(Drop direct Test Days category membership) |
|||
(33 intermediate revisions by 11 users not shown) | |||
Line 17: | Line 17: | ||
== Who's available == | == Who's available == | ||
* Development: [[User:abbra|Alexander Bokovoy]] (ab), [[User:jhrozek|Jakub Hrozek]] (jhrozek), [[User:mkosek|Martin Kosek]] (mkosek) | * Development: [[User:abbra|Alexander Bokovoy]] (ab), [[User:jhrozek|Jakub Hrozek]] (jhrozek), [[User:mkosek|Martin Kosek]] (mkosek), [[User:tbabej|Tomas Babej]] (tbabej) | ||
* Quality Assurance - [[User:spoore|Scott Poore]] (spoore), [[User:steeve|Steeve Goveas ]] (steeve) | * Quality Assurance - [[User:spoore|Scott Poore]] (spoore), [[User:steeve|Steeve Goveas ]] (steeve) | ||
Line 42: | Line 42: | ||
* Establish a trust between an IPA server and an Active Directory instance following the steps below | * Establish a trust between an IPA server and an Active Directory instance following the steps below | ||
** '''Install/Setup''' test cases 1 and 2, '''Serving legacy clients for trusts''' test case 1. | |||
* Set up the LDAP client software (such as nss_ldap or pam_ldap) on your client to point to the IPA server | * Set up the LDAP client software (such as nss_ldap or pam_ldap) on your client to point to the IPA server | ||
* Retrieve identity information about users coming from the trusted AD domain | * Retrieve identity information about users coming from the trusted AD domain | ||
Line 47: | Line 48: | ||
Please report any issues you find using the channels described above or simply start a thread on the [https://www.redhat.com/mailman/listinfo/freeipa-users freeipa-users] mailing list. | Please report any issues you find using the channels described above or simply start a thread on the [https://www.redhat.com/mailman/listinfo/freeipa-users freeipa-users] mailing list. | ||
You can also use our public Etherpad http://openetherpad.org/p/Fedora-19-IPA-33-Test-Day to share bugs, workarounds or any other useful info. | |||
== Test Cases == | == Test Cases == | ||
Line 76: | Line 79: | ||
Once you have completed the tests, add your results to the appropriate Results table below, following the example results from the first line as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, use the [[Template:result|result template]] to enter your result, as shown in the example result line. | Once you have completed the tests, add your results to the appropriate Results table below, following the example results from the first line as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, use the [[Template:result|result template]] to enter your result, as shown in the example result line. | ||
{{admon/note | Active Directory version | Even with sucessful tests, please report the version of Active Directory you worked with. }} | |||
{| | {| | ||
Line 83: | Line 88: | ||
! [[QA:Testcase_freeipa_using_posix_attributes_in_ad|POSIX in AD]] | ! [[QA:Testcase_freeipa_using_posix_attributes_in_ad|POSIX in AD]] | ||
! [[QA:Testcase_freeipa_trust_establish|Trust creation]] | ! [[QA:Testcase_freeipa_trust_establish|Trust creation]] | ||
! [[QA:Testcase_freeipa_use_nss_pam_ldapd_to_give_access_to_trusted_domain_users|Legacy clients]] | ! [[QA:Testcase_freeipa_generic_trust_client_config|Generic legacy client]] | ||
! [[QA:Testcase_freeipa_use_legacy_sssd_to_give_access_to_trusted_domain_users|Legacy SSSD]] | ! [[QA:Testcase_freeipa_use_nss_pam_ldapd_to_give_access_to_trusted_domain_users|Legacy clients with nss-pam-ldapd]] | ||
! [[QA:Testcase_freeipa_use_legacy_sssd_to_give_access_to_trusted_domain_users|Legacy client with SSSD]] | |||
! Active Directory version | |||
! References | ! References | ||
|- | |- | ||
Line 90: | Line 97: | ||
| {{result|none}} | | {{result|none}} | ||
| {{result|pass}} | | {{result|pass}} | ||
| {{result|none}} | |||
| {{result|none}} | | {{result|none}} | ||
| {{result|warn}} <ref>Test pass, but also encountered {{bz|54321}}</ref> | | {{result|warn}} <ref>Test pass, but also encountered {{bz|54321}}</ref> | ||
| {{result|fail}} <ref>{{bz|12345}}</ref> | | {{result|fail}} <ref>{{bz|12345}}</ref> | ||
| {{result|pass}} | | {{result|pass}} | ||
| AD 2012 | |||
| <references/> | |||
|- | |||
|- | |||
| [[User:mrniranjan|mrniranjan]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} <ref> Test pass with nss_ldap on RHEL5</ref> | |||
| {{result|pass}} <ref> Test pass with nss-pam-ldapd on RHEL6 </ref> | |||
| {{result|none}} | |||
| AD 2008 R2 | |||
| <references/> | |||
|- | |||
| [[User:tbabej|Tomas Babej]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} <ref> https://fedorahosted.org/freeipa/ticket/3814 </ref> | |||
| {{result|pass}} <ref> https://fedorahosted.org/freeipa/ticket/3816 </ref> | |||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| AD 2012 | |||
| <references/> | |||
|- | |||
| [[User:jhrozek|Jakub Hrozek]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|none}} | |||
| {{result|pass}} | |||
| {{result|none}} | |||
| {{result|warn}} <ref>(IPA native users don't auth)</ref> | |||
| {{result|warn}} <ref>(IPA native users don't auth)</ref> | |||
| AD 2012 | |||
| <references/> | |||
|- | |||
| [[User:steeve|Steeve Goveas]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} <ref>https://fedorahosted.org/sssd/ticket/2030</ref> | |||
| {{result|pass}} | |||
| {{result|warn}} <ref>(IPA native users don't auth)</ref> | |||
| {{result|none}} | |||
| {{result|warn}} <ref>(IPA native users don't auth)</ref> | |||
| AD 2008r2 | |||
| <references/> | | <references/> | ||
|- | |- | ||
| [[User:spoore|Scott Poore]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|warn||988520}} | |||
| {{result|warn}} <ref>rhel4 fails</ref><ref>rhel5 works</ref> | |||
| {{result|warn}} <ref>ad users work, ipa doesn't</ref> | |||
| {{result|warn}} <ref>ad users work, ipa doesn't</ref> | |||
| AD 2012 | |||
| <references/> | |||
|- | |||
| [[User:Sgallagh|Stephen Gallagher]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| AD 2012 | |||
| <references/> | |||
|} | |} | ||
[[Category:Test Days]] | [[Category:Fedora 19 Test Days]] |
Latest revision as of 21:20, 26 June 2015
Fedora Test Days | |
---|---|
Provide users from trusted Active directory domain to legacy clients | |
Date | 2013-07-25 |
Time | all day |
Website | QA/Fedora_19_test_days |
IRC | #fedora-test-day (webirc) |
Mailing list | test |
What to test?[edit]
Today's instalment of Fedora Test Day will focus on making the support for users coming from a trusted Active Directory domain available to legacy (non-SSSD) clients as well as providing support for using POSIX attributes from AD.
