) {
+ test_fail
+}
+
+winbind.authenticate
+
+test_pass
--- /dev/null
+authenticate winbind {
+ winbind
+}
--- /dev/null
+#
+# Input packet
+#
+Packet-Type = Access-Request
+User-Name = 'aduser'
+User-Password = 'secret_123'
+
+#
+# Expected answer
+#
+Packet-Type == Access-Accept
--- /dev/null
+if !(%winbind.group('domain users')) {
+ test_fail
+}
+
+if (%winbind.group('nongroup')) {
+ test_fail
+}
+
+test_pass
--- /dev/null
+#winbind unit test config
+
+winbind {
+ username = "%{&Stripped-User-Name || &User-Name}"
+ group {
+ search_username = "%{&Stripped-User-Name || &User-Name}"
+ }
+}
projects / thirdparty / freeradius-server.git / commitdiff
