From Fedora Project Wiki
No edit summary |
(Update requirements) |
||
| (One intermediate revision by one other user not shown) | |||
| Line 2: | Line 2: | ||
|description=realmd can discover information about a domain server directly | |description=realmd can discover information about a domain server directly | ||
|setup= | |setup= | ||
# | # Make sure you have the required software: | ||
#* realmd 0.14.0 | |||
# Verify that your [[QA:Testcase_Active_Directory_Setup|Active Directory domain access works, or set a domain up]]. | |||
# Server names (domain controllers) for Active Directory and FreeIPA domains. | # Server names (domain controllers) for Active Directory and FreeIPA domains. | ||
#: If you don't know the servers for a given domain, you can use DNS to look them up: | #: If you don't know the servers for a given domain, you can use DNS to look them up: | ||
| Line 17: | Line 19: | ||
|results= | |results= | ||
# Using <code>realm discover</code> with servers should discover their appropriate realms, and should contain the appropriate <code> | # Using <code>realm discover</code> with servers should discover their appropriate realms, and should contain the appropriate <code>server-software:</code> lines. | ||
#: The <code>realm-name:</code> and <code>domain-name:</code> should be as expected for the domain | #: The <code>realm-name:</code> and <code>domain-name:</code> should be as expected for the domain | ||
}} | }} | ||
Latest revision as of 06:15, 9 May 2013
Description
realmd can discover information about a domain server directly
Setup
- Make sure you have the required software:
- realmd 0.14.0
- Verify that your Active Directory domain access works, or set a domain up.
- Server names (domain controllers) for Active Directory and FreeIPA domains.
- If you don't know the servers for a given domain, you can use DNS to look them up:
$ host -t SRV _ldap._tcp.ad.example.com
How to test
- Perform a discovery command against the active directory server.
$ realm discover server.ad.example.com
- The output should contain one realm listed, at it should be the name of the domain and not the server that you specified.
- The domain name on the first line, and the also contain the line
server-software: active-directory
- Perform a discovery command against an IPA domain server.
$ realm discover server.ipa.example.com
- The output should contain one realm listed, at it should be the name of the domain and not the server that you specified.
- The domain name on the first line, and the also contain the line
server-software: freeipa
Expected Results
- Using
realm discoverwith servers should discover their appropriate realms, and should contain the appropriateserver-software:lines.- The
realm-name:anddomain-name:should be as expected for the domain
- The
More: Use IP addresses
Repeat the tests but this time use the IP addresses of the servers instead. Results should be identical.
Troubleshooting
Use the --verbose argument to see details of what's being done during discovery. You can see output like this:
[stef@stef-fedora realmd]$ realm discover --verbose 192.168.12.12 * Sending MS-CLDAP ping to: 192.168.12.12 * Performing LDAP DSE lookup on: 192.168.12.12 * Successfully discovered: domain.example.com domain.example.com type: kerberos realm-name: DOMAIN.EXAMPLE.COM domain-name: domain.example.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: adcli required-package: samba-common login-formats: DOMAIN\%U login-policy: allow-realm-logins