(Remove test cases that everyone can't run, add anaconda,) |
(Break into various test subsections) |
||
Line 49: | Line 49: | ||
You can explore these, and their documentation. Or you can follow the test cases below. | You can explore these, and their documentation. Or you can follow the test cases below. | ||
== | == Tests: Kerberos == | ||
{| class="wikitable | |||
{| class="wikitable" style="width:100%" border="1" | |||
!style="width:20%"|Testcase | !style="width:20%"|Testcase | ||
!style="width:58%"|Description | !style="width:58%"|Description | ||
!style="width:12%"|Privileges | !style="width:12%"|Privileges | ||
!style="width:10%"| | !style="width:10%"|Duration | ||
|- | |- | ||
| [[QA: | | [[QA:Testcase_kerberos_without_krb5_conf|noconf]] | ||
| Using Active Directory without krb5.conf | | Using Active Directory without krb5.conf | ||
| Any | | Any | ||
| 5 minutes | | 5 minutes | ||
|- | |- | ||
| [[QA: | |- | ||
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] | |||
| Kerberos client with unsynced clocks | | Kerberos client with unsynced clocks | ||
| Any | | Any | ||
| 5 minutes | | 5 minutes | ||
|- | |- | ||
| [[QA:Testcase_realmd_discovery| | |- | ||
| [[QA:Testcase_kerberos_reverse_dns|rdns]] | |||
| Kerberos client without reverse DNS | |||
| Any | |||
| 5 minutes | |||
| - | |||
|} | |||
{| | |||
! User | |||
| [[QA:Testcase_kerberos_without_krb5_conf|noconf]] | |||
| [[QA:Testcase_kerberos_unsynced_clocks|clocks]] | |||
| [[QA:Testcase_kerberos_reverse_dns|rdns]] | |||
! References | |||
|- | |||
| [[User:SampleUser|Sample User]] | |||
| {{result|pass}} | |||
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref> | |||
| {{result|fail}} <ref>{{bz|12345}}</ref> | |||
| <references/> | |||
|- | |||
|} | |||
== Tests: Basics of sssd and realmd == | |||
{| class="wikitable" style="width:100%" border="1" | |||
!style="width:20%"|Testcase | |||
!style="width:58%"|Description | |||
!style="width:12%"|Privileges | |||
!style="width:10%"|Duration | |||
|- | |||
| [[QA:Testcase_realmd_discovery|discover domain]] | |||
| Using realmd to discover information about an Active Directory domain | | Using realmd to discover information about an Active Directory domain | ||
| Any | | Any | ||
Line 72: | Line 105: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_realmd_discover_single| | | [[QA:Testcase_realmd_discover_single|discover server]] | ||
| Using realmd to discover information about an Active Directory server | | Using realmd to discover information about an Active Directory server | ||
| Any | | Any | ||
Line 78: | Line 111: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_realmd_join_ccache| | | [[QA:Testcase_realmd_join_sssd|join domain]] | ||
| Using realmd to join a domain using standard options and configure sssd | |||
| Admin account | |||
| 15 minutes | |||
|- | |||
|- | |||
| [[QA:Testcase_realmd_leave|leave domain]] | |||
| Using realmd to leave a domain and deconfigure sssd | |||
| Any | |||
| 10 minutes | |||
|- | |||
|- | |||
| [[QA:Testcase_realmd_join_otp|join otp]] | |||
| Using realmd to join a domain using a one time password | |||
| Admin account | |||
| 15 minutes | |||
|- | |||
|- | |||
| [[QA:Testcase_realmd_leave_remove|leave remove]] | |||
| Using realmd to leave a domain, removing the computer account, and deconfigure sssd | |||
| Any | |||
| 10 minutes | |||
|- | |||
|- | |||
| [[QA:Testcase_realmd_login|login domain]] | |||
| After joining a domain, log in using domain credentials | |||
| User and admin account | |||
| 10 minutes | |||
|- | |||
|- | |||
| [[QA:Testcase_sssd_ad_dns_update|DNS dynamic updates]] | |||
| Verifies an AD client is able to update its DNS record. | |||
| Joined to a domain | |||
| 20 minutes | |||
|- | |||
|} | |||
== Tests: Integration of realmd == | |||
{| class="wikitable" style="width:100%" border="1" | |||
!style="width:20%"|Testcase | |||
