Fedora Test Days | |
---|---|
Active Directory | |
Date | 2012-10-18 |
Time | all day |
Website | QA/Fedora_18_test_days |
IRC | #fedora-test-day (webirc) |
Mailing list | sssd-devel |
What to test?[edit]
Today's installment of Fedora Test Day will focus on Active Directory, in particular using realmd to setup authentication using domain accounts, sssd to handle the active directory authentication, and other involved bits and pieces.
Who's available[edit]
The following cast of characters will be available testing, workarounds, bug fixes, and general discussion ...
- Development - Stefw (stefw), jhrozek (jhrozek-SSSD devel)(irc_nick2)
- Quality Assurance - ksrot (ksrot), omoris (omoris), mvadkert (mvadkert), jpospisi (jpospisi)
Prerequisite for Test Day[edit]
You need the following before joining in on the test day.
- Live CD: http://fedorapeople.org/~stefw/isos/ad-testday-dns-20121018.iso
- This Live CD is preconfigured to work with the Active Directory Test Bed. But you still need to set a local host name.
- If you don't want to use the Live CD, you can use an updated Fedora 18 pre-release
- realmd 0.10 installed from updates-testing, or from git master (preinstalled on the LiveCD).
- An Active Directory domain to test against.
- Domain user account or administrator account on the given Active Directory domain. See below for which test cases require which privileges.
How to test?[edit]
At a high level the following are being tested:
- realmd used together with Active Directory
- sssd used together with Active Directory
- control-center GNOME control center used with Enterprise Logins
- gnome-online-accounts used with a Kerberos account
- gvfs used for SMB access with a Kerberos ticket
You can explore these, and their documentation. Or you can follow the test cases below.
Test Cases[edit]
Testcase | Description | Privileges | Approx. time required |
---|---|---|---|
AD no krb5.conf | Using Active Directory without krb5.conf | Any | 5 minutes |
Discover AD | Using realmd to discover information about an Active Directory domain | Any | 5 minutes |
Join AD with sssd | Using realmd to join an Active Directory domain with sssd as the client. | Domain user | 15 minutes |
Leave AD | Using realmd to leave an Active Directory domain. | Domain user | 15 minutes |
Leave AD with remove | Using realmd to leave an Active Directory domain, removing the computer account. | Domain user | 15 minutes |
Join AD with winbind | Using realmd to join an Active Directory domain with winbind as the client. | Domain user | 15 minutes |
Login with AD account | Using realmd permit one domain login, and then log in using that account | Domain user | 10 minutes |
Deny login for AD account | Using realmd deny one domain login. | Domain user | 10 minutes |
Login with any AD account | Using realmd permit any domain login, and then log in using an account | Domain user | 10 minutes |
Deny login for any AD account | Using realmd deny any domain login. | Domain user | 10 minutes |
Join AD automatic | Using realmd to join an active directory domain automatically | Domain admin | 20 minutes |
Join AD with OTP | Using realmd to join an Active Directory domain with a one time password. | Domain admin | 20 minutes |
Control Center Enterprise Login | Using Control Center to add an Enterprise Login (ie: a domain account), and testing login with that account. | Domain user | 20 minutes |
GVfs access | Using gvfs to access SMB shares with active kerberos ticket. | Domain user | 5 minutes |
Test Results[edit]
Log issues and enhancements in one of these places:
- realmd bugzilla
- gnome-control-center bugzilla
- gnome-online-accounts bugzilla
- gvfs bugzilla
- Red Hat bugzilla
- SSSD Trac
User | AD no krb5.conf | AD discovery | SSSD join | Leave AD | Leave AD and remove account | winbind join | login | deny login | permit any | deny any | autojoin | OTP join | control center | gvfsd-smb | References |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Sample User | |||||||||||||||
mvadkert | - realm crashes when computer-ou empty, [2], [3] | ||||||||||||||
Maxim Burgerhout | |||||||||||||||
omoris | |||||||||||||||
Stijn |
| ||||||||||||||
stefw |
| ||||||||||||||
jpospisi | |||||||||||||||
ksrot | |||||||||||||||
jscotka | |||||||||||||||
psklenar | |||||||||||||||
tbzatek | |||||||||||||||
pkis | |||||||||||||||
Adam Joseph Cook | [2] | [8] |
| ||||||||||||
vpodzime
(all with setenforce 0) |
Long comments[edit]
- ↑ Computer not removed from the Active Directory, only a liitle arrow appeared in the computer icon screenshot