From Fedora Project Wiki

(not a server validation test case, as g-i-s isn't in server)
(bah, more fiddling)
 
(5 intermediate revisions by the same user not shown)
Line 2: Line 2:
|description=Join the current machine to a FreeIPA domain using GNOME's initial setup tool. Domain accounts are available on the local machine once this is done.
|description=Join the current machine to a FreeIPA domain using GNOME's initial setup tool. Domain accounts are available on the local machine once this is done.
|setup=
|setup=
# This test case assumes you have already set up a FreeIPA domain (named "ipa.example.org" in this example - adjust as appropriate for your local configuration). If you haven't, you can set one up. [[QA:Testcase_freeipav3_installation]] can function as an instruction set for this purpose; also see the [https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/index.html FreeIPA Guide].
{{Domain server setup}}
# '''Your machine must have a fully-qualified host name.''' Do not proceed if the output of {{command|hostname}} is <code>localhost</code> or <code>localhost.localdomain</code> or similar. It should be something like <code>test-system.example.org</code>.
# Create at least one domain account, either a user or administrator. It's useful to test with both
# Make sure you have realmd-0.13.3-2 or later installed: {{command|rpm -q realmd}}
|actions=
|actions=
# Install Fedora Workstation (or, for releases older than Fedora 21, do a standard Fedora GNOME desktop install), using all defaults where possible and sensible settings elsewhere. Do not create a local user account during installation.
# Install Fedora Workstation (or, for releases older than Fedora 21, do a standard Fedora GNOME desktop install), using all defaults where possible and sensible settings elsewhere. '''Make sure''' to give the system a '''fully-qualified hostname''' (on the Network screen). Usually the domain component of the system hostname will correspond to the FreeIPA / Active Directory domain. Do not create a local user account during installation.
# Boot the installed system.
# Boot the installed system.
# On the ''About You'' page of the wizard, click ''Set Up Enterprise Login''.
# On the ''About You'' page of the wizard, click ''Set Up Enterprise Login''.
# Enter the FreeIPA domain name (for e.g. ''example.org'') for Domain (it should be available as a choice from the drop-down box if your test system's hostname is as suggested above), and a valid username and password for a user account on the domain, and click Next.
# Enter the domain name (for e.g. ''example.org'') for Domain (it should be available as a choice from the drop-down box if your test system's hostname is as suggested above), and a valid username and password for a user account on the domain, and click Next.
# If prompted for administrator credentials, enter the username and password of the FreeIPA domain administrator account and click Continue.
# If prompted for administrator credentials, enter the username and password of a domain administrator account and click Continue.
# Complete the wizard, and try to log in with the user account you configured.
# Complete the wizard, and try to log in with the user account you configured.
# Check whether you can run {{command|getent passwd someuser@example.org}} and other commands that would require correct authentication with the FreeIPA domain.
|results=
|results=
# Installation should run successfully. If it does not, you have made a mistake or encountered a failure of one of the [[:Category:Installer Test Cases]].
{{Domain_client_enrol_results}}
# The GNOME initial setup wizard should appear before any login screen. If it does not, consider this a failure of [[QA:Testcase_base_initial_setup]].
}}
# The user creation step should switch to an 'Enterprise Login' mode when you click the ''Set Up Enterprise Login'' button.
# If the user account you chose to set up has the power to enrol new client systems in the domain, the joining process should start as soon as you enter the account details and click Next. If not, a dialog requesting the credentials of an account with the necessary powers should appear.
# If the admin credentials prompt is necessary, it should appear and the join process should start when you enter correct admin credentials and click Continue.
# You should be able to log in as the FreeIPA user configured during this test.
# You should be able to run tasks that require access to the FreeIPA domain (to confirm the join and login work correctly).}}


[[Category:Realmd_Test_Cases]]
[[Category:Realmd_Test_Cases]]
[[Category:FreeIPA_Test_Cases]]
[[Category:FreeIPA_Test_Cases]]
[[Category:Active_Directory_Test_Cases]]
[[Category:Desktop_Acceptance_Test_Cases]]
[[Category:Desktop_Acceptance_Test_Cases]]
[[Category:Package_gnome-initial-setup_test_cases]]

Latest revision as of 00:13, 26 November 2014

Description

Join the current machine to a FreeIPA domain using GNOME's initial setup tool. Domain accounts are available on the local machine once this is done.

Setup

  1. Deploy a correctly-configured FreeIPA or Active Directory domain controller. You can follow:
    QA:Testcase_Server_role_deploy with the Domain Controller role to deploy a FreeIPA domain controller on Fedora 28 or earlier
    QA:Testcase_freeipa_trust_server_installation to deploy a FreeIPA domain controller on Fedora 29 or later
    QA:Testcase_Active_Directory_Setup to deploy an Active Directory domain controller
  2. Create at least one domain account, either a user or administrator. It's useful to test with both

How to test

  1. Install Fedora Workstation (or, for releases older than Fedora 21, do a standard Fedora GNOME desktop install), using all defaults where possible and sensible settings elsewhere. Make sure to give the system a fully-qualified hostname (on the Network screen). Usually the domain component of the system hostname will correspond to the FreeIPA / Active Directory domain. Do not create a local user account during installation.
  2. Boot the installed system.
  3. On the About You page of the wizard, click Set Up Enterprise Login.
  4. Enter the domain name (for e.g. example.org) for Domain (it should be available as a choice from the drop-down box if your test system's hostname is as suggested above), and a valid username and password for a user account on the domain, and click Next.
  5. If prompted for administrator credentials, enter the username and password of a domain administrator account and click Continue.
  6. Complete the wizard, and try to log in with the user account you configured.

Expected Results

  1. Check that the domain is now configured: realm list
    Make sure the domain is listed
    Make sure you have a configured: kerberos-member line in the output
  2. Check that you can resolve domain accounts on the local computer
    For Active Directory:
    getent passwd 'DOMAIN\User' (DOMAIN is the netbios name, usually the first portion of the domain name, e.g. AD or SAMDOM; make sure to use the single quotes)
    For FreeIPA:
    getent passwd admin@domain (domain is the fully-qualified FreeIPA domain name, e.g. example.ipa)
    You should see an output line that looks like passwd output. It should contain an appropriate home directory, and a shell
  3. Check that you have an appropriate entry in your host's keytab: su -c 'klist -k'
    You should see several lines with your host name. For example 1 host/$hostname$@FQDN
  4. Check that you can use your keytab with kerberos: su -c 'kinit -k (principal)'
    Replace (principal) with the principal from the output of the klist command above. Use the one with the domain capitalized and that looks like host/hostname@DOMAIN) (FreeIPA) or TRUNCATED_HOSTNAME$@DOMAIN (Active Directory)
    There should be no output from this command
  5. If you are testing FreeIPA and have set up the FreeIPA Web UI, you can use it to see that the computer account was created under the Hosts section
  6. If you have are testing Active Directory and have console access to the domain controller, you can use the Active Directory Users and Computers tool to see if that the computer account was created under the Computers section
  7. Optionally, move on to QA:Testcase_domain_client_authenticate to ensure you can log in with a domain account.
Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_gnome_initial_setup_domain_join&oldid=395807"