tests: Disable kerberos for weak crypto test

Otherwise the test fails because the client is authenticated using
spnego and gse_krb5, not triggering the weak crypto restrictions.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184

diff --git a/testprogs/blackbox/test_weak_crypto.sh b/testprogs/blackbox/test_weak_crypto.sh
index fe927e8c3a94f8008b303ccf05232e4e978e8739..50a67aef1109b7daaf55c0e75d13dda38e551aef 100755 (executable)
--- a/testprogs/blackbox/test_weak_crypto.sh
+++ b/testprogs/blackbox/test_weak_crypto.sh
@@ -27,6 +27,16 @@ samba_bindir="$BINDIR"
 samba_testparm="$BINDIR/testparm"
 samba_rpcclient="$samba_bindir/rpcclient"
 
+opt="--option=gensec:gse_krb5=no -U${USERNAME}%${PASSWORD}"
+
+unset GNUTLS_FORCE_FIPS_MODE
+
+# Checks that testparm reports: Weak crypto is allowed
+testit_grep "testparm" "Weak crypto is allowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1`
+
+# We should be allowed to use NTLM for connecting
+testit "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed=`expr $failed + 1`
+
 GNUTLS_FORCE_FIPS_MODE=1
 export GNUTLS_FORCE_FIPS_MODE
 
@@ -34,7 +44,7 @@ export GNUTLS_FORCE_FIPS_MODE
 testit_grep "testparm" "Weak crypto is disallowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1`
 
 # We should not be allowed to use NTLM for connecting
-testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER -U$USERNAME%$PASSWORD -c "getusername" || failed=`expr $failed + 1`
+testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed=`expr $failed + 1`
 
 unset GNUTLS_FORCE_FIPS_MODE