(Drop direct Test Days category membership) |
|||
(57 intermediate revisions by 13 users not shown) | |||
Line 26: | Line 26: | ||
You need the following before joining in on the test day. | You need the following before joining in on the test day. | ||
* | * '''Live CD:''' http://fedorapeople.org/~stefw/isos/ad-testday-dns-20121018.iso | ||
* [https://admin.fedoraproject.org/updates/FEDORA-2012- | *: This Live CD is preconfigured to work with the [[Features/ActiveDirectory/TestBed#Red_Hat_Active_Directory_Test_Bed|Active Directory Test Bed]]. But you still need to set a local host name. | ||
* If you don't want to use the Live CD, you can use an updated [http://fedoraproject.org/get-prerelease Fedora 18 pre-release] | |||
* [https://admin.fedoraproject.org/updates/FEDORA-2012-16542/realmd-0.10-1.fc18 realmd 0.10] installed from updates-testing, or from git master (preinstalled on the LiveCD). | |||
* An [[Features/ActiveDirectory/TestBed|Active Directory domain]] to test against. | * An [[Features/ActiveDirectory/TestBed|Active Directory domain]] to test against. | ||
* Domain user account or administrator account on the given Active Directory domain. See below for which test cases require which privileges. | * Domain user account or administrator account on the given Active Directory domain. See below for which test cases require which privileges. | ||
Line 143: | Line 145: | ||
! [[QA:Testcase_Active_Directory_realmd_login|login]] | ! [[QA:Testcase_Active_Directory_realmd_login|login]] | ||
! [[QA:Testcase_Active_Directory_realmd_login_deny|deny login]] | ! [[QA:Testcase_Active_Directory_realmd_login_deny|deny login]] | ||
! [[QA:Testcase_Active_Directory_realmd_login_any|permit | ! [[QA:Testcase_Active_Directory_realmd_login_any|permit any]] | ||
! [[QA:Testcase_Active_Directory_realmd_login_deny_any|deny any]] | |||
! [[QA:Testcase_Active_Directory_realmd_join_automatic|autojoin]] | ! [[QA:Testcase_Active_Directory_realmd_join_automatic|autojoin]] | ||
! [[QA:Testcase_Active_Directory_realmd_join_otp|OTP join]] | ! [[QA:Testcase_Active_Directory_realmd_join_otp|OTP join]] | ||
Line 155: | Line 158: | ||
| {{result|warn}} <ref>Test pass, {{bz|54321}}</ref> | | {{result|warn}} <ref>Test pass, {{bz|54321}}</ref> | ||
| {{result|fail}} <ref>{{bz|12345}}</ref> | | {{result|fail}} <ref>{{bz|12345}}</ref> | ||
| {{result|none}} | |||
| {{result|none}} | | {{result|none}} | ||
| {{result|none}} | | {{result|none}} | ||
Line 169: | Line 173: | ||
| {{result|pass}} | | {{result|pass}} | ||
| {{result|pass}} | | {{result|pass}} | ||
| {{result|fail}} <ref>{{bz| | | {{result|fail||867820}}- realm crashes when computer-ou empty, <ref>{{bz|867767}} - SELinux denials</ref>, <ref>{{bz|867769}} - man page typo</ref> | ||
| {{result| | | {{result|fail}} <ref>{{bz|867767}} - SELinux denials preventing sssd to stop</ref>, works with disabled SELinux | ||
| {{result|fail}} <ref>{{bz|867767}} - SELinux denials preventing sssd to stop</ref>, works with disabled SELinux | |||
| {{result|none}} | | {{result|none}} | ||
| {{result|none}} | | {{result|none}} | ||
Line 189: | Line 194: | ||
| {{result|fail}} <ref>same</ref> | | {{result|fail}} <ref>same</ref> | ||
| {{result|fail}} <ref>Join works, but samba-client and samba-winbind packages are not installed {{bz|867873}}</ref> | | {{result|fail}} <ref>Join works, but samba-client and samba-winbind packages are not installed {{bz|867873}}</ref> | ||
| {{result|warn}} <ref>Works, but | | {{result|warn}} <ref>Works, but group names are not resolved {{bz|867874}}</ref> | ||
| {{result| | | {{result|pass}} <ref>setenforce 0</ref> | ||
| {{result| | | {{result|pass}} <ref>setenforce 0</ref> | ||
| {{result| | | {{result|pass}} <ref>setenforce 0</ref> | ||
| {{result| | | {{result|pass}} <ref>setenforce 0</ref> | ||
| {{result| | | {{result|pass}} <ref>setenforce 0</ref> | ||
