https://fedoraproject.org/w/api.php?action=feedcontributions&user=Okos&feedformat=atomFedora Project Wiki - User contributions [en]2024-03-19T13:17:17ZUser contributionsMediaWiki 1.39.4https://fedoraproject.org/w/index.php?title=QA:Testcase_freeipav3_ad_trust&diff=346558QA:Testcase freeipav3 ad trust2013-07-25T11:34:55Z<p>Okos: adadmins_external -> ad_admins_external</p>
<hr />
<div>{{QA/Test_Case<br />
|description=Configuring and testing cross-realm trust with Active Directory.<br />
|setup=<br />
<ol><br />
<li>Make sure your FreeIPA server is set up as in [[QA:Testcase_freeipav3_installation]].</li><br />
<li>You have to select name for the IPA realm different from Active Directory domain name.</li><br />
<li>There are two types of installation for FreeIPA:<br />
<ol><li>without integrated DNS setup</li><br />
<li>with integrated DNS setup</li><br />
</ol><br />
Since cross-realm trusts require working DNS autodiscovery, in both cases one need to ensure properly working DNS resolution of SRV records corresponding to Kerberos, LDAP, and other services. If DNS is handled by FreeIPA, the entries will be created when running 'ipa-adtrust-install' tool. If DNS is not managed by FreeIPA, running 'ipa-adtrust-install' with '--no-msdcs' will print all entries that need to be created. Create them at your DNS server before proceeding further after 'ipa-adtrust-install' step.</li><br />
</ol><br />
|actions=<br />
=== Planned configuration ===<br />
Instructions below will assume following setup:<br />
<br />
* There is Active Directory domain, set up under name AD.LAN. Domain controller for AD.LAN server is dc.ad.lan and has IP-address DC-AD.<br />
* There is FreeIPA realm, set up under name IPA.LAN. FreeIPA server for the realm IPA.LAN is dc.ipa.lan and has IP-address DC-IPA.<br />
<br />
FreeIPA realm will gain a short name used for NetBIOS communication, known as 'domain name' in SMB. Usually it is the same as leftmost component of the realm, i.e. IPA for IPA.LAN.<br />
<br />
=== Installation ===<br />
First, install the FreeIPA server as in [[QA:Testcase_freeipav3_installation]].<br />
<br />
Next, install following packages:<br />
<br />
# yum install freeipa-server-trust-ad samba-winbind samba-winbind-clients samba-client<br />
<br />
The last package, samba-winbind-clients, is not needed for actual work. It is only needed to verify that certain operations performed by Windows client are indeed trigger proper reaction from the FreeIPA setup.<br />
<br />
==== With DNS controlled by FreeIPA server ====<br />
Run ipa-adtrust-install without parameters<br />
<br />
# ipa-adtrust-install<br />
<br />
You'll be prompted to provide needed information which will be auto-discovered based FreeIPA setup. You'll be asked to enter your admin credentials for FreeIPA server. DNS configuration will be updated to include proper SRV records expected by the Active Directory clients.<br />
<br />
==== Without DNS controlled by FreeIPA server ====<br />
Run ipa-adtrust-install with --no-msdcs argument<br />
<br />
# ipa-adtrust-install --no-msdcs<br />
<br />
You'll be prompted to provide needed information which will be auto-discovered based FreeIPA setup. You'll be asked to enter your admin credentials for FreeIPA server. At the end of execution, ipa-adtrust-install will print list of SRV records that you should create at your DNS server in order to continue.<br />
<br />
=== Configure DNS forwarder ===<br />
Both Active Directory domain and FreeIPA realm will need to be able to find each other and discover information about each other's resources. In case there is no common uplink DNS server, appropriate domain name forwarders will need to be created from both sides.<br />
<br />
==== DNS forwarder from FreeIPA side ====<br />
# ipa dnszone-add ad.lan --name-server=dc.ad.lan --admin-email='hostmaster@ad.lan' --force --forwarder=DC-AD --forward-policy=only<br />
<br />
==== DNS forwarder from Active Directory side ====<br />
Open Start->Administrative Tools->DNS<br />
make a right-click on 'Conditional Forwarders' in the left column of the window<br />
select 'New Conditional Forwarder...'<br />
add the DNS domain name of your FreeIPA domain name and the IP adresses of one or more DNS servers of your FreeIPA domain <br />
<br />
To test the new configuration you can try to ping your FreeIPA server again. It might be necessary to call 'ipconfig /flushdns' to removed any cached results.<br />
<br />
Alternatively you can use command line utility dnscmd to configure the forwarder:<br />
<br />
Open Start -> Command Prompt<br />
Enter: dnscmd 127.0.0.1 /ZoneAdd ipa.lan /Forwarder DC-IPA<br />
<br />
The command should report that zone ipa.lan was successfully added. <br />
<br />
=== Verify basics ===<br />
Use wbinfo utility from samba4-winbind-clients to verify that ipa-adtrust-install has set up everything right:<br />
<br />
# wbinfo --online-status<br />
BUILTIN : online<br />
IPA : online<br />
<br />
=== Show AD configuration with trustconfig ===<br />
TODO<br />
<br />
=== Add cross-realm trust ===<br />
