From Fedora Project Wiki
(Initial page) |
No edit summary |
||
| Line 14: | Line 14: | ||
#: <pre>$ realm discover server.ipa.example.com</pre> | #: <pre>$ realm discover server.ipa.example.com</pre> | ||
#: The output should contain one realm listed, at it should be the name of the domain and not the server that you specified. | #: The output should contain one realm listed, at it should be the name of the domain and not the server that you specified. | ||
#: The domain name on the first line, and the also contain the line <code> | #: The domain name on the first line, and the also contain the line <code>server-software: freeipa</code> | ||
|results= | |results= | ||
Revision as of 11:51, 3 May 2013
Description
realmd can discover information about a domain server directly
Setup
- Fulfill the prerequisites and make sure your Active Directory domain access works. realmd 0.14.0+ and adcli 0.6+ are required.
- Server names (domain controllers) for Active Directory and FreeIPA domains.
- If you don't know the servers for a given domain, you can use DNS to look them up:
$ host -t SRV _ldap._tcp.ad.example.com
How to test
- Perform a discovery command against the active directory server.
$ realm discover server.ad.example.com
- The output should contain one realm listed, at it should be the name of the domain and not the server that you specified.
- The domain name on the first line, and the also contain the line
server-software: active-directory
- Perform a discovery command against an IPA domain server.
$ realm discover server.ipa.example.com
- The output should contain one realm listed, at it should be the name of the domain and not the server that you specified.
- The domain name on the first line, and the also contain the line
server-software: freeipa
Expected Results
- Using
realm discoverwith servers should discover their appropriate realms, and should contain the appropriatetype:lines.- The
realm-name:anddomain-name:should be as expected for the domain
- The
More: Use IP addresses
Repeat the tests but this time use the IP addresses of the servers instead. Results should be identical.
Troubleshooting
Use the --verbose argument to see details of what's being done during discovery. You can see output like this:
[stef@stef-fedora realmd]$ realm discover --verbose 192.168.12.12 * Sending MS-CLDAP ping to: 192.168.12.12 * Performing LDAP DSE lookup on: 192.168.12.12 * Successfully discovered: domain.example.com domain.example.com type: kerberos realm-name: DOMAIN.EXAMPLE.COM domain-name: domain.example.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: adcli required-package: samba-common login-formats: DOMAIN\%U login-policy: allow-realm-logins