| {{result|none}} | | {{result|none}} | ||
| {{result|pass}} | |||
| <references/> | | <references/> | ||
|- | |- | ||
Line 201: | Line 207: | ||
| {{result|pass}} | | {{result|pass}} | ||
| {{result|pass}} | | {{result|pass}} | ||
| {{result|none}} | |||
| {{result|none}} | | {{result|none}} | ||
| {{result|none}} | | {{result|none}} | ||
Line 217: | Line 224: | ||
| {{result|pass}} | | {{result|pass}} | ||
| {{result|pass}} | | {{result|pass}} | ||
| {{result|fail}} <ref>AVC denials ({{bz|867765}}), incorrect DNS registration ({{bz|867864}}), works with setenforce 0</ref> | | {{result|fail}} <ref>AVC denials ({{bz|867765}}), incorrect DNS registration ({{bz|867864}}, {{bz|867915}}), works with setenforce 0</ref> | ||
| {{result|warn}} <ref>AVC denials ({{bz|867765}}), works with setenforce 0</ref> | | {{result|warn}} <ref>AVC denials ({{bz|867765}}), works with setenforce 0</ref> | ||
| {{result|warn}} <ref>AVC denials ({{bz|867765}}), works with setenforce 0</ref> | | {{result|warn}} <ref>AVC denials ({{bz|867765}}), works with setenforce 0</ref> | ||
| {{result|warn}} <ref>with workaroud ({{bz|867873}}) tests pass, winbind warns about log file ({{bz|867893}})</ref> | | {{result|warn}} <ref>with workaroud ({{bz|867873}}) tests pass, winbind warns about log file ({{bz|867893}})</ref> | ||
| {{result|warn}} <ref>Works, but groups are not resolved {{bz|867874}}</ref> | | {{result|warn}} <ref>Works, but groups are not resolved {{bz|867874}}</ref> | ||
| {{result| | | {{result|pass}} <ref>with setenforce 0, I did not check audit logs</ref> | ||
| {{result| | | {{result|pass}} <ref>with setenforce 0, I did not check audit logs</ref> | ||
| {{result|pass}} <ref>with setenforce 0, I did not check audit logs</ref> | |||
| {{result|none}} | | {{result|none}} | ||
| {{result|none}} | | {{result|none}} | ||
Line 233: | Line 241: | ||
| {{result|pass}} | | {{result|pass}} | ||
| {{result|pass}} | | {{result|pass}} | ||
| {{result|fail | | {{result|fail||867767}} | ||
| {{result|warn}} <ref>with setenforce 0</ref> | | {{result|warn}} <ref>with setenforce 0</ref> | ||
| {{result|warn}} <ref>with setenforce 0</ref> | | {{result|warn}} <ref>with setenforce 0</ref> | ||
| {{result|fail}} <ref>{{ | | {{result|fail||867873}} | ||
| {{result|warn}} <ref>{{bz| | | {{result|warn||867874}} | ||
| {{result|warn}} <ref>https://bugzilla.gnome.org/show_bug.cgi?id=686385</ref> | |||
| {{result|warn||867874}} | |||
| {{result|warn}} <ref>https://bugs.freedesktop.org/show_bug.cgi?id=56144</ref> | |||
| {{result|fail}} <ref>https://bugs.freedesktop.org/show_bug.cgi?id=56147 https://bugs.freedesktop.org/show_bug.cgi?id=56148</ref> | |||
| {{result|warn}} <ref>https://bugs.freedesktop.org/show_bug.cgi?id=56147</ref> | |||
| {{result|fail}} <ref>https://bugzilla.gnome.org/show_bug.cgi?id=686390</ref> | |||
| {{result|pass}} | |||
| <references/> | |||
|- | |||
| [[User:jpospisi|jpospisi]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|warn}} <ref>{{bz|867873}} all testcases past this one were tested with 'setenforce 0'</ref> | |||
| {{result|pass}} | |||
| {{result|pass}} <ref>I had access to the server. Checked that computer was successfully removed.</ref> | |||
| {{result|warn||867873}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | | {{result|none}} | ||
| {{result|none}} | | {{result|none}} | ||
Line 244: | Line 270: | ||
| {{result|none}} | | {{result|none}} | ||
| {{result|none}} | | {{result|none}} | ||
| <references/> | | <references/> | ||
|- | |- | ||
| [[User:ksrot|ksrot]] | | [[User:ksrot|ksrot]] | ||
| {{result|pass}} | | {{result|pass}} | ||
| {{result|warn | | {{result|warn||867767}} | ||
| {{result|fail | | {{result|fail||867765|867807}} | ||
| {{result|fail | | {{result|fail||867765}} | ||
| {{result|fail}} | | {{result|fail||867873}} | ||