!style="width:58%"|Description | |||
!style="width:12%"|Privileges | |||
!style="width:10%"|Duration | |||
|- | |||
|- | |||
| [[QA:Testcase_realmd_join_kickstart|kickstart]] | |||
| Use anaconda and kickstart to join a domain during installation. | |||
| Admin account | |||
| 45 minutes | |||
|- | |||
|- | |||
| [[QA:Testcase_realmd_control_center|control center]] | |||
| Use control center to add an Enterprise Login from a domain. | |||
| User or admin account | |||
| 20 minutes | |||
|- | |||
|- | |||
| [[QA:Testcase_realmd_gdm_screen|gdm screen]] | |||
| Check the GDM login screen domain hints | |||
| Joined to a domain | |||
| 10 minutes | |||
|- | |||
|} | |||
== Tests: Advanced sssd and realmd == | |||
{| class="wikitable" style="width:100%" border="1" | |||
!style="width:20%"|Testcase | |||
!style="width:58%"|Description | |||
!style="width:12%"|Privileges | |||
!style="width:10%"|Duration | |||
|- | |||
|- | |||
| [[QA:Testcase_realmd_login_any|login any]] | |||
| Allow any domain user to log into local machine | |||
| User and admin account | |||
| 15 minutes | |||
|- | |||
|- | |||
| [[QA:Testcase_realmd_login_withdraw|login withdraw]] | |||
| Withdraw access to a user to log into the machine | |||
| User and admin account | |||
| 15 minutes | |||
|- | |||
|- | |||
| [[QA:Testcase_realmd_login_deny_any|deny any]] | |||
| Deny any domain logins to the machine | |||
| User and admin account | |||
| 15 minutes | |||
|- | |||
|- | |||
| [[QA:Testcase_realmd_join_ccache|join ccache]] | |||
| Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join. | | Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join. | ||
| Administrator | | Administrator | ||
Line 84: | Line 209: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_realmd_join_os| | | [[QA:Testcase_realmd_join_os|join osinfo]] | ||
| Join the current machine to an Active Directory, and set the operating system name and version of the account. | | Join the current machine to an Active Directory, and set the operating system name and version of the account. | ||
| Administrator | | Administrator | ||
Line 90: | Line 215: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_realmd_join_packages| | | [[QA:Testcase_realmd_join_packages|join packages]] | ||
| Join the current machine to an Active Directory, and prevent automatic installation of packages. | | Join the current machine to an Active Directory, and prevent automatic installation of packages. | ||
| Administrator | | Administrator | ||
Line 96: | Line 221: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_realmd_join_qualify| | | [[QA:Testcase_realmd_join_qualify|join names]] | ||
| Join the current machine to an Active Directory, without using fully qualified user names. | | Join the current machine to an Active Directory, without using fully qualified user names. | ||
| Administrator | | Administrator | ||
Line 102: | Line 227: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_realmd_join_rfc2307| | | [[QA:Testcase_realmd_join_rfc2307|join posix]] | ||
| Join the current machine to an Active Directory, but use the POSIX attributes in the directory. | | Join the current machine to an Active Directory, but use the POSIX attributes in the directory. | ||
| Administrator or user with posix attributes | | Administrator or user with posix attributes | ||
Line 108: | Line 233: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_realmd_join_server| | | [[QA:Testcase_realmd_join_server|join server]] | ||
| Join the current machine to an Active Directory, manually specifying the domain server you want to join against. | | Join the current machine to an Active Directory, manually specifying the domain server you want to join against. | ||
| Administrator | | Administrator | ||
Line 114: | Line 239: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_realmd_join_upn| | | [[QA:Testcase_realmd_join_upn|join upn]] | ||
