Test Day:2010-03-30 SSSDByDefault

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(PAM Tests)
m (Updated bug numbers provided by sgallagh)
(44 intermediate revisions by 10 users not shown)
Line 3: Line 3:
 
| DATE || TIME || WHERE
 
| DATE || TIME || WHERE
 
|-
 
|-
| Thu March 4, 2010 || ALL DAY || [irc://irc.freenode.net/fedora-qa #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc])
+
| Tuesday March 30, 2010 || ALL DAY || [irc://irc.freenode.net/fedora-qa #fedora-test-day] ([http://webchat.freenode.net/?channels=fedora-test-day webirc])
 
|-
 
|-
 
|}
 
|}
Line 16: Line 16:
  
 
The following cast of characters will be available testing, workarounds, bug fixes, and general discussion...
 
The following cast of characters will be available testing, workarounds, bug fixes, and general discussion...
* Development - [[User:sgallagh|Stephen Gallagher]], [[User:simo|Simo Sorce]]
+
* Development - [[User:sgallagh|Stephen Gallagher]], [[User:simo|Simo Sorce]], [[User:tmraz|Tomas Mraz]]
* Quality Assurance - [[User:jgalipea]], [[User:zmraz]], [[User:mmalik]]
+
* Quality Assurance - [[User:jgalipea]], [[User:zmraz]], [[User:gowrishankar]]
 +
* Design - [[User:duffy|Máirín Duffy]]
  
 
== What's needed to test ==
 
== What's needed to test ==
 
* A system with a network connection
 
* A system with a network connection
* [[Releases/Rawhide|Rawhide]] (tips on installing Rawhide below), or a [http://alt.fedoraproject.org/pub/alt/nightly-composes/desktop/ nightly live image] with {{package|sssd}} installed
+
* [[Releases/Branched|Fedora 13 (Branched)]] (tips on installing Branched below) with at least {{package|sssd|sssd-1.1.0-2.fc13}} and {{package|authconfig|authconfig-6.1.2-1.fc13}} installed, or a [http://jlaska.fedorapeople.org/sssd/ SSSD live image]
  
 
== How to test? ==
 
== How to test? ==
 
Before executing the test cases, you need to install and configure sssd. The necessary steps are outlined on the [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/Installation SSSD installation page].  If you are using the Test Day live image, the installation steps will be completed for you.
 
  
 
=== '''Update your machine''' ===
 
=== '''Update your machine''' ===
  
See the instructions on the [[Releases/Rawhide|Rawhide]] page on the various ways in which you can install or update to Rawhide. Or:
+
See the instructions on the [[Releases/Branched|Branched]] page on the various ways in which you can install or update to the Branched release. Be sure you are testing with at least [https://admin.fedoraproject.org/updates/authconfig-6.1.2-1.fc13 authconfig-6.1.2-1.fc13] and [https://admin.fedoraproject.org/updates/sssd-1.1.0-2.fc13 sssd-1.1.0-2.fc13].  To install the latest {{package|authconfig}}, type: <code> yum --enablerepo=updates-testing update authconfig sssd</code>
  
 
=== '''Live image''' ===
 
=== '''Live image''' ===
  
Optionally, you may download a non-destructive Rawhide live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].  Live images can be found [http://alt.fedoraproject.org/pub/alt/nightly-composes/desktop/ here]. Make sure to install the {{package|sssd}} package after booting the live image.
+
Optionally, you may download a non-destructive Rawhide live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].  Live images with the latest {{package|authconfig}} and {{package|sssd}} packages can be found [http://jlaska.fedorapeople.org/sssd/ here].
  