| {{result|none}} | |||
| {{result|none}} | | {{result|none}} | ||
| {{result|none}} | | {{result|none}} | ||
Line 278: | Line 289: | ||
| {{result|none}} | | {{result|none}} | ||
<references/> | <references/> | ||
|- | |- | ||
| [[User:jscotka|jscotka]] | | [[User:jscotka|jscotka]] | ||
| {{result|pass}} | | {{result|pass}} | ||
| {{result|pass}} | | {{result|pass}} | ||
| {{result|fail | | {{result|fail||867873}} | ||
| {{result|pass}} | | {{result|pass}} | ||
| {{result| | | {{result|pass}} | ||
| {{result|pass}} but seems slow | |||
| {{result|none}} | | {{result|none}} | ||
| {{result|none}} | | {{result|none}} | ||
Line 296: | Line 307: | ||
| {{result|none}} | | {{result|none}} | ||
<references/> | <references/> | ||
|- | |- | ||
| [[User:psklenar|psklenar]] | | [[User:psklenar|psklenar]] | ||
| {{result|pass}} | | {{result|pass}} | ||
| {{result|fail | | {{result|fail||867820}} | ||
| {{result|none}} | | {{result|none}} | ||
| {{result|none}} | | {{result|none}} | ||
Line 311: | Line 321: | ||
| {{result|none}} | | {{result|none}} | ||
| {{result|none}} | | {{result|none}} | ||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
<references/> | |||
|- | |||
| [[User:tbzatek|tbzatek]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|warn||867767}} | |||
| {{result|warn||867767}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|none}} | | {{result|none}} | ||
| {{result|none}} | | {{result|none}} | ||
<references/> | <references/> | ||
|- | |||
| [[User:pkis|pkis]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| {{result|none}} | |||
| <references/> | |||
|- | |||
| [[User:Adamjosephcook|Adam Joseph Cook]] | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|warn||867873}} <ref>Disabled SELinux (setenforce 0). Step 4 may be incorrect - system had to restarted to find keytab.</ref> | |||
| {{result|warn}} <ref>Disabled SELinux (setenforce 0) - will not pass otherwise.</ref> | |||
| {{result|warn}} <ref>Disabled SELinux (setenforce 0) - will not pass otherwise.</ref> | |||
| {{result|warn}} <ref>Disabled SELinux (setenforce 0) - will not pass otherwise.</ref> | |||
| {{result|warn||825498|867874}}<ref>Disabled SELinux (setenforce 0) - will not pass otherwise.</ref> | |||
| {{result|inprogress}} <ref>Had to suspend testing, significant nouveau issues with FC18 - not related to AD. Will finish in coming days.</ref> | |||
| {{result|inprogress}} | |||
| {{result|inprogress}} | |||
| {{result|inprogress}} | |||
| {{result|inprogress}} | |||
| {{result|inprogress}} | |||
| {{result|inprogress}} | |||
| <references/> | |||
|- | |||
| [[User:Vpodzime|vpodzime]] | |||
(all with setenforce 0) | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|warn}} <ref group="long">Computer not removed from the Active Directory, only a liitle arrow appeared in the computer icon [http://vpodzime.fedorapeople.org/removed_computer.png screenshot]</ref> | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} | |||
| {{result|pass}} <ref>Some problems appeared during testing, but were caused by the leftovers from the previous testing.</ref> | |||
| {{result|pass}} | |||
| {{result|pass}} <ref>The user was listed in the GDM's list.</ref> | |||
| {{result|pass}} | |||
| <references/> | |||
|} | |||
== Long comments == | |||
<references group="long" /> | |||
[[Category:Test Days | [[Category:Fedora 18 Test Days|a]] | ||
Latest revision as of 21:34, 26 June 2015
Fedora Test Days | |
---|---|
Active Directory | |
Date | 2012-10-18 |
Time | all day |
Website | QA/Fedora_18_test_days |
IRC | #fedora-test-day (webirc) |
Mailing list | sssd-devel |
What to test?[edit]
Today's installment of Fedora Test Day will focus on Active Directory, in particular using realmd to setup authentication using domain accounts, sssd to handle the active directory authentication, and other involved bits and pieces.
