From Fedora Project Wiki

Revision as of 14:47, 9 April 2013 by Stefw (talk | contribs) (Initial test case page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Description

This test case verifies that adcli join works with basic options.

Setup

  1. Make sure to complete the prerequisites before starting this test.
  2. It is necessary to have complete domain DNS resolution working for this test.
  3. Test general adcli info functionality before doing this test.
  4. Your machine should have a valid unique host name. It shouldn't be localhost.
  5. You need a domain account that is capable of joining the domain, for example an administrative account.
  6. These commands should be run as root (see Troubleshooting for an alternative).

How to test

  1. Remove your host keytab 
    # test -e /etc/krb5.keytab && mv /etc/krb5.keytab /etc/krb5.keytab.bak
  2. Use adcli to join the domain: 
    # adcli join --login-user=Administrator domain.example.com

Expected Results

The join command should prompt for a password and then complete without error.

The join command will take a few seconds. It can take up to a minute in extreme cases where the domain controller for the domain is far away (latency wise).

The host keytab should contain new credentials for the host, like this. The KVNO, computer name, and domain name will differ. 

# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   3 COMPUTER$@DOMAIN.EXAMPLE.COM
   3 COMPUTER$@DOMAIN.EXAMPLE.COM
   3 COMPUTER$@DOMAIN.EXAMPLE.COM
   3 COMPUTER$@DOMAIN.EXAMPLE.COM
   3 COMPUTER$@DOMAIN.EXAMPLE.COM
   3 HOST/COMPUTER@DOMAIN.EXAMPLE.COM
   3 HOST/COMPUTER@DOMAIN.EXAMPLE.COM
   3 HOST/COMPUTER@DOMAIN.EXAMPLE.COM
   3 HOST/COMPUTER@DOMAIN.EXAMPLE.COM
   3 HOST/COMPUTER@DOMAIN.EXAMPLE.COM
   3 HOST/computer.example.com@DOMAIN.EXAMPLE.COM
   3 HOST/computer.example.com@DOMAIN.EXAMPLE.COM
   3 HOST/computer.example.com@DOMAIN.EXAMPLE.COM
   3 HOST/computer.example.com@DOMAIN.EXAMPLE.COM
   3 HOST/computer.example.com@DOMAIN.EXAMPLE.COM
   3 RestrictedKrbHost/COMPUTER@DOMAIN.EXAMPLE.COM
   3 RestrictedKrbHost/COMPUTER@DOMAIN.EXAMPLE.COM
   3 RestrictedKrbHost/COMPUTER@DOMAIN.EXAMPLE.COM
   3 RestrictedKrbHost/COMPUTER@DOMAIN.EXAMPLE.COM
   3 RestrictedKrbHost/COMPUTER@DOMAIN.EXAMPLE.COM
   3 RestrictedKrbHost/computer.example.com@DOMAIN.EXAMPLE.COM
   3 RestrictedKrbHost/computer.example.com@DOMAIN.EXAMPLE.COM
   3 RestrictedKrbHost/computer.example.com@DOMAIN.EXAMPLE.COM
   3 RestrictedKrbHost/computer.example.com@DOMAIN.EXAMPLE.COM
   3 RestrictedKrbHost/computer.example.com@DOMAIN.EXAMPLE.COM



Troubleshooting

  • Use the --verbose argument to provide output when troubleshooting or reporting bugs.
  • If you are unable to run the adcli join command as root, you can use the following a --host-keytab=/tmp/krb5.keytab argument to remove that requirement. If you do so, you should also set the environment variable KRB5_KTNAME=/tmp/krb5.keytab when checking the results.
Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_adcli_join_simple&oldid=329824"