Test Day:2013-05-09 SSSD Improvements and AD Integration

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(Tests: Basics of sssd and realmd)
(Tests: Basics of sssd and realmd)
Line 386: Line 386:
 
| lnovy
 
| lnovy
 
| {{result|pass}}
 
| {{result|pass}}
|
+
| {{result|pass}}
 
|
 
|
 
|
 
|

Revision as of 11:56, 19 May 2013

Fedora 19 Test Days
Echo-testing-48px.png
Enterprise accounts

Date 2013-05-09
Time all day

Website realmd SSSD project, Feature page
IRC #sssd (webirc, #fedora-test-day (webirc))


Note.png
Can't make the date?
If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.

Contents

What to test?

Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular realmd and adcli to join a machine to a domain and sssd to handle authentication and other related tasks.

Who's available

Prerequisite for Test Day

  • You may download a non-destructive Fedora 19 live image for your architecture. Tips on using a live image are available at FedoraLiveCD.
Architecture SHA256SUM
x86_64 720f0cb153aac8ae2e55629ec4a50e1c3f53a5fbe4b2ce65f1d6792b15af94b0
i686 29d7de49bd77760299924f90e9f732d60892766ff32318f5fac5dcbb4089073e
  • If you don't want to use the LiveCD, you can use an updated Fedora 19 pre-release
    • Make sure that the following components are installed:
      • adcli-0.7-1.fc19
      • realmd-0.14.0-1.fc19
      • sssd-1.10.0-4.fc19.beta1
      • selinux-policy-3.12.1-42.fc19
  • A server to test against. Most test cases require an Active Directory domain, other tests require a FreeIPA server. Don't worry if you don't have both, any involvement in the test day is much appreciated!
  • Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.
  • If you are on Red Hat internal network you can test against our internal Test Bed: Test Day:2013-05-09 Red Hat Test Bed. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with privileges listed below can't be run against the Test Bad (please skip them). In some cases you might need to contact the Test Bed admins to perform some special configuration; please contact pkis or dspurek.

How to test

At a high level the following are being tested:

  • realmd used together with Active Directory or FreeIPA
  • adcli used together with Active Directory
  • latest Kerberos improvements
  • sssd used together with Active Directory or FreeIPA

You can explore these, and their documentation. Or you can follow the test cases below.

There are many test cases, if you don't have a particular area of special interest, start from the top. The most common and simpler scenarios are generally in the earlier test cases.

All tests should pass with SELinux in enforcing mode unless otherwise specified.

Tests: Kerberos

These are tests that test basic kerberos functionality, including fixes that have been worked on to make using kerberos less brittle. Perform prerequisite setup before you run these tests.

Testcase Description Privileges Duration
noconf Using Active Directory without krb5.conf Any 5 minutes
clocks Kerberos client with unsynced clocks Any 5 minutes
rdns Kerberos client without reverse DNS Any 5 minutes

File bugs for these test cases in the Red Hat bugzilla, and record results below.

User noconf clocks rdns References
Sample User
Pass pass
none
Fail fail
[1]
  1. RHBZ #12345
stefw
Pass pass
Pass pass
Pass pass
dspurek
Pass pass
Fail fail
[1]
  1. RHBZ #961221
kaushik
Pass pass
Fail fail
Pass pass
okos
Pass pass
Pass pass
Pass pass
omoris
Pass pass
Pass pass
Pass pass
pkis
Fail fail
[1]
Fail fail
[2]
Pass pass
  1. RHBZ #961235
  2. RHBZ #961221
alich
Fail fail
[1]
Pass pass
Pass pass
  1. RHBZ #961235
ksrot
Pass pass
Fail fail
[1]
Pass pass
  1. RHBZ #961221
jjaburek
Pass pass
Pass pass
Pass pass
yelley
Pass pass
Pass pass
none
spoore
Pass pass
Pass pass
Pass pass
lnovy
Pass pass
Pass pass
Pass pass


 

 

 

 

Tests: Basics of sssd and realmd

These tests cover the basics of realmd being used for configuring domain authentication, and sssd providing that authentication.