| Join the current machine to an Active Directory, while creating a userPrincipalName. | | Join the current machine to an Active Directory, while creating a userPrincipalName. | ||
| Administrator | | Administrator | ||
Line 120: | Line 245: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_sssd_ad_dns_sites|site disco]] | |||
| [[QA:Testcase_sssd_ad_dns_sites| | |||
| Verifies an AD client is able to connect to a particular DNS site as defined on the AD server | | Verifies an AD client is able to connect to a particular DNS site as defined on the AD server | ||
| Requires a joined client | | Requires a joined client | ||
Line 138: | Line 251: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_sssd_ad_discover_netbios_name| | | [[QA:Testcase_sssd_ad_discover_netbios_name|netbios disco]] | ||
| This test case verifies an Active Directory client is able to discover the NetBIOS name automatically | | This test case verifies an Active Directory client is able to discover the NetBIOS name automatically | ||
| Requires a joined client | | Requires a joined client | ||
Line 145: | Line 258: | ||
|} | |} | ||
== | == Tests: Advanced adcli == | ||
To run these test cases you need to [[QA:Testcase_adcli_setup|fulfill these prerequisites]]. In addition, further [[Category:Adcli_Test_Cases|test cases are available]] for using adcli with complex domains. | |||
{| class="wikitable sortable" style="width:100%" border="1" | {| class="wikitable sortable" style="width:100%" border="1" | ||
!style="width:20%"|Testcase | !style="width:20%"|Testcase | ||
Line 152: | Line 269: | ||
!style="width:10%"|Approx. time required | !style="width:10%"|Approx. time required | ||
|- | |- | ||
| [[QA:Testcase_adcli_info|info domain]] | |||
| [[QA:Testcase_adcli_info| | |||
| This test case retrieves basic information about a domain. | | This test case retrieves basic information about a domain. | ||
| Any | | Any | ||
Line 164: | Line 275: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_adcli_info_server| | | [[QA:Testcase_adcli_info_server|info server]] | ||
| This test case retrieves basic information about a domain controller and the domain it is a part of. | | This test case retrieves basic information about a domain controller and the domain it is a part of. | ||
| Any | | Any | ||
Line 170: | Line 281: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_adcli_join_simple| | | [[QA:Testcase_adcli_join_simple|join simple]] | ||
| This test case verifies that adcli join works with basic options. | | This test case verifies that adcli join works with basic options. | ||
| Administrator | | Administrator | ||
Line 176: | Line 287: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_adcli_join_nodns| | | [[QA:Testcase_adcli_join_nodns|join nodns]] | ||
| his test case verifies that adcli join can work without DNS. | | his test case verifies that adcli join can work without DNS. | ||
| Administrator | | Administrator | ||
Line 182: | Line 293: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_adcli_preset_auto| | | [[QA:Testcase_adcli_preset_auto|preset auto]] | ||
| This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password. | | This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password. | ||
| Administrator | | Administrator | ||
Line 188: | Line 299: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_adcli_preset_otp| | | [[QA:Testcase_adcli_preset_otp|preset otp]] | ||
| This test case precreates accounts in the domain using adcli join. | | This test case precreates accounts in the domain using adcli join. | ||
| Administrator | | Administrator | ||
Line 195: | Line 306: | ||
|} | |} | ||
== | == Tests: With FreeIPA == | ||
{| class="wikitable sortable" style="width:100%" border="1" | {| class="wikitable sortable" style="width:100%" border="1" | ||
