(Update category) |
No edit summary |
||
(3 intermediate revisions by one other user not shown) | |||
Line 2: | Line 2: | ||
|description=This test case verifies that <code>adcli join</code> can work without DNS. | |description=This test case verifies that <code>adcli join</code> can work without DNS. | ||
|setup= | |setup= | ||
# Make sure to complete the [[QA: | # Make sure to complete the [[QA:Testcase_adcli_setup|prerequisites before starting this test]]. | ||
# [[QA:Testcase_adcli_info|Test general adcli info]] functionality before doing this test. | # [[QA:Testcase_adcli_info|Test general adcli info]] functionality before doing this test. | ||
# Your machine should have a valid unique host name. It shouldn't be <code>localhost</code>. | # Your machine should have a valid unique host name. It shouldn't be <code>localhost</code>. | ||
Line 57: | Line 57: | ||
</pre> | </pre> | ||
}} | }} | ||
== Cleanup == | |||
Cleanup after this test case is simple. | |||
<pre># rm -f /etc/krb5.keytab</pre> | |||
<pre># adcli delete-computer --domain-controller=10.10.10.10 --domain=domain.example.com <hostname -s></pre> | |||
=== More: No domain specified === | === More: No domain specified === | ||
Line 66: | Line 73: | ||
== Troubleshooting == | == Troubleshooting == | ||
* You won't be able to use kinit to authenticate against the domain at this point, as that requires either DNS or custom configuration. | |||
* Move your <code>resolv.conf</code> back: | * Move your <code>resolv.conf</code> back: | ||
<pre># mv /etc/resolv.conf.bak /etc/resolv.conf</pre> | <pre># mv /etc/resolv.conf.bak /etc/resolv.conf</pre> | ||
* Use the <code>--verbose</code> argument to provide output when troubleshooting or reporting bugs. | * Use the <code>--verbose</code> argument to provide output when troubleshooting or reporting bugs. | ||
[[Category:Active_Directory_Test_Cases]] | |||
[[Category:Active_Directory_Test_Cases]] [[Category:adcli_Test_Cases]] |
Latest revision as of 13:49, 7 May 2013
Description
This test case verifies that adcli join
can work without DNS.
Setup
- Make sure to complete the prerequisites before starting this test.
- Test general adcli info functionality before doing this test.
- Your machine should have a valid unique host name. It shouldn't be
localhost
. - You need a domain account that is capable of joining the domain, for example an administrative account.
- These commands are meant to be run as root.
- You need the IP address of a domain controller for your domain. Find it like so:
$ adcli info domain.example.com | grep domain-controller
$ nslookup <domain-controller-from-previous-command>
How to test
- Remove your host keytab
# test -e /etc/krb5.keytab && mv /etc/krb5.keytab /etc/krb5.keytab.bak
- Move your
resolv.conf
file to completely break DNS resolution.# mv /etc/resolv.conf /etc/resolv.conf.bak
- Use adcli to join the domain, placing your domain controller IP address in the appropriate place:
# adcli join --login-user=Administrator --domain-controller=10.10.10.10 domain.example.com
Expected Results
The join command should prompt for a password and then complete without error.
The join command will take a few seconds. It can take up to a minute in extreme cases where the domain controller for the domain is far away (latency wise).
The host keytab should contain new credentials for the host, like this. The KVNO, computer name, and domain name will differ.
# klist -k Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 3 COMPUTER$@DOMAIN.EXAMPLE.COM 3 COMPUTER$@DOMAIN.EXAMPLE.COM 3 COMPUTER$@DOMAIN.EXAMPLE.COM 3 COMPUTER$@DOMAIN.EXAMPLE.COM 3 COMPUTER$@DOMAIN.EXAMPLE.COM 3 HOST/COMPUTER@DOMAIN.EXAMPLE.COM 3 HOST/COMPUTER@DOMAIN.EXAMPLE.COM 3 HOST/COMPUTER@DOMAIN.EXAMPLE.COM 3 HOST/COMPUTER@DOMAIN.EXAMPLE.COM 3 HOST/COMPUTER@DOMAIN.EXAMPLE.COM 3 HOST/computer.example.com@DOMAIN.EXAMPLE.COM 3 HOST/computer.example.com@DOMAIN.EXAMPLE.COM 3 HOST/computer.example.com@DOMAIN.EXAMPLE.COM 3 HOST/computer.example.com@DOMAIN.EXAMPLE.COM 3 HOST/computer.example.com@DOMAIN.EXAMPLE.COM 3 RestrictedKrbHost/COMPUTER@DOMAIN.EXAMPLE.COM 3 RestrictedKrbHost/COMPUTER@DOMAIN.EXAMPLE.COM 3 RestrictedKrbHost/COMPUTER@DOMAIN.EXAMPLE.COM 3 RestrictedKrbHost/COMPUTER@DOMAIN.EXAMPLE.COM 3 RestrictedKrbHost/COMPUTER@DOMAIN.EXAMPLE.COM 3 RestrictedKrbHost/computer.example.com@DOMAIN.EXAMPLE.COM 3 RestrictedKrbHost/computer.example.com@DOMAIN.EXAMPLE.COM 3 RestrictedKrbHost/computer.example.com@DOMAIN.EXAMPLE.COM 3 RestrictedKrbHost/computer.example.com@DOMAIN.EXAMPLE.COM 3 RestrictedKrbHost/computer.example.com@DOMAIN.EXAMPLE.COM
Cleanup
Cleanup after this test case is simple.
# rm -f /etc/krb5.keytab
# adcli delete-computer --domain-controller=10.10.10.10 --domain=domain.example.com <hostname -s>
More: No domain specified
- You should be able to do the above without specifying a domain.
# adcli join --login-user=Administrator --domain-controller=10.10.10.10
- In practice (real world) always know the domains you're joining.
Troubleshooting
- You won't be able to use kinit to authenticate against the domain at this point, as that requires either DNS or custom configuration.
- Move your
resolv.conf
back:
# mv /etc/resolv.conf.bak /etc/resolv.conf
- Use the
--verbose
argument to provide output when troubleshooting or reporting bugs.