Add cross-realm trust to Active Directory domain:<br />
# ipa trust-add --type=ad ad.lan --admin Administrator --password<br />
Active directory domain adminstrator's password:<br />
-------------------------------------------------<br />
Added Active Directory trust for realm "ad.lan"<br />
-------------------------------------------------<br />
Realm name: ad.lan<br />
Domain NetBIOS name: AD<br />
Domain Security Identifier: S-1-5-21-16904141-148189700-2149043814<br />
Trust direction: Two-way trust<br />
Trust type: Active Directory domain<br />
Trust status: Established and verified<br />
<br />
==== Restart FreeIPA KDC ====<br />
For time being, FreeIPA KDC has to be restarted before it would be able to recognize new cross-realm trust.<br />
<br />
# systemctl restart krb5kdc.service<br />
<br />
=== Configure realm and domain mapping ===<br />
For time being one has to manually configure krb5.conf and sssd.conf on FreeIPA server to perform cross-realm-specific operations.<br />
<br />
Look into /etc/krb5.conf and change/add following, replacing realm names appropriately:<br />
[libdefaults]<br />
....<br />
dns_lookup_kdc = true<br />
....<br />
<br />
[realms]<br />
IPA.LAN = {<br />
....<br />
auth_to_local = RULE:[1:$1@$0](^.*@AD.LAN$)s/@AD.LAN/@ad.lan/<br />
auth_to_local = DEFAULT<br />
}<br />
<br />
Look into /etc/sssd/sssd.conf and add/change following, replacing domain name ipa.lan appropriately:<br />
<br />
[domain/ipa.lan]<br />
...<br />
subdomains_provider = ipa<br />
...<br />
[sssd]<br />
services = nss, pam, ssh, pac<br />
<br />
'subdomains_provider = ipa' ensures that sssd will be able to look up users in trusted domains. 'services = ..., pac' ensures that user membership information from PAC PAC (http://tools.ietf.org/html/draft-brezak-win2k-krb-authz-01) is evaluated as well.<br />
<br />
Restart sssd service:<br />
# systemctl restart sssd.service<br />
<br />
=== Allow access for users from trusted domain to protected resources ===<br />
Before users from trusted domain can access protected resources in FreeIPA realm, they have to be explicitly mapped to FreeIPA groups. The mapping is performed in two steps:<br />
<br />
* Add users and groups from trusted domain to an external group in FreeIPA. External group serves as a container to reference trusted domain users and groups by their security identifiers.<br />
* Map external group to an existing POSIX group in FreeIPA. This POSIX group will be assigned proper group id (gid) that will be used as default group for all incoming trusted domain users mapped to this group.<br />
<br />
==== Create external and POSIX groups for trusted domain users ====<br />
Create external group in FreeIPA for trusted domain admins:<br />
# ipa group-add --desc='ad.lan admins external map' ad_admins_external --external<br />
<br />
Create POSIX group for external ad_admins_external group:<br />
# ipa group-add --desc='ad.lan admins' ad_admins<br />
<br />
==== Add users and groups from trusted domain to an external group in FreeIPA ====<br />
Add Domain Admins of the AD.LAN to the ad_admins_external group:<br />
<br />
# ipa group-add-member ad_admins_external --external 'AD\Domain Admins'<br />
[member user]: <br />
[member group]: <br />
Group name: ad_admins_external<br />
Description: AD.LAN admins external map<br />
External member: S-1-5-21-16904141-148189700-2149043814-512<br />
-------------------------<br />
Number of members added 1<br />
-------------------------<br />
==== Add external group to POSIX group ====<br />
Allow members of ad_admins_external group to be associated with ad_admins POSIX group:<br />
<br />
# ipa group-add-member ad_admins --groups ad_admins_external<br />
<br />
Starting from this point, FreeIPA server will be able to authenticate and recognize any trusted domain user that belongs to Domain Admins group of AD.LAN domain.<br />
<br />
=== Using cross-realm trust ===<br />
==== SSH ====<br />
A GSSAPI aware Windows ssh client must be installed on the windows server. The putty version from Quest http://rc.quest.com/topics/putty/ should work, but recently GSSAPI support was also added to the "standard" putty http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. If you now log on to the windows server as the test use abc and use putty to connect with GSSAPI to the FreeIPA server it should just work without asking for a password. <br />
<br />
When asked by SSH for credentials, use <username>@<domain> instead of <domain>\<username>. Please note that <domain> should be specified in as in the auth_to_local stanza in krb5.conf, OpenSSH server is very sensitive to change of user name. Thus, Administrator@ad.lan, not administrator@AD.LAN, should be used wherever possible.<br />
<br />
One needs to make sure home directory exists for users from trusted domains. By default sssd will define them as /home/<domain>/<user name>. <br />
<br />
==== CIFS share ====<br />
In order to access non-public CIFS share on FreeIPA server, one needs first to configure the share. FreeIPA Samba configuration is stored in the registry database, managed by 'net conf' command from Samba suite.<br />