Testcase Description Privileges Duration
discover domain Using realmd to discover information about an Active Directory domain Any 5 minutes
discover server Using realmd to discover information about an Active Directory server Any 5 minutes
join domain Using realmd to join a domain using standard options and configure sssd Admin account 15 minutes
leave domain Using realmd to leave a domain and deconfigure sssd Any 10 minutes
join otp Using realmd to join a domain using a one time password Admin account 15 minutes
leave remove Using realmd to leave a domain, removing the computer account, and deconfigure sssd Any 10 minutes
login domain After joining a domain, log in using domain credentials User and admin account 10 minutes
dns update Verifies an AD client is able to update its DNS record. Joined to a domain 20 minutes

Please file bugs in the Red Hat bugzilla, and create a table line below for your test results.

User discover domain discover server join domain leave domain join otp leave remove login domain dns update References
Sample User
none
Pass pass
Warning warn
[1]
Fail fail
[2]
none
none
none
none
  1. Test pass, RHBZ #54321
  2. RHBZ #12345
stefw
Warning warn
[1]
Pass pass
Warning warn
[2]
Pass pass
Warning warn
[3]
Warning warn
[4]
Fail fail
[5] [6]
Warning warn
[7] [8]
  1. RHBZ #961230
  2. RHBZ #961235
  3. RHBZ #961230
  4. RHBZ #961244
  5. RHBZ #961246
  6. RHBZ #961251
  7. RHBZ #961264
  8. RHBZ #961318
dspurek
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Fail fail
[1] [2] [3]
Fail fail
[4] [5]
  1. RHBZ #961246
  2. RHBZ #961251
  3. RHBZ #961278
  4. RHBZ #961357
  5. RHBZ #961251
okos
Warning warn
[1]
Pass pass
Warning warn
[2]
Pass pass
Warning warn
[3]
Warning warn
[4]
Fail fail
[5] [6]
none
  1. RHBZ #961230
  2. RHBZ #961235
  3. RHBZ #961230
  4. RHBZ #961244
  5. RHBZ #961246
  6. RHBZ #961363
Kaushik
Warning warn
[1]
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Fail fail
[2]
none
  1. RHBZ #961254
  2. RHBZ #961278
omoris
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Fail fail
[1]
none
  1. RHBZ #961246
pkis
Warning warn
[1]
Pass pass
Warning warn
[2]
Pass pass
Pass pass
Pass pass
Fail fail
[3] [4]
Fail fail
[5]
  1. RHBZ #961279
  2. RHBZ #867807
  3. RHBZ #961420
  4. RHBZ #961385
  5. RHBZ #961357
jjaburek
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Warning warn
[1]
Warning warn
[2]
none
  1. RHBZ #961244
  2. RHBZ #961385
ksrot
Pass pass
Pass pass
Fail fail
[1]
Pass pass
none
Pass pass
none
none
  1. RHBZ #961416
yelley
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
none
none
alich
Warning warn
[1]
Pass pass
Warning warn
[2]
Pass pass
Warning warn
[3]
Pass pass
Warning warn
[4]
none
  1. RHBZ #961335
  2. RHBZ #867807
  3. RHBZ #867807
  4. RHBZ #961385
spoore
Pass pass
Pass pass
Pass pass
[1]
Pass pass
Pass pass
Pass pass
Warning warn
[2]
Pass pass
  1. PackageKit needed
  2. tested with ssh: RHBZ #961278
lnovy
Pass pass
Pass pass

 

 

 

 

Tests: Integration of realmd

These tests test integration of realmd with several of its clients and callers. Each test has a few extra or differing requirements, which you should be on the lookout for in the setup section of the test.