 
=== Test ===
 
=== Test ===
  
When done, please follow each of these test cases:
+
When ready, please follow each of these test cases:
  
==== NSS (User identity) ====
+
* [[QA:Testcase_SSSD_Local_Identity_and_local_Authentication]]
* [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/NSS_Local_Native Local identity native to SSSD]
+
* [[QA:Testcase_SSSD_LDAP_Identity_and_LDAP_Authentication]]
* [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/NSS_Local_Legacy Legacy local identity provided by traditional files]
+
* [[QA:Testcase_SSSD_LDAP_Identity_and_LDAP_Authentication_with_TLS]]
* [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/NSS_LDAP_Legacy Remote identity provided by legacy LDAP]
+
* [[QA:Testcase_SSSD_LDAP_Identity_and_Kerberos_Authentication]]
* [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/NSS_Private_LDAP_Legacy Remote identity provided by private legacy LDAP (optional)]
+
  
==== PAM (User authentication) ====
+
{{admon/tip|Don't have an LDAP or kerberos server?|If you do not have a local LDAP or kerberos server to test with, you can still participate.  An LDAP and kerberos server are provided during the test day.  However, if you are visiting this page well after the test day, the following information may no longer apply.
* [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_Local_Native Authentication of native local users]
+
* Public Certificate URL - http://jlaska.fedorapeople.org/sssd/cacert.asc
* [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_Local_Legacy Authentication of legacy local users through SSSD]
+
* Available user accounts: <code>sssdtest10001</code> ... <code>sssdtest10100</code>
* [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_LDAP_Native Authentication of LDAP users by native SSSD backend]
+
* Available groups: <code>sssdgroup20001</code> ... <code>sssdgroup20100</code>
* [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_LDAP_Legacy Authentication of legacy LDAP users through SSSD]
+
* LDAP server information
* [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_Private_LDAP_Native Authentication of private LDAP users by native SSSD backend (optional)]
+
** Default user password: <code>sssdtest</code>
* [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_Private_LDAP_Legacy Authentication of legacy private LDAP users through SSSD (optional)]
+
** <code>ldap_uri {{=}} ldap://publictest9.fedoraproject.org</code>
 +
** <code>ldap_search_base {{=}} dc{{=}}fedoraproject,dc{{=}}org</code>
 +
* Kerberos server information
 +
** Default user password: <code>sssdkrb5</code>
 +
** <code>krb5_realm {{=}} SSSD.FEDORAPROJECT.ORG</code>
 +
** <code>krb5_kdcip {{=}} publictest9.fedoraproject.org:88</code>
 +
** <code>krb5_kpasswd {{=}} publictest9.fedoraproject.org:749</code>
 +
}}
  
== Report your Results ==
+
=== Report your Results ===
  
If you have problems with any of the tests, report a bug to [https://fedorahosted.org/sssd/report Trac]. If you are unsure about exactly how to file the report, just ask on IRC and we will help you. Once you have completed the tests, add your results to the Results table below, following the example results from Stephen Gallagher as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, if your system worked correctly, simply enter the word PASS. If you had trouble, enter the word FAIL, as a link to the bug report for the failure. If you could not perform one test (for example, you cannot perform the more advanced tests because the basic one fails, or you cannot perform the private LDAP test as you do not have access to an LDAP server), enter the word N/A. In the comments column, you can enter any short, additional information about your testing environment.
+
If you have problems with any of the tests, report a bug to [https://fedorahosted.org/sssd/report Trac]. If you are unsure about exactly how to file the report, just ask on IRC and we will help you. Once you have completed the tests, add your results to the Results table below, following the example results from James Laska as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, if your system worked correctly, simply enter the word <code>PASS</code>. If you had trouble, enter the word <code>FAIL</code>, with a link to the bug report for the failure. If you could not perform one test (for example, you cannot perform the more advanced tests because the basic one fails, or you cannot perform the private LDAP test as you do not have access to an LDAP server), enter the word N/A. In the comments column, you can enter any short, additional information about your testing environment.
  
