From Fedora Project Wiki

Revision as of 14:08, 16 October 2012 by Stefw (talk | contribs) (Add --verbose output)

Description

realmd automatically discovers information about kerberos realms, and determines whether they are Active Directory domains or other types of kerberos realms.

Setup

  1. Verify that your Active Directory domain access works. If you don't have an Active Directory domain, you can set one up.
  2. Make sure you have <package>realmd</package> 0.9 or later installed. 
    $ rpm -q realmd

How to test

  1. Perform a discovery command against your active directory domain. 
    $ realm discover ad.example.com
    The output should contain one realm listed. The domain name on the first line, and the also contain the line type: active-directory
  2. Perform a discovery command against a generic kerberos domain, such as nullroute.eu.org. 
    $ realm discover nullroute.eu.org
    The output should contain one realm listed. The domain name on the first line, and the also contain the line type: kerberos
  3. Perform a discovery command against an IPA domain, if you have access to one. 
    $ realm discover ipa.example.com
    The output should contain one realm listed. The domain name on the first line, and the also contain the line type: freeipa

Expected Results

  1. The realms should be discoverable, and should contain the appropriate type: lines.



Troubleshooting

Use the --verbose argument to see details of what's being done during discovery. You can see output like this: 

$ realm discover --verbose nullroute.eu.org
 * Searching for kerberos SRV records for domain: _kerberos._udp.nullroute.eu.org
 * Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.nullroute.eu.org
 * virgule.cluenet.org:88 panther.nathan7.eu:88 
 * Trying to retrieve IPA certificate from virgule.cluenet.org
 * Trying to retrieve IPA certificate from panther.nathan7.eu
 ! Couldn't read certificate via HTTP: No PEM-encoded certificate found
 ! Couldn't discover IPA KDC: No PEM-encoded certificate found
 * Found kerberos DNS records for: nullroute.eu.org
 * Successfully discovered: nullroute.eu.org
...

The complete output for the discovery of an Active Directory domain (which is not configured locally) should look something like: 

$ realm discover ad.example.com
ad.example.com
  configured: no
  server-software: active-directory
  client-software: sssd
  type: kerberos
  realm-name: AD.EXAMPLE.COM
  domain-name: ad.example.com
Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_realmd_discovery&oldid=307165"