Test Day:2013-05-09 SSSD Improvements and AD Integration

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(Test Cases - adcli)
(Prerequisite for Test Day)
Line 19: Line 19:
  
 
== Prerequisite for Test Day ==
 
== Prerequisite for Test Day ==
* LiveCD
+
 
** LiveCD tbd when sssd-1.10beta1 is out
+
* You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at [[FedoraLiveCD]].
 +
{|
 +
! Architecture !! SHA256SUM
 +
|-
 +
| [http://fedorapeople.org/groups/qa/testday-20130509-2-x86_64.iso x86_64] || 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0
 +
|-
 +
| [http://fedorapeople.org/groups/qa/testday-20130509-2-i686.iso i686] || 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e
 +
|}
 +
 
 
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]
 
* If you don't want to use the LiveCD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 19 pre-release]
 
** Make sure that the following components are installed:
 
** Make sure that the following components are installed:

Revision as of 16:32, 7 May 2013

Fedora 19 Test Days
Echo-testing-48px.png
Enterprise accounts

Date 2013-05-09
Time all day

Website realmd SSSD project, Feature page
IRC #sssd (webirc, #fedora-test-day (webirc))


Note.png
Can't make the date?
If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.

Contents

What to test?

Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular realmd and adcli to join a machine to a domain and sssd to handle authentication and other related tasks.

Who's available

Prerequisite for Test Day

  • You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at FedoraLiveCD.
Architecture SHA256SUM
x86_64 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0
i686 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e
  • If you don't want to use the LiveCD, you can use an updated Fedora 19 pre-release
    • Make sure that the following components are installed:
      • realmd-0.14.0-1.fc19
      • sssd-1.10.0-4.fc19.beta1
      • selinux-policy-3.12.1-42.fc19
  • A server to test against. Most test cases require an Active Directory domain, other tests require a FreeIPA server. Don't worry if you don't have both, any involvement in the test day is much appreciated!
  • Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.
  • If you are on Red Hat internal network you can test against our internal Test Bed: Test Day:2013-05-09 Red Hat Test Bed. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.
    Test requirements (privileges) that does no work against the Test Bed:
    • Requires domain with multiple sites
    • Requires domain with different forest name
    • Requires read-only domain controller

How to test

At a high level the following are being tested:

  • realmd used together with Active Directory or FreeIPA
  • adcli used together with Active Directory or FreeIPA
  • latest Kerberos improvements
  • sssd used together with Active Directory or FreeIPA

You can explore these, and their documentation. Or you can follow the test cases below.

Test Cases - adcli

Testcase Description Privileges Approx. time required
adcli setup Set up the environment in order to perform the adcli tests Any 5 minutes
adcli info This test case retrieves basic information about a domain. Any 5 minutes
adcli info server This test case retrieves basic information about a domain controller and the domain it is a part of. Any 5 minutes
adcli info site This test case verifies that adcli info works even when the domain topology is complex. Requires domain with multiple sites (no testbed) 5 minutes
adcli info badsite This test case verifies that adcli info correctly identifies that a domain controller not in its local site may not be completely usable. Requires domain with multiple sites (no testbed) 5 minutes
adcli info forest This test case verifies that adcli info correctly reads the domain forest. Requires domain with different forest name (no testbed) 5 minutes
adcli info readonly This test case verifies that adcli info correctly identifies domain controllers it cannot use. Requires read-only domain controller (no testbed) 5 minutes
adcli join simple This test case verifies that adcli join works with basic options. Administrator 5 minutes
adcli join nodns his test case verifies that adcli join can work without DNS. Administrator 5 minutes
adcli preset auto This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password. Administrator 5 minutes
adcli preset otp This test case precreates accounts in the domain using adcli join. Administrator 5 minutes

Test Cases - Active Directory

Testcase Description Privileges Approx. time required
AD no krb5.conf Using Active Directory without krb5.conf Any 5 minutes
LessBrittleKerberos unsynced clocks Kerberos client with unsynced clocks Any 5 minutes
Discover AD domain Using realmd to discover information about an Active Directory domain Any 5 minutes
Discover AD server Using realmd to discover information about an Active Directory server Any 5 minutes
Join AD using ccache Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join. Administrator 10 minutes
Join AD and set OS Join the current machine to an Active Directory, and set the operating system name and version of the account. Administrator 10 minutes
Join AD and prevent installing requirements Join the current machine to an Active Directory, and prevent automatic installation of packages. Administrator 10 minutes
Join AD without qualifying usernames Join the current machine to an Active Directory, without using fully qualified user names. Administrator 10 minutes
Join AD using POSIX attributes Join the current machine to an Active Directory, but use the POSIX attributes in the directory. Administrator or user with posix attributes 10 minutes
Join a specific AD server Join the current machine to an Active Directory, manually specifying the domain server you want to join against. Administrator 10 minutes
Join AD while creating an UPN Join the current machine to an Active Directory, while creating a userPrincipalName. Administrator 10 minutes
DNS dynamic updates Verifies an AD client is able to update its DNS record. Requires a joined client 20 minutes
DNS site discovery Verifies an AD client is able to connect to a particular DNS site as defined on the AD server Requires a joined client 20 minutes

Test Cases - FreeIPA

Testcase Description Privileges Approx. time required
FreeIPA join Join a client machine to a domain admin 10 minutes
FreeIPA login Log in using FreeIPA credentials, both online and offline admin 15 minutes
FreeIPA sudo Test FreeIPA's sudo management capabilities admin 10 minutes
FreeIPA SSH Verify FreeIPA's SSH public key management admin 20 minutes
FreeIPA automount Test FreeIPA's automounter maps management admin 20 minutes
FreeIPA control center Setup an FreeIPA domain account login via the GNOME Control Center. admin 10 minutes
FreeIPA leave Leave a FreeIPA domain by deconfiguring it locally. Any 5 minutes

Test Results - FreeIPA

Log issues and enhancements in one of these places:

User FreeIPA join FreeIPA login FreeIPA sudo FreeIPA SSH FreeIPA automount FreeIPA control center FreeIPA leave References
Sample User
none
Pass pass
Warning warn
[1]
Fail fail
[2]
none
none
none
  1. Test pass, RHBZ #54321
  2. RHBZ #12345