==== NSS Tests ====
+
== Test Results ==
 
{|
 
{|
 
! User  
 
! User  
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/NSS_Local_Native Native Local]
+
! [[QA:Testcase_SSSD_Local_Identity_and_local_Authentication|local/local]]
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/NSS_Local_Legacy Legacy Local]  
+
! [[QA:Testcase_SSSD_LDAP_Identity_and_LDAP_Authentication|LDAP/LDAP]]
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/NSS_LDAP_Legacy Remote LDAP]
+
! [[QA:Testcase_SSSD_LDAP_Identity_and_LDAP_Authentication_with_TLS|LDAP/LDAP TLS]]
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/NSS_Private_LDAP_Legacy Remote Private LDAP]
+
! [[QA:Testcase_SSSD_LDAP_Identity_and_Kerberos_Authentication|LDAP/Kerberos]]
 
! Comments
 
! Comments
 
|-
 
|-
! User  
+
| [[User:Sample User|Sample User]]
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/NSS_Local_Native Native Local]
+
| {{result|none}}
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/NSS_Local_Legacy Legacy Local]
+
| {{result|pass}}
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/NSS_LDAP_Legacy Remote LDAP]
+
| {{result|warn}} <ref>Test pass, but also encountered {{bz|54321}}</ref>
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/NSS_Private_LDAP_Legacy Remote Private LDAP]
+
| {{result|fail}} <ref>{{bz|12345}}</ref>
! Comments
+
| <references/>
 
|-
 
|-
| Sample User
+
| [[User:James Laska|jlaska]]
| Sample Status <ref>"Sample reference"</ref>
+
| {{result|pass}}
| Sample Status <ref>"Sample reference"</ref>
+
| {{result|fail}} <ref> Need to fix test case instructions, <code>ldaps://</code> didn't work without certificate</ref> <ref>{{bz|578219}} - Configuring ldaps:// + cacert does not run cacert_rehash on downloaded certificate</ref><ref>Workaround for bug#578219 - change to tty2 and manually run {{command|cacert_rehash /etc/openldap/cacerts}}, then restart sssd</ref> <ref>{{bz|578303}} - SSSD users cannot log in through GDM</ref>
| Sample Status <ref>"Sample reference"</ref>
+
| {{result|warn}} <ref>{{bz|578311}} - authconfig doesn't remember "[X] Use TLS to encrypt connection" setting</ref>
| Sample Status <ref>"Sample reference"</ref>
+
| {{result|none}}
 
| <references/>
 
| <references/>
 
|-
 
|-
|}
+
| [[User:liam|liam]]
 
+
| {{result|fail}}<ref>Get "unknow error" box when change password{{bz|578124}}</ref>
==== PAM Tests ====
+
| {{result|none}}
 
+
| {{result|none}}
{|
+
| {{result|none}}
! User
+
| <references/>
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_Local_Native Native Local]
+
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_Local_Legacy Legacy Local]
+
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_LDAP_Native Native LDAP]
+
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_LDAP_Legacy Legacy LDAP]
+
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_Private_LDAP_Native Native Private LDAP]
+
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_Private_LDAP_Legacy Legacy Private LDAP]
+
! Comments
+
 
|-
 
|-
! User
+
| [[User:Gowrishankar Rajaiyan|shanks]]
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_Local_Native Native Local]
+
| {{result|pass}}
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_Local_Legacy Legacy Local]
+
| {{result|fail}}<ref> requires a signed certificate in /etc/openldap/cacerts</ref>
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_LDAP_Native Native LDAP]
+
| {{result|pass}}
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_LDAP_Legacy Legacy LDAP]
+
| {{result|warn}}<ref> Unable to change password. "System is offline, password change not possible. passwd: Authentication token manipulation error" message displayed.</ref>
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_Private_LDAP_Native Native Private LDAP]
+
| <references/>
! [http://fedorahosted.org/sssd/wiki/Fedora_11_Test_Day/PAM_Private_LDAP_Legacy Legacy Private LDAP]
+
! Comments
+
 
|-
 
|-
| Sample User
+
| [[User:duffy|duffy]]
| Sample Status <ref>"Sample reference"</ref>
+
| {{result|none}}
| Sample Status <ref>"Sample reference"</ref>
+
| {{result|warn}} <ref>{{bz|578231}} - Add checkbox 'Allow authentication via self-signed certificates'</ref>
| Sample Status <ref>"Sample reference"</ref>
+
| {{result|none}}
| Sample Status <ref>"Sample reference"</ref>
+
| {{result|none}}
| Sample Status <ref>"Sample reference"</ref>
+
| Sample Status <ref>"Sample reference"</ref>
+
 
