From Fedora Project Wiki
No edit summary |
(Update requirements) |
||
(10 intermediate revisions by 2 users not shown) | |||
Line 5: | Line 5: | ||
# '''Your machine must have a configured host name. Do not proceed if your host name is <code>localhost</code> or similar.''' | # '''Your machine must have a configured host name. Do not proceed if your host name is <code>localhost</code> or similar.''' | ||
#: <pre>$ hostname</pre> | #: <pre>$ hostname</pre> | ||
# Make sure you have realmd 0.13 or later installed. | # Make sure you have realmd-0.13.3-2 or later installed. | ||
#: <pre>$ yum list realmd</pre> | #: <pre>$ yum list realmd</pre> | ||
|actions= | |actions= | ||
Line 22: | Line 22: | ||
#: Make note of the login-formats line for the next command. | #: Make note of the login-formats line for the next command. | ||
# Check that you can resolve domain accounts on the local computer. | # Check that you can resolve domain accounts on the local computer. | ||
#: <pre>$ getent passwd | #: <pre>$ getent passwd admin@ipa.example.org</pre> | ||
#: You should see an output line that looks like passwd(5) output. It should contain an appropriate home directory, and a shell. | #: You should see an output line that looks like passwd(5) output. It should contain an appropriate home directory, and a shell. | ||
#: Use the login-formats you saw above, to build a remote user name. It will be in the form of | #: Use the login-formats you saw above, to build a remote user name. It will be in the form of $user@$fqdn, where fqdn is your fully qualified IPA domain name (e.g. ipa.example.org). | ||
# Check that you have an appropriate entry in your hosts keytab. | # Check that you have an appropriate entry in your hosts keytab. | ||
#: <pre>sudo klist -k</pre> | #: <pre>sudo klist -k</pre> | ||
#: You should see several lines, with your host name. For example <code>1 host/ | #: You should see several lines, with your host name. For example <code>1 host/$hostname@$FQDN</code> | ||
# Check that you can use your keytab with kerberos | # Check that you can use your keytab with kerberos | ||
#: <pre>sudo kinit -k | #: <pre>sudo kinit -k host/client.ipa.example.org@IPA.EXAMPLE.ORG</pre> | ||
#: | #: Make sure the domain name is capitalized. | ||
#: Use the principal from the output of the <code>klist</code> command above. Use the one that's capitalized and looks like <code>host/ | #: Use the principal from the output of the <code>klist</code> command above. Use the one that's capitalized and looks like <code>host/$hostname@$FQDN</code>. | ||
#: There should be no output from this command. | #: There should be no output from this command. | ||
# If you have set up the FreeIPA Web UI, you can use it to see that the computer account was created under the ''Hosts'' section. | # If you have set up the FreeIPA Web UI, you can use it to see that the computer account was created under the ''Hosts'' section. | ||
Line 45: | Line 44: | ||
</pre> | </pre> | ||
[[Category:Realmd_Test_Cases]] [[Category:FreeIPA_Test_Cases]] | |||
[[Category: |
Revision as of 06:46, 9 May 2013
Description
Join the current machine to a FreeIPA domain. Domain accounts are available on the local machine once this is done.
Setup
- This testcase assumes you have already set up a FreeIPA domain (named "ipa.example.org"). If you haven't, you can set one up.
- Your machine must have a configured host name. Do not proceed if your host name is
localhost
or similar.$ hostname
- Make sure you have realmd-0.13.3-2 or later installed.
$ yum list realmd
How to test
- Perform the join command using IPA's admin account.
$ realm join --user=admin ipa.example.org
- You will be prompted for a password for the account.
- You will be prompted for Policy Kit authorization.
- On a successful join there will be no output.
- This can take up to a few minutes depending on how far away your FreeIPA domain is.
Expected Results
- Check that the domain is now configured.
$ realm list
- Make sure the domain is listed.
- Make sure you have a
configured: kerberos-member
line in the output. - Make note of the login-formats line for the next command.
- Check that you can resolve domain accounts on the local computer.
$ getent passwd admin@ipa.example.org
- You should see an output line that looks like passwd(5) output. It should contain an appropriate home directory, and a shell.
- Use the login-formats you saw above, to build a remote user name. It will be in the form of $user@$fqdn, where fqdn is your fully qualified IPA domain name (e.g. ipa.example.org).
- Check that you have an appropriate entry in your hosts keytab.
sudo klist -k
- You should see several lines, with your host name. For example
1 host/$hostname@$FQDN
- Check that you can use your keytab with kerberos
sudo kinit -k host/client.ipa.example.org@IPA.EXAMPLE.ORG
- Make sure the domain name is capitalized.
- Use the principal from the output of the
klist
command above. Use the one that's capitalized and looks likehost/$hostname@$FQDN
. - There should be no output from this command.
- If you have set up the FreeIPA Web UI, you can use it to see that the computer account was created under the Hosts section.
Troubleshooting
Use the --verbose
argument to see details of what's being done during a join. Include verbose output in any bug reports.
$ realm join --verbose ipa.example.org