From Fedora Project Wiki

(Drop direct Test Days category membership)
 
(42 intermediate revisions by 12 users not shown)
Line 17: Line 17:


== Who's available ==
== Who's available ==
* Development: [[User:abbra|Alexander Bokovoy]] (ab), [[User:jhrozek|Jakub Hrozek]] (jhrozek), [[User:mkosek|Martin Kosek]] (mkosek)
* Development: [[User:abbra|Alexander Bokovoy]] (ab), [[User:jhrozek|Jakub Hrozek]] (jhrozek), [[User:mkosek|Martin Kosek]] (mkosek), [[User:tbabej|Tomas Babej]] (tbabej)
* Quality Assurance - [[User:spoore|Scott Poore]] (spoore), [[User:steeve|Steeve Goveas ]] (steeve)
* Quality Assurance - [[User:spoore|Scott Poore]] (spoore), [[User:steeve|Steeve Goveas ]] (steeve)


Line 30: Line 30:
* An instance of Microsoft Active Directory 2008 R2 or newer
* An instance of Microsoft Active Directory 2008 R2 or newer
** [http://www.freeipa.org/page/Setting_up_Active_Directory_domain_for_testing_purposes steps how to obtain your AD test instance]
** [http://www.freeipa.org/page/Setting_up_Active_Directory_domain_for_testing_purposes steps how to obtain your AD test instance]
* A live image. Tips on using a live image are available at [[FedoraLiveCD]].
{|
! Architecture !! SHA256SUM
|-
| [http://fedorapeople.org/groups/qa/testday-TBD-x86_64.iso x86_64] || checksum-tbd
|-
| [http://fedorapeople.org/groups/qa/testday-TBD-i686.iso i686] || checksum-tbd
|}
{{admon/note | Memory | Please make sure that the LiveCD has enough memory to operate. We recommend:
* At minimum 2.5 GB of memory for non-graphical run
* At minimum 3 GB memory for graphical (GNOME) run
}}


* An up-to-date Fedora 19 instance along with a custom repository containing the required packages
* An up-to-date Fedora 19 instance along with a custom repository containing the required packages
** TODO - Add links to a repository at repos.fedorapeople.org
** Grab the repofile from http://repos.fedorapeople.org/repos/jhrozek/freeipa-test-day/fedora-freeipa-test-day.repo and download it to your <code>/etc/yum.repos.d/</code>
* An updated [[Releases/Rawhide|Rawhide]] (tips on installing Rawhide below), or a [http://alt.fedoraproject.org/pub/alt/nightly-composes/desktop/ nightly live image]
# wget http://repos.fedorapeople.org/repos/jhrozek/freeipa-test-day/fedora-freeipa-test-day.repo \
        -O /etc/yum.repos.d/fedora-freeipa-test-day.repo


== How to test? ==
== How to test? ==
Line 53: Line 42:


* Establish a trust between an IPA server and an Active Directory instance following the steps below
* Establish a trust between an IPA server and an Active Directory instance following the steps below
** '''Install/Setup''' test cases 1 and 2, '''Serving legacy clients for trusts''' test case 1.
* Set up the LDAP client software (such as nss_ldap or pam_ldap) on your client to point to the IPA server
* Set up the LDAP client software (such as nss_ldap or pam_ldap) on your client to point to the IPA server
* Retrieve identity information about users coming from the trusted AD domain
* Retrieve identity information about users coming from the trusted AD domain
Line 58: Line 48:


Please report any issues you find using the channels described above or simply start a thread on the [https://www.redhat.com/mailman/listinfo/freeipa-users freeipa-users] mailing list.
Please report any issues you find using the channels described above or simply start a thread on the [https://www.redhat.com/mailman/listinfo/freeipa-users freeipa-users] mailing list.
You can also use our public Etherpad http://openetherpad.org/p/Fedora-19-IPA-33-Test-Day to share bugs, workarounds or any other useful info.


== Test Cases ==
== Test Cases ==
Line 64: Line 56:
* 1.  [[QA:Testcase_freeipa_trust_server_installation|IPA server and client installation]].
* 1.  [[QA:Testcase_freeipa_trust_server_installation|IPA server and client installation]].
** After finishing this test case, you would have a working IPA server and a client
** After finishing this test case, you would have a working IPA server and a client
* 2.  [[QA:Testcase_freeipa_prepare_server_for_trusts|Preparation of IPA server for the Active Directory trust]].
** This testcase ensures that you have properly configured Active Directory and FreeIPA server for the trust setup
=== Using POSIX attributes defined in AD ===
* 1.  [[QA:Testcase_freeipa_using_posix_attributes_in_ad|Configure FreeIPA to use POSIX attributes defined in Active Direcotory]]
** When this test case is completed, you will have Active Directory server with Services for Unix (SFU) extension. You will be able to use POSIX attributes defined in Active Directory in FreeIPA.