<br />
# net conf setparm 'share' 'comment' 'Trust test share'<br />
# net conf setparm 'share' 'read only' 'no'<br />
# net conf setparm 'share' 'valid users' 'S-1-5-21-16904141-148189700-2149043814-512'<br />
# net conf setparm 'share' 'path' '/path/to/share'<br />
<br />
Make sure to change /path/to/share to proper location. Note that we are using Security Identifier of the Domain Admins group here to allow the access to the share.<br />
<br />
Once configuration is updated, one can mount the share from Windows machine using 'net use * \\server\share' command or Windows Explorer application.<br />
==== Accessing Windows resources with FreeIPA credentials ====<br />
(TODO) In order to gain access to Windows resources, users of FreeIPA realm need to be allowed appropriate privileges by administrators of the trusted domain. This is currently not possible since Windows machines will try to consult FreeIPA domain controller for resolving names to SIDs (and back) via Global Catalog service. FreeIPA domain controller does not implement Global Catalog service yet.<br />
<br />
==== Configuring allowed PAC types for services ====<br />
Currently there is only kernel NFS that does not work with PAC in the kerberos ticket. This is due to kernerl-user space communication limits. Because of this FreeIPA 3.2 by default disables addition of PAC information to the NFS ticket.<br />
<br />
|results=<br />
All the test steps should end with the specified results.<br />
}}<br />
<br />
[[Category:FreeIPA_Test_Cases]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336376Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T11:58:05Z<p>Okos: /* Advanced Tests: With FreeIPA */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:Omoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:alich|alich]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:ksrot|ksrot]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:jjaburek|jjaburek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:yelley|yelley]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}} <br />
| <references/><br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|warn}} <ref>{{bz|961264}}</ref><br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref> <ref>{{bz|961278}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:kaushikub|Kaushik]]<br />
| {{result|warn}} <ref>{{bz|961254}}</ref><br />
| {{result|pass}}<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961278}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:OndrejMoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|warn}} <ref>{{bz|961279}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|867807}}</ref><br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:jjaburek|jjaburek]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961282}}</ref><br />
| {{result|warn}} <ref>{{bz|961291}}</ref><br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]]<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|none}} <br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|none}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336375Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T11:56:47Z<p>Okos: /* Advanced Tests: adcli */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:Omoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:alich|alich]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:ksrot|ksrot]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:jjaburek|jjaburek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:yelley|yelley]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}} <br />
| <references/><br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|warn}} <ref>{{bz|961264}}</ref><br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref> <ref>{{bz|961278}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:kaushikub|Kaushik]]<br />
| {{result|warn}} <ref>{{bz|961254}}</ref><br />
| {{result|pass}}<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961278}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:OndrejMoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|warn}} <ref>{{bz|961279}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|867807}}</ref><br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:jjaburek|jjaburek]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961282}}</ref><br />
| {{result|warn}} <ref>{{bz|961291}}</ref><br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]]<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|none}} <br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336373Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T11:52:41Z<p>Okos: /* Advanced Tests: adcli */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:Omoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:alich|alich]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:ksrot|ksrot]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:jjaburek|jjaburek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:yelley|yelley]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}} <br />
