QA:Testcase realmd join openlmi

From FedoraProject

Revision as of 23:24, 8 May 2013 by Jdennis (Talk | contribs)

Jump to: navigation, search

Contents

Description

Join the current machine to an Active Directory using OpenLMI

Setup

Install the components

sudo setenforce 0
sudo yum install sblim-sfcb tog-pegasus pywbem
sudo yum install realmd openlmi-realmd
wget http://jdennis.fedorapeople.org/realmd-cim
chmod +x realmd-cim

Verify pegasus is running

sudo systemctl status tog-pegasus

Set the pegasus password, in this example we'll use XXXX as the password

sudo passwd pegasus

Fulfill the prerequisites and make sure your Active Directory domain access works.

How to test

  1. Show joined domains
realm list
./realmd-cim -u pegasus -p XXXX list

realmd-cim should show equivalent information as to what realmd-cim shows

Expected Results

  1. Check if you are joined to the domain
    realm list
    The domain should be listed
    Make note of the login format
  2. Check that domain accounts can be resolved
    getent passwd 'AD\User'
    Make sure to use the quotes around the user name.
    You should see an output line that looks like passwd(5) output. It should contain an appropriate home directory, and a shell.
    Use the login-formats you saw above, to build a remote user name. It will be in the form of DOMAIN\User, where DOMAIN is the first part of your full Active Directory domain name.
  3. Check that you have an appropriate entry in your hosts keytab.
    sudo klist -k
  4. Check that you can use your keytab with kerberos
    sudo kinit -k 'HOSTNAME$@AD.EXAMPLE.COM'
    Make sure to use quotes around the argument, because of the characters in there. #: Make sure the hostname and domain are capitalized.
    Use the principal from the output of the klist command above. Use the one that's capitalized and looks like HOSTNAME$@DOMAIN.
    There should be no output from this command.
  5. Try to log into the machine as a domain account at the console.
    This should automatically create a new home directory for the user, and log into a shell prompt.



More: Try it with FreeIPA

Use a FreeIPA domain with the OpenLMI join.

Troubleshooting

  • RHBZ #XXXXXX If you see SELinux issues see this bug for details.
    • Please do this and report all AVC's to the above bug.
$ sudo setenforce permissive
... do the test
$ sudo grep realmd /var/log/audit/audit.log