From Fedora Project Wiki

(Remove incorrect reference to GNOME)
(make it a redirect to the combined AD/freeipa test case)
 
Line 1: Line 1:
{{Template:Associated_release_criterion|Alpha|remote-authentication}}
+
#REDIRECT [[QA:Testcase_realmd_join_sssd]]
 
 
{{QA/Test_Case
 
|description=Join the current machine to a FreeIPA domain using the realmd command-line tool. Domain accounts are available on the local machine once this is done.
 
|setup=
 
# This test case assumes you have already set up a FreeIPA domain (named "ipa.example.org" in this example - adjust as appropriate for your local configuration). If you haven't, you can set one up. [[QA:Testcase_freeipav3_installation]] can function as an instruction set for this purpose; also see the [https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/index.html FreeIPA Guide].
 
# '''Your machine must have a fully-qualified host name'''. Do not proceed if the output of {{command|hostname}} is <code>localhost</code> or <code>localhost.localdomain</code> or similar. It should be something like <code>test-system.example.org</code>.
 
# Make sure you have realmd-0.13.3-2 or later installed: {{command|rpm -q realmd}}
 
|actions=
 
# Perform the join command using IPA's admin account.
 
#: <pre>$ realm join --user=admin ipa.example.org</pre>
 
#: You will be prompted for a password for the account.
 
#: You will be prompted for Policy Kit authorization.
 
#: On a successful join there will be no output.
 
#: This can take up to a few minutes depending on how far away your FreeIPA domain is.
 
 
 
|results=
 
# Check that the domain is now configured.
 
#: <pre>$ realm list</pre>
 
#: Make sure the domain is listed.
 
#: Make sure you have a <code>configured: kerberos-member</code> line in the output.
 
#: Make note of the login-formats line for the next command.
 
# Check that you can resolve domain accounts on the local computer.
 
#: <pre>$ getent passwd admin@ipa.example.org</pre>
 
#: You should see an output line that looks like passwd(5) output. It should contain an appropriate home directory, and a shell.
 
#: Use the login-formats you saw above, to build a remote user name. It will be in the form of $user@$fqdn, where fqdn is your fully qualified IPA domain name (e.g. ipa.example.org).
 
# Check that you have an appropriate entry in your hosts keytab.
 
#: <pre>sudo klist -k</pre>
 
#: You should see several lines, with your host name. For example <code>1 host/$hostname@$FQDN</code>
 
# Check that you can use your keytab with kerberos
 
#: <pre>sudo kinit -k host/client.ipa.example.org@IPA.EXAMPLE.ORG</pre>
 
#: Make sure the domain name is capitalized.
 
#: Use the principal from the output of the <code>klist</code> command above. Use the one that's capitalized and looks like <code>host/$hostname@$FQDN</code>.
 
#: There should be no output from this command.
 
# If you have set up the FreeIPA Web UI, you can use it to see that the computer account was created under the ''Hosts'' section.
 
}}
 
 
 
== Troubleshooting ==
 
 
 
Use the <code>--verbose</code> argument to see details of what's being done during a join. Include verbose output in any bug reports.
 
 
 
<pre>
 
$ realm join --verbose ipa.example.org
 
</pre>
 
 
 
[[Category:Realmd_Test_Cases]] [[Category:FreeIPA_Test_Cases]]
 
[[Category:Server Acceptance Test Cases]]
 

Latest revision as of 02:59, 25 November 2014