| <references/><br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|warn}} <ref>{{bz|961264}}</ref><br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref> <ref>{{bz|961278}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:kaushikub|Kaushik]]<br />
| {{result|warn}} <ref>{{bz|961254}}</ref><br />
| {{result|pass}}<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961278}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:OndrejMoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|warn}} <ref>{{bz|961279}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|867807}}</ref><br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:jjaburek|jjaburek]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961282}}</ref><br />
| {{result|warn}} <ref>{{bz|961291}}</ref><br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]]<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|none}} <br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336367Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T11:45:41Z<p>Okos: /* Advanced Tests: adcli */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:Omoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:alich|alich]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:ksrot|ksrot]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:jjaburek|jjaburek]]<br />
| {{result|pass}}<br />
| {{result|}}<br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:yelley|yelley]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}} <br />
| <references/><br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|warn}} <ref>{{bz|961264}}</ref><br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref> <ref>{{bz|961278}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:kaushikub|Kaushik]]<br />
| {{result|warn}} <ref>{{bz|961254}}</ref><br />
| {{result|pass}}<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961278}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:OndrejMoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|warn}} <ref>{{bz|961279}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961282}}</ref><br />
| {{result|warn}} <ref>{{bz|961291}}</ref><br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]]<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|none}} <br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336365Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T11:41:35Z<p>Okos: /* Advanced Tests: adcli */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:Omoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:alich|alich]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:ksrot|ksrot]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:jjaburek|jjaburek]]<br />
| {{result|pass}}<br />
| {{result|}}<br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:yelley|yelley]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}} <br />
| <references/><br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|warn}} <ref>{{bz|961264}}</ref><br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref> <ref>{{bz|961278}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:kaushikub|Kaushik]]<br />
| {{result|warn}} <ref>{{bz|961254}}</ref><br />
| {{result|pass}}<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961278}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:OndrejMoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|warn}} <ref>{{bz|961279}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961282}}</ref><br />
| {{result|warn}} <ref>{{bz|961291}}</ref><br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]]<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|none}} <br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336362Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T11:35:28Z<p>Okos: /* Advanced Tests: adcli */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:Omoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:alich|alich]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:ksrot|ksrot]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:yelley|yelley]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}} <br />
| <references/><br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|warn}} <ref>{{bz|961264}}</ref><br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref> <ref>{{bz|961278}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:kaushikub|Kaushik]]<br />
| {{result|warn}} <ref>{{bz|961254}}</ref><br />
| {{result|pass}}<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961278}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:OndrejMoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|warn}} <ref>{{bz|961279}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961282}}</ref><br />
| {{result|warn}} <ref>{{bz|961291}}</ref><br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]]<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|none}} <br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336360Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T11:33:52Z<p>Okos: /* Advanced Tests: adcli */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:Omoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:alich|alich]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:ksrot|ksrot]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}} <br />
