From Fedora Project Wiki
(Change example domain name to look less like a fully-qualified hostname.) |
(Fix @ and $ transposition) |
||
| Line 9: | Line 9: | ||
#: You should see an output line that looks like {{command|passwd}} output. It should contain an appropriate home directory, and a shell | #: You should see an output line that looks like {{command|passwd}} output. It should contain an appropriate home directory, and a shell | ||
# Check that you have an appropriate entry in your host's keytab: {{command|su -c 'klist -k'}} | # Check that you have an appropriate entry in your host's keytab: {{command|su -c 'klist -k'}} | ||
#: You should see several lines with your host name. For example {{command|1 host/$hostname@ | #: You should see several lines with your host name. For example {{command|1 host/$hostname$@FQDN}} | ||
# Check that you can use your keytab with kerberos: {{command|su -c 'kinit -k (principal)'}} | # Check that you can use your keytab with kerberos: {{command|su -c 'kinit -k (principal)'}} | ||
#: Replace (principal) with the principal from the output of the {{command|klist}} command above. Use the one with the domain capitalized and that looks like {{command|host/hostname@DOMAIN)}} (FreeIPA) or {{command|HOSTNAME$@DOMAIN}} (Active Directory) | #: Replace (principal) with the principal from the output of the {{command|klist}} command above. Use the one with the domain capitalized and that looks like {{command|host/hostname@DOMAIN)}} (FreeIPA) or {{command|HOSTNAME$@DOMAIN}} (Active Directory) | ||
Revision as of 13:46, 31 May 2017
- Check that the domain is now configured:
realm list- Make sure the domain is listed
- Make sure you have a
configured: kerberos-memberline in the output
- Check that you can resolve domain accounts on the local computer
- For Active Directory:
getent passwd 'AD\User'(make sure to use the quotes)- For FreeIPA:
getent passwd admin@domain(domain is the fully-qualified FreeIPA domain name, e.g. example.ipa)- You should see an output line that looks like
passwdoutput. It should contain an appropriate home directory, and a shell
- Check that you have an appropriate entry in your host's keytab:
su -c 'klist -k'- You should see several lines with your host name. For example
1 host/$hostname$@FQDN
- You should see several lines with your host name. For example
- Check that you can use your keytab with kerberos:
su -c 'kinit -k (principal)'- Replace (principal) with the principal from the output of the
klistcommand above. Use the one with the domain capitalized and that looks likehost/hostname@DOMAIN)(FreeIPA) orHOSTNAME$@DOMAIN(Active Directory) - There should be no output from this command
- Replace (principal) with the principal from the output of the
- If you are testing FreeIPA and have set up the FreeIPA Web UI, you can use it to see that the computer account was created under the Hosts section
- If you have are testing Active Directory and have console access to the domain controller, you can use the Active Directory Users and Computers tool to see if that the computer account was created under the Computers section
- Optionally, move on to QA:Testcase_domain_client_authenticate to ensure you can log in with a domain account.