Who's available[edit]
The following cast of characters will be available testing, workarounds, bug fixes, and general discussion ...
- Development - Stefw (stefw), jhrozek (jhrozek-SSSD devel)(irc_nick2)
- Quality Assurance - ksrot (ksrot), omoris (omoris), mvadkert (mvadkert), jpospisi (jpospisi)
Prerequisite for Test Day[edit]
You need the following before joining in on the test day.
- Live CD: http://fedorapeople.org/~stefw/isos/ad-testday-dns-20121018.iso
- This Live CD is preconfigured to work with the Active Directory Test Bed. But you still need to set a local host name.
- If you don't want to use the Live CD, you can use an updated Fedora 18 pre-release
- realmd 0.10 installed from updates-testing, or from git master (preinstalled on the LiveCD).
- An Active Directory domain to test against.
- Domain user account or administrator account on the given Active Directory domain. See below for which test cases require which privileges.
How to test?[edit]
At a high level the following are being tested:
- realmd used together with Active Directory
- sssd used together with Active Directory
- control-center GNOME control center used with Enterprise Logins
- gnome-online-accounts used with a Kerberos account
- gvfs used for SMB access with a Kerberos ticket
You can explore these, and their documentation. Or you can follow the test cases below.
Test Cases[edit]
Testcase | Description | Privileges | Approx. time required |
---|---|---|---|
AD no krb5.conf | Using Active Directory without krb5.conf | Any | 5 minutes |
Discover AD | Using realmd to discover information about an Active Directory domain | Any | 5 minutes |
Join AD with sssd | Using realmd to join an Active Directory domain with sssd as the client. | Domain user | 15 minutes |
Leave AD | Using realmd to leave an Active Directory domain. | Domain user | 15 minutes |
Leave AD with remove | Using realmd to leave an Active Directory domain, removing the computer account. | Domain user | 15 minutes |
Join AD with winbind | Using realmd to join an Active Directory domain with winbind as the client. | Domain user | 15 minutes |
Login with AD account | Using realmd permit one domain login, and then log in using that account | Domain user | 10 minutes |
Deny login for AD account | Using realmd deny one domain login. | Domain user | 10 minutes |
Login with any AD account | Using realmd permit any domain login, and then log in using an account | Domain user | 10 minutes |
Deny login for any AD account | Using realmd deny any domain login. | Domain user | 10 minutes |
Join AD automatic | Using realmd to join an active directory domain automatically | Domain admin | 20 minutes |
Join AD with OTP | Using realmd to join an Active Directory domain with a one time password. | Domain admin | 20 minutes |
Control Center Enterprise Login | Using Control Center to add an Enterprise Login (ie: a domain account), and testing login with that account. | Domain user | 20 minutes |
GVfs access | Using gvfs to access SMB shares with active kerberos ticket. | Domain user | 5 minutes |
Test Results[edit]
Log issues and enhancements in one of these places:
- realmd bugzilla
- gnome-control-center bugzilla
- gnome-online-accounts bugzilla
- gvfs bugzilla
- Red Hat bugzilla
- SSSD Trac
User | AD no krb5.conf | AD discovery | SSSD join | Leave AD | Leave AD and remove account | winbind join | login | deny login | permit any | deny any | autojoin | OTP join | control center | gvfsd-smb | References |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Sample User | |||||||||||||||
mvadkert | - realm crashes when computer-ou empty, [2], [3] | ||||||||||||||
Maxim Burgerhout | |||||||||||||||
omoris | |||||||||||||||
Stijn |
| ||||||||||||||
stefw |
| ||||||||||||||
jpospisi | |||||||||||||||
ksrot | |||||||||||||||
jscotka | |||||||||||||||
psklenar | |||||||||||||||
tbzatek | |||||||||||||||
pkis | |||||||||||||||
Adam Joseph Cook | [2] | [8] |
| ||||||||||||
vpodzime
(all with setenforce 0) |
Long comments[edit]
- ↑ Computer not removed from the Active Directory, only a liitle arrow appeared in the computer icon screenshot