Testcase Description Privileges Duration
kickstart Use anaconda and kickstart to join a domain during installation. Admin account 45 minutes
control center Use control center to add an Enterprise Login from a domain. User or admin account 20 minutes
gdm screen Check the GDM login screen domain hints Joined to a domain 10 minutes
openlmi Use the OpenLMI realmd CIM provider to join a domain Admin account 30 minutes

Please file bugs in the Red Hat bugzilla, and create a table line below for your test results. Bugs will be reassigned when appropriate to other components.

User kickstart control center gdm screen openlmi References
Sample User
none
Pass pass
Warning warn
[1]
Fail fail
[2]
  1. Test pass, RHBZ #54321
  2. RHBZ #12345
stefw
Pass pass
Warning warn
[1]
Warning warn
[2]
Fail fail
[3] [4] [5] [6]
  1. RHBZ #961282
  2. RHBZ #961291
  3. RHBZ #961225
  4. RHBZ #961228
  5. RHBZ #961207
  6. RHBZ #962750
okos
none
none
Pass pass
none
pkis
Warning warn
[1]
Warning warn
[2]
Pass pass
Pass pass
[3]
  1. RHBZ #953851
  2. RHBZ #953851
  3. realmd-0.14.1-1.fc19 and openlmi-realmd-0.0.22-1.fc19
spoore
Pass pass
[1]
none
none
none
  1. sssd didn't start on boot
dspurek
none
Pass pass
Warning warn
[1]
Pass pass
  1. RHBZ #963318
yelley
Fail fail
[1]
none
none
Pass pass
  1. RHBZ #963342

 

 

 

 

Advanced Tests: sssd and realmd

These are additional advanced tests which could be completed after the above, these go into further detail about various aspects of sssd and realmd usage. As each test requires that you have access to Active Directory, you can through that prerequisite setup before you start.

Testcase Description Privileges Duration
site disco Verifies an AD client is able to connect to a particular DNS site as defined on the AD server Requires a joined client 20 minutes
netbios disco This test case verifies an Active Directory client is able to discover the NetBIOS name automatically Requires a joined client 15 minutes
login any Allow any domain user to log into local machine User and admin account 15 minutes
login withdraw Withdraw access to a user to log into the machine User and admin account 15 minutes
deny any Deny any domain logins to the machine User and admin account 15 minutes
join ccache Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join. Administrator 10 minutes
join osinfo Join the current machine to an Active Directory, and set the operating system name and version of the account. Administrator 10 minutes
join packages Join the current machine to an Active Directory, and prevent automatic installation of packages. Administrator 10 minutes
join names Join the current machine to an Active Directory, without using fully qualified user names. Administrator 10 minutes
join posix Join the current machine to an Active Directory, but use the POSIX attributes in the directory. Administrator or user with posix attributes 10 minutes
join server Join the current machine to an Active Directory, manually specifying the domain server you want to join against. Administrator 10 minutes
join upn Join the current machine to an Active Directory, while creating a userPrincipalName. Administrator 10 minutes

Bugs can be filed in the Red Hat bugzilla for sssd or realmd components. Please create a row in the table below for your testing.

