From: Nick Porter <nick@portercomputing.co.uk>
Date: Fri, 19 Aug 2022 15:41:37 +0000 (+0100)
Subject: Add samba to test build
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=11ab4c304178e6cd0514832ccf0177824861da48;p=thirdparty%2Ffreeradius-server.git

Add samba to test build
---

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 328cabe9629..988feb4172e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -325,6 +325,11 @@ jobs:
         sudo systemctl stop dovecot exim4 slapd openresty
         sudo aa-complain /usr/sbin/slapd
 
+        echo "samba-common samba-common/workgroup string WORKGROUP" | sudo debconf-set-selections
+        echo "samba-common samba-common/dhcp boolean false" | sudo debconf-set-selections
+        echo "samba-common samba-common/do_debconf boolean true" | sudo debconf-set-selections
+        sudo apt-get install -y samba winbind krb5-user
+
         export PG_VER=14
         sudo sh -c "echo host  all all 127.0.0.1/32 trust >  /etc/postgresql/$PG_VER/main/pg_hba.conf"
         sudo sh -c "echo local all all              trust >> /etc/postgresql/$PG_VER/main/pg_hba.conf"
@@ -342,6 +347,7 @@ jobs:
             ldap-setup.sh \
             ldap2-setup.sh \
             389ds-setup.sh \
+            samba-setup.sh \
             redis-setup.sh; do
 
             script="./scripts/ci/$i"
diff --git a/scripts/ci/samba-setup.sh b/scripts/ci/samba-setup.sh
new file mode 100755
index 00000000000..dd439266693
--- /dev/null
+++ b/scripts/ci/samba-setup.sh
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+# Remove previous samba config and stop all services
+sudo systemctl stop smbd
+sudo systemctl disable smbd
+sudo systemctl mask smbd
+
+sudo systemctl stop nmbd
+sudo systemctl disable nmbd
+sudo systemctl mask nmbd
+
+sudo rm /etc/samba/smb.conf
+
+# Enable the AD-DC samba service
+sudo systemctl unmask samba-ad-dc
+sudo systemctl enable samba-ad-dc
+sudo systemctl stop samba-ad-dc
+
+# Remove other samba data
+for DIR in $(/usr/sbin/smbd -b | awk '/LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR/{print $2}'); do
+	sudo rm -rf "$DIR"/*
+done
+
+sudo rm -f /etc/krb5.conf
+
+# Configure the domain
+sudo /usr/bin/samba-tool domain provision \
+	--realm="example.com" \
+	--domain="EXAMPLE" \
+	--adminpass="secret123!" \
+	--use-rfc2307 \
+	--server-role=dc \
+	--dns-backend=SAMBA_INTERNAL
+
+sudo cp /var/lib/samba/private/krb5.conf /etc
+
+# Sort resolver
+if ! grep -q "nameserver 127.0.0.1" /etc/resolv.conf; then
+	sudo mv /etc/resolv.conf /etc/resolv.conf.tmp
+	echo "search example.com" | sudo tee /etc/resolv.conf
+	echo "nameserver 127.0.0.1" | sudo tee -a /etc/resolv.conf
+	grep "^nameserver" /etc/resolv.conf.tmp | sudo tee -a /etc/resolv.conf
+fi
+
+# Allow non TLS LDAP connections to Samba
+sudo sed -i 's/\[global\]/\[global\]\n\tldap server require strong auth = no/' /etc/samba/smb.conf
+
+# Start the domain controller
+sudo systemctl start samba-ad-dc