From Fedora Project Wiki
| Fedora 19 Test Days | |
|---|---|
| |
| Enterprise accounts | |
| Date | 2013-05-09 |
| Time | all day |
| Website | realmd SSSD project, Feature page |
| IRC | #sssd (webirc, #fedora-test-day (webirc)) |
Can't make the date?
If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.
If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find, and add your results to the results section.
What to test?
Today's Test Day will be focused on new features related to using enterprise accounts (coming from either Active Directory or FreeIPA), in particular realmd and adcli to join a machine to a domain and sssd to handle authentication and other related tasks.
Who's available
- Development: Stef Walter (stefw, realmd/adcli dev), Jakub Hrozek (jhrozek, sssd dev)
- Quality Assurance: Patrik Kis (pkis), Davis Spurek (dspurek), Kaushik Banerjee (kaushik)
Prerequisite for Test Day
- LiveCD
- LiveCD tbd when sssd-1.10beta1 is out
- If you don't want to use the LiveCD, you can use an updated Fedora 19 pre-release
- A server to test against. Most test cases require an Active Directory domain, other tests require a FreeIPA server. Don't worry if you don't have both, any involvement in the test day is much appreciated!
- Domain user account or administrator account on the given Active Directory domain. See table below for which test cases require which privileges.
- If you are on Red Hat internal network you can test against our internal Test Bed: Test Day:2013-05-09 Red Hat Test Bed. Please note that the Test Bad doesn't have all capabilities which are required to run all test cases. While all test cases which requires administrator privileges and posix users are supported, the test cases with following privileges can't be run against the Test Bad (please skip them):
- Requires domain with multiple sites
- Requires domain with different forest name
- Requires read-only domain controller
How to test
At a high level the following are being tested:
- realmd used together with Active Directory or FreeIPA
- adcli used together with Active Directory or FreeIPA
- latest Kerberos improvements
- sssd used together with Active Directory or FreeIPA
You can explore these, and their documentation. Or you can follow the test cases below.
Test Cases - adcli
| Testcase | Description | Privileges | Approx. time required |
|---|---|---|---|
| adcli setup | Set up the environment in order to perform the adcli tests | Any | 5 minutes |
| adcli info | This test case retrieves basic information about a domain. | Any | 5 minutes |
| adcli info server | This test case retrieves basic information about a domain controller and the domain it is a part of. | Any | 5 minutes |
| adcli info site | This test case verifies that adcli info works even when the domain topology is complex. | Requires domain with multiple sites | 5 minutes |
| adcli info badsite | This test case verifies that adcli info correctly identifies that a domain controller not in its local site may not be completely usable. | Requires domain with multiple sites | 5 minutes |
| adcli info forest | This test case verifies that adcli info correctly reads the domain forest. | Requires domain with different forest name | 5 minutes |
| adcli info readonly | This test case verifies that adcli info correctly identifies domain controllers it cannot use. | Requires read-only domain controller | 5 minutes |
| adcli join simple | This test case verifies that adcli join works with basic options. | Administrator | 5 minutes |
| adcli join nodns | his test case verifies that adcli join can work without DNS. | Administrator | 5 minutes |
| adcli preset auto | This test case precreates accounts in the domain using adcli join, using the default automatic 'reset' computer account password. | Administrator | 5 minutes |
| adcli preset otp | This test case precreates accounts in the domain using adcli join. | Administrator | 5 minutes |
Test Cases - Active Directory
| Testcase | Description | Privileges | Approx. time required |
|---|---|---|---|
| AD no krb5.conf | Using Active Directory without krb5.conf | Any | 5 minutes |
| LessBrittleKerberos unsynced clocks | Kerberos client with unsynced clocks | Any | 5 minutes |
| Discover AD domain | Using realmd to discover information about an Active Directory domain | Any | 5 minutes |
| Discover AD server | Using realmd to discover information about an Active Directory server | Any | 5 minutes |
| Join AD using ccache | Join the current machine to an Active Directory domain using kerberos credentials already acquired before the join. | Administrator | 10 minutes |
| Join AD and set OS | Join the current machine to an Active Directory, and set the operating system name and version of the account. | Administrator | 10 minutes |
| Join AD and prevent installing requirements | Join the current machine to an Active Directory, and prevent automatic installation of packages. | Administrator | 10 minutes |
| Join AD without qualifying usernames | Join the current machine to an Active Directory, without using fully qualified user names. | Administrator | 10 minutes |
| Join AD using POSIX attributes | Join the current machine to an Active Directory, but use the POSIX attributes in the directory. | Administrator or user with posix attributes | 10 minutes |
| Join a specific AD server | Join the current machine to an Active Directory, manually specifying the domain server you want to join against. | Administrator | 10 minutes |
| Join AD while creating an UPN | Join the current machine to an Active Directory, while creating a userPrincipalName. | Administrator | 10 minutes |
| DNS dynamic updates | Verifies an AD client is able to update its DNS record. | Requires a joined client | 20 minutes |
| DNS site discovery | Verifies an AD client is able to connect to a particular DNS site as defined on the AD server | Requires a joined client | 20 minutes |
Test Cases - FreeIPA
| Testcase | Description | Privileges | Approx. time required |
|---|---|---|---|
| FreeIPA join | Join a client machine to a domain | admin | 10 minutes |
| FreeIPA login | Log in using FreeIPA credentials, both online and offline | admin | 15 minutes |
| FreeIPA sudo | Test FreeIPA's sudo management capabilities | admin | 10 minutes |
| FreeIPA SSH | Verify FreeIPA's SSH public key management | admin | 20 minutes |
| FreeIPA automount | Test FreeIPA's automounter maps management | admin | 20 minutes |
| FreeIPA control center | Setup an FreeIPA domain account login via the GNOME Control Center. | admin | 10 minutes |
| FreeIPA leave | Leave a FreeIPA domain by deconfiguring it locally. | Any | 5 minutes |
Test Results - FreeIPA
Log issues and enhancements in one of these places:
| User | FreeIPA join | FreeIPA login | FreeIPA sudo | FreeIPA SSH | FreeIPA automount | FreeIPA control center | FreeIPA leave | References |
|---|---|---|---|---|---|---|---|---|
| Sample User |  |
 |
 |