User site disco netbios disco login any login withdraw deny any join ccache join osinfo join packages join names join posix join server join upn References
Sample User
none
Pass pass
Warning warn
[1]
Fail fail
[2]
none
none
none
none
none
none
none
none
  1. Test pass, RHBZ #54321
  2. RHBZ #12345
stefw
Warning warn
[1]
Warning warn
[2]
none
none
none
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
  1. RHBZ #961354
  2. RHBZ #960270
dspurek
Pass pass
Pass pass
none
none
none
Pass pass
Fail fail
[1]
Pass pass
Warning warn
[2] [3] [4] [5]
Pass pass
Fail fail
[6]
Warning warn
[7]
  1. RHBZ #961435
  2. RHBZ #961442
  3. RHBZ #961246
  4. RHBZ #961251
  5. RHBZ #961278
  6. RHBZ #961550
  7. RHBZ #962404
kaushik
Pass pass
Pass pass
none
none
Pass pass
Pass pass
Pass pass
none
none
none
none
none
yelley
none
Pass pass
none
none
none
Pass pass
none
Fail fail
[1]
Fail fail
[2]
none
Fail fail
[3]
Fail fail
[4]
  1. RHBZ #961509
  2. RHBZ #961509
  3. RHBZ #961550
  4. RHBZ #961550
spoore
Pass pass
Pass pass
Pass pass
[1]
Pass pass
[2]
Pass pass
[3]
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Fail fail
[4]
Warning warn
[5]
  1. tested with ssh
  2. tested with ssh
  3. tested with ssh
  4. RHBZ #961550
  5. RHBZ #961550
pkis
Pass pass
Pass pass
Warning warn
[1]
Warning warn
[2]
Warning warn
[3]
Pass pass
Pass pass
Pass pass
Warning warn
[4]
Pass pass
Pass pass
Pass pass
  1. RHBZ #963630
  2. RHBZ #963722
  3. RHBZ #963767
  4. RHBZ #963837

 

 

 

 

Advanced Tests: adcli

adcli is a component that realmd uses to talk to Active Directory.

To run these test cases you need to fulfill these prerequisites. In addition, further for using adcli with complex domains.


Testcase Description Privileges Approx. time required
info domain This test case retrieves basic information about a domain. Any 5 minutes
info server This test case retrieves basic information about a domain controller and the domain it is a part of. Any 5 minutes
join simple This test case verifies that adcli join works with basic options. Administrator 5 minutes
join nodns his test case verifies that adcli join can work without DNS. Administrator 5 minutes
preset auto This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password. Administrator 5 minutes
preset otp This test case precreates accounts in the domain using adcli join. Administrator 5 minutes


Please file bugs in the Red Hat bugzilla, and create a table line below for your test results.

User info domain info server join simple join nodns preset auto preset otp References
Sample User
none
Pass pass
Warning warn
[1]
Fail fail
[2]
none
none
  1. Test pass, RHBZ #54321
  2. RHBZ #12345
dspurek
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
User:okos
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
jjaburek
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
stefw
Pass pass
Pass pass
Pass pass
Pass pass
Fail fail
[1]
Fail fail
[2]
  1. RHBZ #961399
  2. RHBZ #961399
yelley
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
spoore
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
pkis
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass

 

 

 

 

Advanced Tests: With FreeIPA

Testcase Description Privileges Approx. time required
join Join a client machine to a domain admin 10 minutes
login Log in using FreeIPA credentials, both online and offline admin 15 minutes
sudo Test FreeIPA's sudo management capabilities admin 10 minutes
ssh Verify FreeIPA's SSH public key management admin 20 minutes
automount Test FreeIPA's automounter maps management admin 20 minutes
leave Leave a FreeIPA domain by deconfiguring it locally. Any 5 minutes
User FreeIPA join FreeIPA login sudo FreeIPA SSH FreeIPA automount FreeIPA control center FreeIPA leave References
Sample User
none
Pass pass
none
Warning warn
[1]
Fail fail
[2]
none
none
  1. Test pass, RHBZ #54321
  2. RHBZ #12345
Steeve
Pass pass
Pass pass
Pass pass
Pass pass
Fail fail
[1]
none
Fail fail
[2]
  1. RHBZ #961314
  2. Bugs filed by stefw
okos
none
none
none
none
none
none
none
stefw
none
none
none
none
none
none
Fail fail
[1] [2]
  1. RHBZ #961320
  2. RHBZ #961325
spoore
Pass pass
Pass pass
Pass pass
Pass pass
none
none
none
pkis
Pass pass
Pass pass
Pass pass
Pass pass
none
Pass pass
Pass pass
dspurek
Pass pass
Pass pass
Pass pass
none
none
Pass pass
Pass pass