| <references/><br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|warn}} <ref>{{bz|961264}}</ref><br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref> <ref>{{bz|961278}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:kaushikub|Kaushik]]<br />
| {{result|warn}} <ref>{{bz|961254}}</ref><br />
| {{result|pass}}<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961278}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:OndrejMoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|warn}} <ref>{{bz|961279}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961282}}</ref><br />
| {{result|warn}} <ref>{{bz|961291}}</ref><br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]]<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|none}} <br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336348Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T10:38:30Z<p>Okos: /* Tests: Integration of realmd */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:Omoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:alich|alich]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|warn}} <ref>{{bz|961264}}</ref><br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:kaushikub|Kaushik]]<br />
| {{result|warn}} <ref>{{bz|961254}}</ref><br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:OndrejMoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336344Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T10:32:04Z<p>Okos: /* Tests: Basics of sssd and realmd */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:Omoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:alich|alich]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|warn}} <ref>{{bz|961264}}</ref><br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:kaushikub|Kaushik]]<br />
| {{result|warn}} <ref>{{bz|961254}}</ref><br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:OndrejMoris|omoris]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336321Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T09:02:36Z<p>Okos: /* Tests: Basics of sssd and realmd */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:omoris|omoris]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|fail}} <ref>{{bz|961246}}</ref> <ref>{{bz|961251}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:kaushikub|Kaushik]]<br />
| {{result|warn}} <ref>{{bz|961254}}</ref><br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336318Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T08:58:31Z<p>Okos: /* Tests: Basics of sssd and realmd */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|pass}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:omoris|omoris]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:pkis|pkis]]<br />
| {{result|fail}} <ref>{{bz|961235}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|warn}} <ref>{{bz|961244}}</ref><br />
| {{result|warn}} <ref>{{bz|961246}}</ref><br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336310Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T08:31:34Z<p>Okos: /* Tests: Basics of sssd and realmd */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:omoris|omoris]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336307Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T08:28:45Z<p>Okos: /* Tests: Basics of sssd and realmd */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:omoris|omoris]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336300Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T08:23:07Z<p>Okos: /* Tests: Basics of sssd and realmd */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336297Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T08:19:47Z<p>Okos: /* Tests: Basics of sssd and realmd */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336295Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T08:18:32Z<p>Okos: /* Tests: Basics of sssd and realmd */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|warn}} <ref>{{bz|961235}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=336293Test Day:2013-05-09 SSSD Improvements and AD Integration2013-05-09T08:12:31Z<p>Okos: /* Tests: Kerberos */</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Enterprise accounts<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [http://www.freedesktop.org/software/realmd/ realmd] [http://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular '''realmd''' and '''adcli''' to join a machine to a domain and '''sssd''' to handle authentication and other related tasks.<br />
<br />
== Who's available ==<br />
* Development: [[User:stefw|Stef Walter]] (stefw, realmd/adcli dev), [[User:jhrozek|Jakub Hrozek]] (jhrozek, sssd dev)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:dspurek|Davis Spurek]] (dspurek), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Prerequisite for Test Day ==<br />
<br />