Who's available[edit]
- Development: Alexander Bokovoy (ab), Jakub Hrozek (jhrozek), Martin Kosek (mkosek), Tomas Babej (tbabej)
- Quality Assurance - Scott Poore (spoore), Steeve Goveas (steeve)
Feedback[edit]
We need your feedback!
- Talk to us on #freeipa on Freenode
- Send as an e-mail.
- Log issues and enhancements in FreeIPA Trac or Bugzilla.
Prerequisite for Test Day[edit]
- An instance of Microsoft Active Directory 2008 R2 or newer
- An up-to-date Fedora 19 instance along with a custom repository containing the required packages
- Grab the repofile from http://repos.fedorapeople.org/repos/jhrozek/freeipa-test-day/fedora-freeipa-test-day.repo and download it to your
/etc/yum.repos.d/
- Grab the repofile from http://repos.fedorapeople.org/repos/jhrozek/freeipa-test-day/fedora-freeipa-test-day.repo and download it to your
# wget http://repos.fedorapeople.org/repos/jhrozek/freeipa-test-day/fedora-freeipa-test-day.repo \ -O /etc/yum.repos.d/fedora-freeipa-test-day.repo
How to test?[edit]
This test day focuses on making users and groups from a trusted AD domain available to a wide range of clients. Even if your flavor of Linux or UNIX client is not described in the steps below, you are still welcome to join the test day! In general, the testing would include:
- Establish a trust between an IPA server and an Active Directory instance following the steps below
- Install/Setup test cases 1 and 2, Serving legacy clients for trusts test case 1.
- Set up the LDAP client software (such as nss_ldap or pam_ldap) on your client to point to the IPA server
- Retrieve identity information about users coming from the trusted AD domain
- Authenticate as a user coming from the trusted AD domain
Please report any issues you find using the channels described above or simply start a thread on the freeipa-users mailing list.
You can also use our public Etherpad http://openetherpad.org/p/Fedora-19-IPA-33-Test-Day to share bugs, workarounds or any other useful info.
Test Cases[edit]
Install/Setup Tests[edit]
- 1. IPA server and client installation.
- After finishing this test case, you would have a working IPA server and a client
- 2. Preparation of IPA server for the Active Directory trust.
- This testcase ensures that you have properly configured Active Directory and FreeIPA server for the trust setup
Using POSIX attributes defined in AD[edit]
- 1. Configure FreeIPA to use POSIX attributes defined in Active Direcotory
- When this test case is completed, you will have Active Directory server with Services for Unix (SFU) extension. You will be able to use POSIX attributes defined in Active Directory in FreeIPA.
Serving legacy clients for trusts[edit]
- 1. Establish trust with an AD server.
- When this test case is completed, the trust relationship between an IPA server and an AD server would be established
- 2. Configure a generic legacy client for accessing trusted resources
- Instructions for setting up a generic LDAP client are described here
- 3. Use nss-pam-ldapd to give access to trusted domain users
- This is actual test for old clients using nss-pam-ldapd (http://arthurdejong.org/git/nss-pam-ldapd). We are interested in test on RHEL 4/5, FreeBSD, and Solaris/AIX
- 4. Use legacy SSSD to give access to trusted domain users
- This is actual test for old clients using SSSD, but without native support for subdomain users. This includes all SSSD versions up to 1.9
Test Results[edit]
If you have problems with any of the tests, report a bug to Trac or Bugzilla usually for the component freeipa
Once you have completed the tests, add your results to the appropriate Results table below, following the example results from the first line as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, use the result template to enter your result, as shown in the example result line.
User | IPA Installation | Trust preparation | POSIX in AD | Trust creation | Generic legacy client | Legacy clients with nss-pam-ldapd | Legacy client with SSSD | Active Directory version | References |
---|---|---|---|---|---|---|---|---|---|
Sample User | AD 2012 | ||||||||
mrniranjan | AD 2008 R2 | ||||||||
Tomas Babej | AD 2012 | ||||||||
Jakub Hrozek | AD 2012 | ||||||||
Steeve Goveas | AD 2008r2 |
| |||||||
Scott Poore | AD 2012 | ||||||||
Stephen Gallagher | AD 2012 |