From Fedora Project Wiki

No edit summary
Line 117: Line 117:
| {{result|none}}
| {{result|none}}
| {{result|none}}
| {{result|none}}
| {{result|warn}} <ref>Make sure your network users use UID:s > 1000, or change min_id in /etc/sssd/sssd.conf. Works fine otherwise.</ref>
| {{result|warn}} <ref>Make sure your network users use UID:s > 1000, or change min_id in /etc/sssd/sssd.conf. Works fine otherwise.</ref><ref>Couldn't test password changes, because kpasswd service was not available on the server</ref>
| <references/>
| <references/>
|-
|-

Revision as of 14:13, 31 March 2010

DATE TIME WHERE
Tuesday March 30, 2010 ALL DAY #fedora-test-day (webirc)

What to test?

Today's installment of Fedora Test Day will focus on SSSD by default

If you come to this page after the test day is completed, your testing is still valuable, and you can use the information on this page to test with your system and provide feedback.

Who's available

The following cast of characters will be available testing, workarounds, bug fixes, and general discussion...

What's needed to test

How to test?

Update your machine

See the instructions on the Branched page on the various ways in which you can install or update to the Branched release. Be sure you are testing with at least authconfig-6.1.2-1.fc13 and sssd-1.1.0-2.fc13. To install the latest authconfig, type: yum --enablerepo=updates-testing update authconfig sssd

Live image

Optionally, you may download a non-destructive Rawhide live image for your architecture. Tips on using a live image are available at FedoraLiveCD. Live images with the latest authconfig and sssd packages can be found here.

Test

When ready, please follow each of these test cases:

Don't have an LDAP or kerberos server?
If you do not have a local LDAP or kerberos server to test with, you can still participate. An LDAP and kerberos server are provided during the test day. However, if you are visiting this page well after the test day, the following information may no longer apply.
  • Public Certificate URL - http://jlaska.fedorapeople.org/sssd/cacert.asc
  • Available user accounts: sssdtest10001 ... sssdtest10100
  • Available groups: sssdgroup20001 ... sssdgroup20100
  • LDAP server information
    • Default user password: sssdtest
    • ldap_uri = ldap://publictest9.fedoraproject.org
    • ldap_search_base = dc=fedoraproject,dc=org
  • Kerberos server information
    • Default user password: sssdkrb5
    • krb5_realm = SSSD.FEDORAPROJECT.ORG
    • krb5_kdcip = publictest9.fedoraproject.org:88
    • krb5_kpasswd = publictest9.fedoraproject.org:749

Report your Results

If you have problems with any of the tests, report a bug to Trac. If you are unsure about exactly how to file the report, just ask on IRC and we will help you. Once you have completed the tests, add your results to the Results table below, following the example results from James Laska as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, if your system worked correctly, simply enter the word PASS. If you had trouble, enter the word FAIL, with a link to the bug report for the failure. If you could not perform one test (for example, you cannot perform the more advanced tests because the basic one fails, or you cannot perform the private LDAP test as you do not have access to an LDAP server), enter the word N/A. In the comments column, you can enter any short, additional information about your testing environment.

Test Results

User local/local LDAP/LDAP LDAP/LDAP TLS LDAP/Kerberos Comments
Sample User
none
Pass pass
Warning warn
[1]
Fail fail
[2]
  1. Test pass, but also encountered RHBZ #54321
  2. RHBZ #12345
jlaska
Pass pass
Fail fail
[1] [2][3] [4]
Warning warn
[5]
none
  1. Need to fix test case instructions, ldaps:// didn't work without certificate
  2. RHBZ #578219 - Configuring ldaps:// + cacert does not run cacert_rehash on downloaded certificate
  3. Workaround for bug#578219 - change to tty2 and manually run cacert_rehash /etc/openldap/cacerts, then restart sssd
  4. RHBZ #578303 - SSSD users cannot log in through GDM
  5. RHBZ #578311 - authconfig doesn't remember "[X] Use TLS to encrypt connection" setting
liam
Fail fail
[1]
none
none
none
  1. RHBZ #578124
shanks
Pass pass
Fail fail
[1]
Pass pass
Warning warn
[2]
  1. requires a signed certificate in /etc/openldap/cacerts
  2. Unable to change password. "System is offline, password change not possible. passwd: Authentication token manipulation error" message displayed.
duffy
none
Warning warn
[1]
none
none
  1. RHBZ #578231 - Add checkbox 'Allow authentication via self-signed certificates'
Stephen Gallagher
Warning warn
[1]
none
none
none
  1. There were issues with the livecd related to setting up local users. After installing the livecd on disk, everything worked as expected.
Lars Delhage
Pass pass
none
none
Warning warn
[1][2]
  1. Make sure your network users use UID:s > 1000, or change min_id in /etc/sssd/sssd.conf. Works fine otherwise.
  2. Couldn't test password changes, because kpasswd service was not available on the server
Sumit Bose
none
none
Pass pass
[1]
Pass pass
[2]
  1. Used console login instead of GDM.
  2. Used console login instead of GDM. Couldn't test password changes, because kpasswd service was not available on the server
User local/local LDAP/LDAP LDAP/LDAP TLS LDAP/Kerberos Comments