!style="width:20%"|Testcase | !style="width:20%"|Testcase | ||
Line 204: | Line 315: | ||
!style="width:10%"|Approx. time required | !style="width:10%"|Approx. time required | ||
|- | |- | ||
| [[QA:Testcase_FreeIPA_realmd_join| | | [[QA:Testcase_FreeIPA_realmd_join|join]] | ||
| Join a client machine to a domain | | Join a client machine to a domain | ||
| admin | | admin | ||
| 10 minutes | | 10 minutes | ||
|- | |- | ||
| [[QA:Testcase_FreeIPA_realmd_login| | | [[QA:Testcase_FreeIPA_realmd_login|login]] | ||
| Log in using FreeIPA credentials, both online and offline | | Log in using FreeIPA credentials, both online and offline | ||
| admin | | admin | ||
Line 215: | Line 326: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_FreeIPA_realmd_sudo| | | [[QA:Testcase_FreeIPA_realmd_sudo|sudo]] | ||
| Test FreeIPA's sudo management capabilities | | Test FreeIPA's sudo management capabilities | ||
| admin | | admin | ||
Line 221: | Line 332: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_FreeIPA_realmd_ssh| | | [[QA:Testcase_FreeIPA_realmd_ssh|ssh]] | ||
| Verify FreeIPA's SSH public key management | | Verify FreeIPA's SSH public key management | ||
| admin | | admin | ||
Line 227: | Line 338: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_FreeIPA_realmd_automount| | | [[QA:Testcase_FreeIPA_realmd_automount|automount]] | ||
| Test FreeIPA's automounter maps management | | Test FreeIPA's automounter maps management | ||
| admin | | admin | ||
Line 233: | Line 344: | ||
|- | |- | ||
|- | |- | ||
| [[QA:Testcase_FreeIPA_realmd_leave|leave]] | |||
| [[QA:Testcase_FreeIPA_realmd_leave| | |||
| Leave a FreeIPA domain by deconfiguring it locally. | | Leave a FreeIPA domain by deconfiguring it locally. | ||
| Any | | Any | ||
Line 245: | Line 350: | ||
|- | |- | ||
|} | |} | ||
* [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] | * [https://bugs.freedesktop.org/enter_bug.cgi?product=realmd realmd bugzilla] |
Revision as of 16:42, 8 May 2013
Fedora 19 Test Days | |
---|---|
Enterprise accounts | |
Date | 2013-05-09 |
Time | all day |
Website | realmd SSSD project, Feature page |
IRC | #sssd (webirc, #fedora-test-day (webirc)) |
What to test?
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular realmd and adcli to join a machine to a domain and sssd to handle authentication and other related tasks.
Who's available
- Development: Stef Walter (stefw, realmd/adcli dev), Jakub Hrozek (jhrozek, sssd dev)
- Quality Assurance: Patrik Kis (pkis), Davis Spurek (dspurek), Kaushik Banerjee (kaushik)
Prerequisite for Test Day
- You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at FedoraLiveCD.
Architecture | SHA256SUM |
---|---|
x86_64 | 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0 |
i686 | 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e |
- If you don't want to use the LiveCD, you can use an updated Fedora 19 pre-release
- Make sure that the following components are installed:
- adcli-0.7-1.fc19
- realmd-0.14.0-1.fc19
- sssd-1.10.0-4.fc19.beta1
- selinux-policy-3.12.1-42.fc19
- Make sure that the following components are installed:
- A server to test against. Most test cases require an Active Directory domain, other tests require a FreeIPA server. Don't worry if you don't have both, any involvement in the test day is much appreciated!
- Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.
- If you are on Red Hat internal network you can test against our internal Test Bed: Test Day:2013-05-09 Red Hat Test Bed. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.
How to test
At a high level the following are being tested:
- realmd used together with Active Directory or FreeIPA
- adcli used together with Active Directory
- latest Kerberos improvements
- sssd used together with Active Directory or FreeIPA
You can explore these, and their documentation. Or you can follow the test cases below.
