From Fedora Project Wiki
(Created page with "{{QA/Test_Case |description=Using POSIX attributes defined in AD in FreeIPA |setup= * Setup an Active Directory server (2008 R2 or above). * Install Services for Identity Mana...") |
mNo edit summary |
||
Line 17: | Line 17: | ||
=== Adding a trust (letting FreeIPA detect the POSIX support) === | === Adding a trust (letting FreeIPA detect the POSIX support) === | ||
=== Checking the properties of the range | === Checking the properties of the range === | ||
=== Checking that user from AD has correct UID (as defined in AD) === | === Checking that user from AD has correct UID (as defined in AD) === | ||
Line 23: | Line 23: | ||
=== Adding a trust (forcing the SID-based approach) === | === Adding a trust (forcing the SID-based approach) === | ||
=== Checking the properties of the range | === Checking the properties of the range === | ||
=== Checking that user does not have UID as defined in AD === | === Checking that user does not have UID as defined in AD === |
Revision as of 15:47, 24 July 2013
Description
Using POSIX attributes defined in AD in FreeIPA
Setup
- Setup an Active Directory server (2008 R2 or above).
- Install Services for Identity Management for UNIX Components: http://technet.microsoft.com/en-us/library/cc731178.aspx
How to test
Planned configuration
Instructions below will assume following setup:
- There is Active Directory domain, set up under name AD.LAN. Domain controller for AD.LAN server is dc.ad.lan and has IP-address DC-AD.
- There is FreeIPA realm, set up under name IPA.LAN. FreeIPA server for the realm IPA.LAN is dc.ipa.lan and has IP-address DC-IPA.
FreeIPA realm will gain a short name used for NetBIOS communication, known as 'domain name' in SMB. Usually it is the same as leftmost component of the realm, i.e. IPA for IPA.LAN.
Steps to prepare for trust-add
Adding a trust (letting FreeIPA detect the POSIX support)
Checking the properties of the range
Checking that user from AD has correct UID (as defined in AD)
Adding a trust (forcing the SID-based approach)
Checking the properties of the range
Checking that user does not have UID as defined in AD
Expected Results
All the test steps should end with the specified results.