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].<br />
{|<br />
! Architecture !! SHA256SUM <br />
|- <br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0<br />
|-<br />
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e<br />
|}<br />
<br />
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]<br />
** Make sure that the following components are installed:<br />
*** '''adcli-0.7-1.fc19'''<br />
*** '''realmd-0.14.0-1.fc19'''<br />
*** '''sssd-1.10.0-4.fc19.beta1'''<br />
*** '''selinux-policy-3.12.1-42.fc19'''<br />
* A server to test against. Most test cases require an [https://fedoraproject.org/wiki/QA:Testcase_Active_Directory_Setup Active Directory domain], other tests require a [https://fedoraproject.org/wiki/QA:Testcase_freeipav3_installation FreeIPA server]. Don't worry if you don't have both, any involvement in the test day is much appreciated!<br />
* Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.<br />
* If you are on Red Hat internal network you can test against our internal '''Test Bed''': [[Test Day:2013-05-09 Red Hat Test Bed]]. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.<br />
<br />
== How to test ==<br />
At a high level the following are being tested:<br />
<br />
* realmd used together with Active Directory or FreeIPA<br />
* adcli used together with Active Directory<br />
* latest Kerberos improvements<br />
* sssd used together with Active Directory or FreeIPA<br />
<br />
You can explore these, and their documentation. Or you can follow the test cases below.<br />
<br />
There are many test cases, if you don't have a particular area of special interest, '''start from the top'''. The most common and simpler scenarios are generally in the earlier test cases.<br />
<br />
All tests should pass with '''SELinux in enforcing mode''' unless otherwise specified.<br />
<br />
== Tests: Kerberos ==<br />
<br />
These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform [[QA:Testcase_kerberos_setup|prerequisite setup]] before you run these tests.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|- <br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| Using Active Directory without krb5.conf<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| Kerberos client with unsynced clocks<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
| Kerberos client without reverse DNS<br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
File bugs for these test cases in the <br />
[https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=krb5 Red Hat bugzilla], and record results below.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] <br />
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] <br />
| [[QA:Testcase_kerberos_reverse_dns|rdns]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|fail}} <ref>{{bz|961221}}</ref><br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:kaushikub|kaushik]]<br />
| {{result|pass}}<br />
| {{result|fail}} <br />
| {{result|}} <br />
| <references/><br />
|-<br />
| [[User:okos|okos]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Basics of sssd and realmd ==<br />
<br />
These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| Using realmd to discover information about an Active Directory domain<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| Using realmd to discover information about an Active Directory server<br />
| Any<br />
| 5 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| Using realmd to join a domain using standard options and configure sssd<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| Using realmd to leave a domain and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| Using realmd to join a domain using a one time password<br />
| Admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd<br />
| Any<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| After joining a domain, log in using domain credentials<br />
| User and admin account<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
| Verifies an AD client is able to update its DNS record. <br />
| Joined to a domain<br />
| 20 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_discovery|discover domain]]<br />
| [[QA:Testcase_realmd_discover_single|discover server]]<br />
| [[QA:Testcase_realmd_join_sssd|join domain]]<br />
| [[QA:Testcase_realmd_leave|leave domain]]<br />
| [[QA:Testcase_realmd_join_otp|join otp]]<br />
| [[QA:Testcase_realmd_leave_remove|leave remove]]<br />
| [[QA:Testcase_realmd_login|login domain]]<br />
| [[QA:Testcase_sssd_ad_dns_update|dns update]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|warn}} <ref>{{bz|961230}}</ref><br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:dspurek|dspurek]]<br />
| {{result|pass}}<br />
| {{result|pass}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Tests: Integration of realmd ==<br />
<br />
These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]] <br />
| Use anaconda and kickstart to join a domain during installation.<br />
| Admin account<br />
| 45 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_control_center|control center]] <br />