Tests: Kerberos
Testcase | Description | Privileges | Duration | |
---|---|---|---|---|
noconf | Using Active Directory without krb5.conf | Any | 5 minutes | |
clocks | Kerberos client with unsynced clocks | Any | 5 minutes | |
rdns | Kerberos client without reverse DNS | Any | 5 minutes | - |
User | noconf | clocks | rdns | References |
---|---|---|---|---|
Sample User |
Tests: Basics of sssd and realmd
Testcase | Description | Privileges | Duration |
---|---|---|---|
discover domain | Using realmd to discover information about an Active Directory domain | Any | 5 minutes |
discover server | Using realmd to discover information about an Active Directory server | Any | 5 minutes |
join domain | Using realmd to join a domain using standard options and configure sssd | Admin account | 15 minutes |
leave domain | Using realmd to leave a domain and deconfigure sssd | Any | 10 minutes |
join otp | Using realmd to join a domain using a one time password | Admin account | 15 minutes |
leave remove | Using realmd to leave a domain, removing the computer account, and deconfigure sssd | Any | 10 minutes |
login domain | After joining a domain, log in using domain credentials | User and admin account | 10 minutes |
DNS dynamic updates | Verifies an AD client is able to update its DNS record. | Joined to a domain | 20 minutes |
Tests: Integration of realmd
Testcase | Description | Privileges | Duration |
---|---|---|---|
kickstart | Use anaconda and kickstart to join a domain during installation. | Admin account | 45 minutes |
control center | Use control center to add an Enterprise Login from a domain. | User or admin account | 20 minutes |
gdm screen | Check the GDM login screen domain hints | Joined to a domain | 10 minutes |
Tests: Advanced sssd and realmd
Testcase | Description | Privileges | Duration |
---|---|---|---|
login any | Allow any domain user to log into local machine | User and admin account | 15 minutes |
login withdraw | Withdraw access to a user to log into the machine | User and admin account | 15 minutes |
deny any | Deny any domain logins to the machine | User and admin account | 15 minutes |
join ccache | Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join. | Administrator | 10 minutes |
join osinfo | Join the current machine to an Active Directory, and set the operating system name and version of the account. | Administrator | 10 minutes |
join packages | Join the current machine to an Active Directory, and prevent automatic installation of packages. | Administrator | 10 minutes |
join names | Join the current machine to an Active Directory, without using fully qualified user names. | Administrator | 10 minutes |
join posix | Join the current machine to an Active Directory, but use the POSIX attributes in the directory. | Administrator or user with posix attributes | 10 minutes |
join server | Join the current machine to an Active Directory, manually specifying the domain server you want to join against. | Administrator | 10 minutes |
join upn | Join the current machine to an Active Directory, while creating a userPrincipalName. | Administrator | 10 minutes |
site disco | Verifies an AD client is able to connect to a particular DNS site as defined on the AD server | Requires a joined client | 20 minutes |
netbios disco | This test case verifies an Active Directory client is able to discover the NetBIOS name automatically | Requires a joined client | 15 minutes |
Tests: Advanced adcli
To run these test cases you need to fulfill these prerequisites. In addition, further for using adcli with complex domains.
Testcase | Description | Privileges | Approx. time required |
---|---|---|---|
info domain | This test case retrieves basic information about a domain. | Any | 5 minutes |
info server | This test case retrieves basic information about a domain controller and the domain it is a part of. | Any | 5 minutes |
join simple | This test case verifies that adcli join works with basic options. | Administrator | 5 minutes |
join nodns | his test case verifies that adcli join can work without DNS. | Administrator | 5 minutes |
preset auto | This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password. | Administrator | 5 minutes |
preset otp | This test case precreates accounts in the domain using adcli join. | Administrator | 5 minutes |
Tests: With FreeIPA
Testcase | Description | Privileges | Approx. time required |
---|---|---|---|
join | Join a client machine to a domain | admin | 10 minutes |
login | Log in using FreeIPA credentials, both online and offline | admin | 15 minutes |
sudo | Test FreeIPA's sudo management capabilities | admin | 10 minutes |
ssh | Verify FreeIPA's SSH public key management | admin | 20 minutes |
automount | Test FreeIPA's automounter maps management | admin | 20 minutes |
leave | Leave a FreeIPA domain by deconfiguring it locally. | Any | 5 minutes |
User | FreeIPA join | FreeIPA login | FreeIPA sudo | FreeIPA SSH | FreeIPA automount | FreeIPA control center | FreeIPA leave | References |
---|---|---|---|---|---|---|---|---|
Sample User |