From Fedora Project Wiki
mNo edit summary |
(Update requirements) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 9: | Line 9: | ||
#: You will be prompted for Policy Kit authorization. | #: You will be prompted for Policy Kit authorization. | ||
#: You will not be prompted for a password. | #: You will not be prompted for a password. | ||
#: On a successful leave there will be no output. | #: On a successful leave there will be no output. | ||
Line 22: | Line 21: | ||
#: <pre>sudo klist -k</pre> | #: <pre>sudo klist -k</pre> | ||
#: You should see no lines referring to the domain in the table, or an error message saying that the keytab does not exist. | #: You should see no lines referring to the domain in the table, or an error message saying that the keytab does not exist. | ||
# If you have set up the FreeIPA Web UI, you can see that computer account | # If you have set up the FreeIPA Web UI, you can see that computer account is still present (under the ''Hosts'' section) but no longer has the ''Enrolled'' flag. | ||
}} | }} | ||
Line 33: | Line 32: | ||
</pre> | </pre> | ||
< | * {{bz|953453}} ipa-client-install incorrectly removes 'sss' from <code>/etc/nsswitch.conf</code> | ||
** This may cause errors when running other tests after this one. | |||
</ | ** A newly installed system will have this present. | ||
** ''Workaround'': The following lines should have 'sss' on them in <code>/etc/nsswitch.conf</code> by default. You can restore this by doing the following, and then running through the tests again: | |||
<pre>$ sudo mv /etc/nsswitch.conf /etc/nsswitch.conf.bak | |||
$ sudo yum reinstall glibc | |||
<pre> | $ shutdown -r now</pre> | ||
$ sudo | |||
</pre> | |||
[[Category: | [[Category:Realmd_Test_Cases]] [[Category:FreeIPA_Test_Cases]] |
Latest revision as of 06:47, 9 May 2013
Description
Leave a FreeIPA domain by deconfiguring it locally.
Setup
- If you haven't already, run through the test case to join the domain.
How to test
- Perform the leave command.
$ realm leave ipa.example.org
- You will be prompted for Policy Kit authorization.
- You will not be prompted for a password.
- On a successful leave there will be no output.
Expected Results
- Check that the domain is no longer configured.
$ realm list
- Make sure the domain is not listed.
- Check that you cannot resolve domain accounts on the local computer.
$ getent passwd admin@ipa.example.org
- There should be no output.
- Check that there is no machine account for the domain in the keytab.
sudo klist -k
- You should see no lines referring to the domain in the table, or an error message saying that the keytab does not exist.
- If you have set up the FreeIPA Web UI, you can see that computer account is still present (under the Hosts section) but no longer has the Enrolled flag.
Troubleshooting
Use the --verbose
argument to see details of what's being done during a leave. Include verbose output in any bug reports.
$ realm leave --verbose ipa.example.org
- RHBZ #953453 ipa-client-install incorrectly removes 'sss' from
/etc/nsswitch.conf
- This may cause errors when running other tests after this one.
- A newly installed system will have this present.
- Workaround: The following lines should have 'sss' on them in
/etc/nsswitch.conf
by default. You can restore this by doing the following, and then running through the tests again:
$ sudo mv /etc/nsswitch.conf /etc/nsswitch.conf.bak $ sudo yum reinstall glibc $ shutdown -r now