| <references/>
 
| <references/>
 +
|-
 +
| [[User:sgallagh|Stephen Gallagher]]
 +
| {{result|warn}} <ref>There were issues with the livecd related to setting up local users. After installing the livecd on disk, everything worked as expected.</ref> <ref>{{bz|577263}}  - Changing authentication providers crashes authconfig</ref>
 +
| {{result|none}}
 +
| {{result|none}}
 +
| {{result|none}}
 +
| <references/>
 +
|-
 +
| [[User:delhage|Lars Delhage]]
 +
| {{result|pass}}
 +
| {{result|none}}
 +
| {{result|none}}
 +
| {{result|warn}} <ref>Make sure your network users use UID:s > 1000, or change min_id in /etc/sssd/sssd.conf. Works fine otherwise.</ref><ref>Couldn't test password changes, because kpasswd service was not available on the server</ref>
 +
| <references/>
 +
|-
 +
| [[User:sbose|Sumit Bose]]
 +
| {{result|none}}
 +
| {{result|none}}
 +
| {{result|pass}} <ref>Used console login instead of GDM.</ref>
 +
| {{result|pass}} <ref>Used console login instead of GDM. Couldn't test password changes, because kpasswd service was not available on the server</ref>
 +
| <references/>
 +
|-
 +
| [[User:rhe|He Rui]]
 +
| {{result|pass}}
 +
| {{result|fail}}<ref>couldn't update ICEauthority file /home/sssdtest10005/.ICEauthority. There is a problem with the configuration server.
 +
(/usr/libexec/gconf-sanity-check-2 exited with status 256)
 +
</ref>
 +
| {{result|fail}}
 +
| {{result|fail}}
 +
| <references/>
 +
|-
 +
| [[User:orion|orion]]
 +
| {{result|none}}
 +
| {{result|none}}
 +
| {{result|none}} <ref>{{bz|578325}} - authconfig uses sss for automount</ref>
 +
| {{result|none}}
 +
| <references/>
 +
|-
 +
! User
 +
! [[QA:Testcase_SSSD_Local_Identity_and_local_Authentication|local/local]]
 +
! [[QA:Testcase_SSSD_LDAP_Identity_and_LDAP_Authentication|LDAP/LDAP]]
 +
! [[QA:Testcase_SSSD_LDAP_Identity_and_LDAP_Authentication_with_TLS|LDAP/LDAP TLS]]
 +
! [[QA:Testcase_SSSD_LDAP_Identity_and_Kerberos_Authentication|LDAP/Kerberos]]
 +
! Comments
 
|-
 
|-
 
|}
 
|}
  
 
[[Category:Fedora 13 Test Days]]
 
[[Category:Fedora 13 Test Days]]

Revision as of 15:31, 8 April 2010

DATE TIME WHERE
Tuesday March 30, 2010 ALL DAY #fedora-test-day (webirc)

Contents

What to test?

Today's installment of Fedora Test Day will focus on SSSD by default

If you come to this page after the test day is completed, your testing is still valuable, and you can use the information on this page to test with your system and provide feedback.

Who's available

The following cast of characters will be available testing, workarounds, bug fixes, and general discussion...

What's needed to test

How to test?

Update your machine

See the instructions on the Branched page on the various ways in which you can install or update to the Branched release. Be sure you are testing with at least authconfig-6.1.2-1.fc13 and sssd-1.1.0-2.fc13. To install the latest Package-x-generic-16.pngauthconfig, type: yum --enablerepo=updates-testing update authconfig sssd

Live image

Optionally, you may download a non-destructive Rawhide live image for your architecture. Tips on using a live image are available at FedoraLiveCD. Live images with the latest Package-x-generic-16.pngauthconfig and Package-x-generic-16.pngsssd packages can be found here.