| Use control center to add an Enterprise Login from a domain.<br />
| User or admin account<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] <br />
| Check the GDM login screen domain hints<br />
| Joined to a domain<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]] <br />
| Use the OpenLMI realmd CIM provider to join a domain<br />
| Admin account<br />
| 30 minutes<br />
|-<br />
|}<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd Red Hat bugzilla], and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_realmd_join_kickstart|kickstart]]<br />
| [[QA:Testcase_realmd_control_center|control center]]<br />
| [[QA:Testcase_realmd_gdm_screen|gdm screen]]<br />
| [[QA:Testcase_realmd_join_openlmi|openlmi]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| <references/><br />
|-<br />
|-<br />
| [[User:stefw|stefw]]<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|fail}} <ref>{{bz|961225}}</ref> <ref>{{bz|961228}}</ref><br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: sssd and realmd ==<br />
<br />
These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that [[QA:Testcase_Active_Directory_Setup|prerequisite setup]] before you start.<br />
<br />
{| class="wikitable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Duration<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server <br />
| Requires a joined client<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically<br />
| Requires a joined client<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| Allow any domain user to log into local machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| Withdraw access to a user to log into the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| Deny any domain logins to the machine<br />
| User and admin account<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| Join the current machine to an Active Directory, and set the operating system name and version of the account. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| Join the current machine to an Active Directory, and prevent automatic installation of packages. <br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| Join the current machine to an Active Directory, without using fully qualified user names.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]]<br />
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory.<br />
| Administrator or user with posix attributes<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
| Join the current machine to an Active Directory, while creating a userPrincipalName.<br />
| Administrator<br />
| 10 minutes<br />
|-<br />
|}<br />
<br />
Bugs can be filed in the Red Hat bugzilla for [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd sssd] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=realmd realmd] components. Please create a row in the table below for your testing.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_sssd_ad_dns_sites|site disco]]<br />
| [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]]<br />
| [[QA:Testcase_realmd_login_any|login any]]<br />
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] <br />
| [[QA:Testcase_realmd_login_deny_any|deny any]] <br />
| [[QA:Testcase_realmd_join_ccache|join ccache]] <br />
| [[QA:Testcase_realmd_join_os|join osinfo]] <br />
| [[QA:Testcase_realmd_join_packages|join packages]] <br />
| [[QA:Testcase_realmd_join_qualify|join names]] <br />
| [[QA:Testcase_realmd_join_rfc2307|join posix]] <br />
| [[QA:Testcase_realmd_join_server|join server]]<br />
| [[QA:Testcase_realmd_join_upn|join upn]]<br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| {{result|none}} <br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: adcli ==<br />
<br />
adcli is a component that realmd uses to talk to Active Directory.<br />
<br />
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains.<br />
<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| This test case retrieves basic information about a domain. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| This test case retrieves basic information about a domain controller and the domain it is a part of.<br />
| Any<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| This test case verifies that adcli join works with basic options.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| his test case verifies that adcli join can work without DNS.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|- <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
| This test case precreates accounts in the domain using adcli join.<br />
| Administrator<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
<br />
Please file bugs in the [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=adcli Red Hat bugzilla], and create a table line below for your test results.<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_adcli_info|info domain]] <br />
| [[QA:Testcase_adcli_info_server|info server]] <br />
| [[QA:Testcase_adcli_join_simple|join simple]] <br />
| [[QA:Testcase_adcli_join_nodns|join nodns]] <br />
| [[QA:Testcase_adcli_preset_auto|preset auto]] <br />
