QA:Testcase freeipav3 fixed clients
Instaling clients with preferred servers with fixed addresses.
An IPA client normally uses DNS to find a server to communicate with, and only if that server is unreachable, it falls back to the specific server it was installed with. This provides automatic discovery and load balancing when replicas are added or deleted. However, sometimes it is preferable to prefer a specific server. IPA 3.0 provides an option to do this.
- Install an IPA server as described in QA:Testcase_freeipav3_installation.
- Optionally, install some replicas as shown in QA:Testcase_freeipav3_replication.
How to test
Install the client
First, install the client RPMs:
# yum install freeipa-client
Then, install the client:
# ipa-client-install --fixed-primary --domain ipa.example.org --server server.ipa.example.org -p admin -w secret123
If you have many replicas, you can use multiple --server options. For this test, omit one of your servers from the list. For example if you have server.ipa.example.org, srv2.ipa.example.org, and srv3.ipa.example.org, run:
# ipa-client-install --fixed-primary --domain ipa.example.org --server server.ipa.example.org --server srv3.ipa.example.org -p admin -w secret123
When the install is done, verify that IPA is working, for example by getting information about the admin and getting a ticket:
# id admin # getent passwd admin # kinit admin
Check /etc/sssd/sssd.conf. The ipa_server option should have the name of the server(s), and there should be no '_srv_' entry.
Check that unspecified replicas are not contacted
On one of your IPA servers, add a user to test with:
# ipa user-add --first=Glen --last=Jones gjones
On all masters you've configured your client with, run the following to stop them:
# ipactl stop
Verify that the client is not functioning:
# kinit admin kinit: Cannot contact any KDC for realm 'IPA.EXAMPLE.ORG' while getting initial credentials # id gjones id: gjones: no such user
Then, start one of the servers again:
# ipactl start # on a server
And on the client, verify it is functioning again:
# kinit admin # you will be able to log in # id gjones uid=371600001(gjones) gid=371600001(gjones) groups=371600001(gjones)
Remove the client
When you are done with the client, uninstall it:
# ipa-client-install --uninstall
All the test steps should end successfully with the specified results.