Test

When ready, please follow each of these test cases:

Idea.png
Don't have an LDAP or kerberos server?
If you do not have a local LDAP or kerberos server to test with, you can still participate. An LDAP and kerberos server are provided during the test day. However, if you are visiting this page well after the test day, the following information may no longer apply.
  • Public Certificate URL - http://jlaska.fedorapeople.org/sssd/cacert.asc
  • Available user accounts: sssdtest10001 ... sssdtest10100
  • Available groups: sssdgroup20001 ... sssdgroup20100
  • LDAP server information
    • Default user password: sssdtest
    • ldap_uri = ldap://publictest9.fedoraproject.org
    • ldap_search_base = dc=fedoraproject,dc=org
  • Kerberos server information
    • Default user password: sssdkrb5
    • krb5_realm = SSSD.FEDORAPROJECT.ORG
    • krb5_kdcip = publictest9.fedoraproject.org:88
    • krb5_kpasswd = publictest9.fedoraproject.org:749

Report your Results

If you have problems with any of the tests, report a bug to Trac. If you are unsure about exactly how to file the report, just ask on IRC and we will help you. Once you have completed the tests, add your results to the Results table below, following the example results from James Laska as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, if your system worked correctly, simply enter the word PASS. If you had trouble, enter the word FAIL, with a link to the bug report for the failure. If you could not perform one test (for example, you cannot perform the more advanced tests because the basic one fails, or you cannot perform the private LDAP test as you do not have access to an LDAP server), enter the word N/A. In the comments column, you can enter any short, additional information about your testing environment.

Test Results

User local/local LDAP/LDAP LDAP/LDAP TLS LDAP/Kerberos Comments
Sample User
none
Pass pass
Warning warn
[1]
Fail fail
[2]
  1. Test pass, but also encountered RHBZ #54321
  2. RHBZ #12345
jlaska
Pass pass
Fail fail
[1] [2][3] [4]
Warning warn
[5]
none
  1. Need to fix test case instructions, ldaps:// didn't work without certificate
  2. RHBZ #578219 - Configuring ldaps:// + cacert does not run cacert_rehash on downloaded certificate
  3. Workaround for bug#578219 - change to tty2 and manually run cacert_rehash /etc/openldap/cacerts, then restart sssd
  4. RHBZ #578303 - SSSD users cannot log in through GDM
  5. RHBZ #578311 - authconfig doesn't remember "[X] Use TLS to encrypt connection" setting
liam
Fail fail
[1]
none
none
none
  1. Get "unknow error" box when change passwordRHBZ #578124
shanks
Pass pass
Fail fail
[1]
Pass pass
Warning warn
[2]
  1. requires a signed certificate in /etc/openldap/cacerts
  2. Unable to change password. "System is offline, password change not possible. passwd: Authentication token manipulation error" message displayed.
duffy
none
Warning warn
[1]
none
none
  1. RHBZ #578231 - Add checkbox 'Allow authentication via self-signed certificates'
Stephen Gallagher
Warning warn
[1] [2]
none
none
none
  1. There were issues with the livecd related to setting up local users. After installing the livecd on disk, everything worked as expected.
  2. RHBZ #577263 - Changing authentication providers crashes authconfig
Lars Delhage
Pass pass
none
none
Warning warn
[1][2]
  1. Make sure your network users use UID:s > 1000, or change min_id in /etc/sssd/sssd.conf. Works fine otherwise.
  2. Couldn't test password changes, because kpasswd service was not available on the server
Sumit Bose
none
none
Pass pass
[1]
Pass pass
[2]
  1. Used console login instead of GDM.
  2. Used console login instead of GDM. Couldn't test password changes, because kpasswd service was not available on the server
He Rui
Pass pass
Fail fail
[1]
Fail fail
Fail fail
  1. couldn't update ICEauthority file /home/sssdtest10005/.ICEauthority. There is a problem with the configuration server.

    (/usr/libexec/gconf-sanity-check-2 exited with status 256)

orion
none
none
none
[1]
none
  1. RHBZ #578325 - authconfig uses sss for automount
User local/local LDAP/LDAP LDAP/LDAP TLS LDAP/Kerberos Comments