Latest revision as of 12:31, 29 October 2014

Associated release criterion
This test case is associated with the Basic_Release_Criteria#remote-authentication release criterion. If you are doing release validation testing, a failure of this test case may be a breach of that release criterion. If so, please file a bug and nominate it as blocking the appropriate milestone, using the blocker bug nomination page.

Description

Join the current machine to an Active Directory, manually specifying the domain server you want to join against .

Make sure you have other required software:
- realmd 0.14.0 or later
- adcli 0.7 or later
Verify that your Active Directory domain access works, or set a domain up.
You need a domain account as an administrator.
Leave realm(s) you are currently joined to.
Get a server name (domain controllers) for the Active Directory domain
If you don't know the servers for a given domain, you can use DNS to look them up:
```
$ host -t SRV _ldap._tcp.ad.example.com
```

Check that the domain is now configured.
```
$ realm list
```
Make sure the domain is listed.

Make sure you have a configured: kerberos-member line in the output.

Make note of the login-formats line for the next command.
Check that you can resolve domain accounts on the local computer.
```
$ getent passwd 'AD\User'
```
Make sure to use the quotes around the user name.
You should see an output line that looks like passwd(5) output.
```
AD\User:*:6000:6000:User:/home/User:/bin/sh
```
The uid, gid, home directory and shell should match those you set in the directory above.
Verify that sssd has been configured to use specifically this server.
The /etc/sssd/sssd.conf file should contain a line like this:
```
ad_server = server.ad.example.com
```

Specify the server's IP address instead of the server's DNS name:

$ realm join --user=Administrator 192.168.133.2

The join should proceed in the same way, and the IP address should be present in /etc/sssd/sssd.conf

Force use of winbind instead of sssd in the join.

$ realm join --user=Administrator --client-software=winbind server.ad.example.com

The join should complete successfully. After the join the file /etc/samba/smb.conf should contain the line:

password server = server.ad.example.com

This will not work with an IP address.

Use the --verbose argument to see details of what's being done during a join. Include verbose output in any bug reports.

$ realm join --verbose server.ad.example.com

@@ Line 1: / Line 1: @@
+{{Template:Associated_release_criterion|Alpha|remote-authentication}}
 {{QA/Test_Case
 |description=Join the current machine to an Active Directory, manually specifying the domain server you want to join against .
@@ Line 12: / Line 14: @@
 #: <pre>$ host -t SRV _ldap._tcp.ad.example.com</pre>
 |actions=
-# Join the domain, but instead of specifying the domain name, specify the server host name:
+# Join the domain, but instead of specifying the domain name, specify the domain controller host name:
 #: <pre>$ realm join --user=Administrator server.ad.example.com</pre>
 #: Use your domain admin password when prompted. Specify a user other than <code>Administrator</code> if you have another domain administrative account.
@@ Line 63: / Line 65: @@
 [[Category:Active_Directory_Test_Cases]] [[Category:Realmd_Test_Cases]]
+[[Category:Server Acceptance Test Cases]]