| [[QA:Testcase_adcli_preset_otp|preset otp]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}}<br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<p>&nbsp;</p><br />
<br />
== Advanced Tests: With FreeIPA ==<br />
<br />
{| class="wikitable sortable" style="width:100%" border="1"<br />
!style="width:20%"|Testcase<br />
!style="width:58%"|Description<br />
!style="width:12%"|Privileges<br />
!style="width:10%"|Approx. time required<br />
|- <br />
| [[QA:Testcase_FreeIPA_realmd_join|join]] <br />
| Join a client machine to a domain<br />
| admin<br />
| 10 minutes<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_login|login]] <br />
| Log in using FreeIPA credentials, both online and offline<br />
| admin<br />
| 15 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] <br />
| Test FreeIPA's sudo management capabilities<br />
| admin<br />
| 10 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] <br />
| Verify FreeIPA's SSH public key management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_automount|automount]] <br />
| Test FreeIPA's automounter maps management<br />
| admin<br />
| 20 minutes<br />
|-<br />
|-<br />
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] <br />
| Leave a FreeIPA domain by deconfiguring it locally. <br />
| Any<br />
| 5 minutes<br />
|-<br />
|}<br />
<br />
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] <br />
* [https://bugzilla.redhat.com Red Hat bugzilla]<br />
* [https://fedorahosted.org/sssd SSSD Trac]<br />
<br />
{|<br />
! User<br />
| [[QA:Testcase_FreeIPA_realmd_join|FreeIPA join]] <br />
| [[QA:Testcase_FreeIPA_realmd_login|FreeIPA login]] <br />
| [[QA:Testcase_FreeIPA_realmd_ssh|FreeIPA SSH]] <br />
| [[QA:Testcase_FreeIPA_realmd_automount|FreeIPA automount]] <br />
| [[QA:Testcase_FreeIPA_control_center|FreeIPA control center]] <br />
| [[QA:Testcase_FreeIPA_realmd_leave|FreeIPA leave]] <br />
! References<br />
|-<br />
| [[User:SampleUser|Sample User]]<br />
| {{result|none}} <br />
| {{result|pass}}<br />
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref><br />
| {{result|fail}} <ref>{{bz|12345}}</ref><br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
| [[User:steeve|Steeve]]<br />
| {{result|pass}} <br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| {{result|none}}<br />
| <references/><br />
|-<br />
|}<br />
<br />
[[Category:Test Days]]<br />
[[Category:QA Templates]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:Current&diff=336252Test Day:Current2013-05-09T06:59:57Z<p>Okos: Changed the test day</p>
<hr />
<div>#REDIRECT [[Test Day:2013-05-09 SSSD Improvements and AD Integration]]</div>Okoshttps://fedoraproject.org/w/index.php?title=Test_Day:2013-05-09_SSSD_Improvements_and_AD_Integration&diff=334457Test Day:2013-05-09 SSSD Improvements and AD Integration2013-04-30T12:35:56Z<p>Okos: Created page with "{{Infobox_group | name = Fedora 19 Test Days | image = link=QA/Fedora_19_test_days | caption = Test SSSD 1.10 in Fedora 19 | date = 2013-05-09 ..."</p>
<hr />
<div>{{Infobox_group<br />
| name = Fedora 19 Test Days<br />
| image = [[File:Echo-testing-48px.png|link=QA/Fedora_19_test_days]]<br />
| caption = Test SSSD 1.10 in Fedora 19<br />
| date = 2013-05-09<br />
| time = all day<br />
| website = [https://fedorahosted.org/sssd/ SSSD project], [http://fedoraproject.org/wiki/Features/SSSDImproveADIntegration Feature page]<br />
| irc = [irc://irc.freenode.net/#sssd #sssd] ([http://webchat.freenode.net/?channels=sssd webirc], [irc://irc.freenode.net/#fedora-test-day #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc]))<br />
}}<br />
<br />
{{admon/note | Can't make the date? | If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.}}<br />
<br />
== What to test? ==<br />
Today's Test Day will be focused on new features in SSSD 1.10 - primarily Active Directory (AD) integration.<br />
<br />
== Who's available ==<br />
* Development: [[User:jhrozek|Jakub Hrozek]] (jhrozek)<br />
* Quality Assurance: [[User:pkis|Patrik Kis]] (pkis), [[User:kaushik|Kaushik Banerjee]] (kaushik)<br />
<br />
== Feedback ==<br />
We need your feedback!<br />
* Talk to us on [irc://irc.freenode.net/#sssd #sssd] on freenode<br />
* Send as an [mailto:sssd-users@redhat.com e-mail].<br />
* Log issues and enhancements in [https://fedorahosted.org/sssd trac] or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=sssd&version=19 Bugzilla]. <br />
<br />
== Prerequisite for Test Day ==<br />
<br />
---TBD---</div>Okoshttps://fedoraproject.org/w/index.php?title=User:Okos&diff=331664User:Okos2013-04-17T15:33:00Z<p>Okos: Created page with "Welcome! My name is Ondrej Kos, and I'm member of the [http://www.fedorahosted.org/sssd SSSD] development team. For any help, you can contact me at okos@fedoraproject.org or..."</p>
<hr />
<div>Welcome!<br />
<br />
My name is Ondrej Kos, and I'm member of the [http://www.fedorahosted.org/sssd SSSD] development team.<br />
<br />
For any help, you can contact me at okos@fedoraproject.org or [irc://irc.freenode.net/#sssd #sssd] channel (okos).</div>Okos