=== Serving legacy clients for trusts ===
=== Serving legacy clients for trusts ===
* 1.  [[QA:Testcase_freeipa_trust_establish|Establish trust with an AD server]].
* 1.  [[QA:Testcase_freeipa_trust_establish|Establish trust with an AD server]].
** When this test case is completed, the trust relationship between an IPA server and an AD server would be established
** When this test case is completed, the trust relationship between an IPA server and an AD server would be established
* 2.  [[QA:Testcase_freeipa_use_nss_pam_ldapd_to_give_access_to_trusted_domain_users|Use nss-pam-ldapd to give access to trusted domain users]]
* 2.  [[QA:Testcase_freeipa_generic_trust_client_config|Configure a generic legacy client for accessing trusted resources]]
** Instructions for setting up a generic LDAP client are described here
* 3.  [[QA:Testcase_freeipa_use_nss_pam_ldapd_to_give_access_to_trusted_domain_users|Use nss-pam-ldapd to give access to trusted domain users]]
** This is actual test for old clients using nss-pam-ldapd (http://arthurdejong.org/git/nss-pam-ldapd). We are interested in test on RHEL 4/5, FreeBSD, and Solaris/AIX
** This is actual test for old clients using nss-pam-ldapd (http://arthurdejong.org/git/nss-pam-ldapd). We are interested in test on RHEL 4/5, FreeBSD, and Solaris/AIX
* 4.  [[QA:Testcase_freeipa_use_legacy_sssd_to_give_access_to_trusted_domain_users|Use legacy SSSD to give access to trusted domain users]]
** This is actual test for old clients using SSSD, but without native support for subdomain users. This includes all SSSD versions up to 1.9
== Test Results ==


=== Using POSIX attributes defined in AD ===
If you have problems with any of the tests, report a bug to [https://fedorahosted.org/freeipa/ Trac] or [https://bugzilla.redhat.com Bugzilla] usually for the component [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&version=19&component=freeipa freeipa]
* 1. [[QA:Testcase_freeipa_using_posix_attributes_in_ad|Configure FreeIPA to use POSIX attributes defined in Active Direcotory]]
** When this test case is completed, you will have Active Directory server with Services for Unix (SFU) extension. You will be able to use POSIX attributes defined in Active Directory in FreeIPA.


== Test Results ==
{{admon/note | Filing a bug | If you are unsure about exactly how to file the report or what other information to include, just ask us on IRC and we will help you. }}


Construct a table or list to allow testers to post results. Each column should be a test case or configuration, and each row should consist of test results. Include some instructions on how to report bugs, and any special instructions. Here's an example, from a Palimpsest test day:
Once you have completed the tests, add your results to the appropriate Results table below, following the example results from the first line as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, use the [[Template:result|result template]] to enter your result, as shown in the example result line.


If you have problems with any of the tests, report a bug to [https://bugzilla.redhat.com Bugzilla] usually for the component [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&version=13&component=udisks udisks], or [https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&version=13&component=gnome-disk-utility gnome-disk-utility] for bugs in the Palimpsest graphical front end itself. If you are unsure about exactly how to file the report or what other information to include, just ask on IRC and we will help you. Once you have completed the tests, add your results to the Results table below, following the example results from the first line as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, use the [[Template:result|result template]] to enter your result, as shown in the example result line.
{{admon/note | Active Directory version | Even with sucessful tests, please report the version of Active Directory you worked with. }}


{|
{|
! User
! User
! [[QA:Testcase_sample_1|Sample test 1]]
! [[QA:Testcase_freeipa_trust_server_installation|IPA Installation]]
! [[QA:Testcase_sample_2|Sample test 2]]
! [[QA:Testcase_freeipa_prepare_server_for_trusts|Trust preparation]]
! [[QA:Testcase_sample_3|Sample test 3]]
! [[QA:Testcase_freeipa_using_posix_attributes_in_ad|POSIX in AD]]
! [[QA:Testcase_sample_4|Sample test 4]]
! [[QA:Testcase_freeipa_trust_establish|Trust creation]]
! [[QA:Testcase_freeipa_generic_trust_client_config|Generic legacy client]]
! [[QA:Testcase_freeipa_use_nss_pam_ldapd_to_give_access_to_trusted_domain_users|Legacy clients with nss-pam-ldapd]]
! [[QA:Testcase_freeipa_use_legacy_sssd_to_give_access_to_trusted_domain_users|Legacy client with SSSD]]
! Active Directory version
! References
! References
|-
|-
Line 92: Line 97:
| {{result|none}}  
| {{result|none}}  
| {{result|pass}}
| {{result|pass}}
| {{result|none}}
| {{result|none}}
| {{result|warn}} <ref>Test pass, but also encountered {{bz|54321}}</ref>
| {{result|warn}} <ref>Test pass, but also encountered {{bz|54321}}</ref>
| {{result|fail}} <ref>{{bz|12345}}</ref>
| {{result|fail}} <ref>{{bz|12345}}</ref>
| {{result|pass}}
| AD 2012
| <references/>
| <references/>
|-
|-
|-
| [[User:mrniranjan|mrniranjan]]
| {{result|pass}}
| {{result|pass}}
| {{result|pass}}
| {{result|pass}}
| {{result|pass}} <ref> Test pass with nss_ldap on RHEL5</ref>
| {{result|pass}} <ref> Test pass with nss-pam-ldapd on RHEL6 </ref>
| {{result|none}}
| AD 2008 R2
| <references/>
|-
| [[User:tbabej|Tomas Babej]]
| {{result|pass}}
| {{result|pass}}
| {{result|pass}} <ref> https://fedorahosted.org/freeipa/ticket/3814 </ref>
| {{result|pass}} <ref> https://fedorahosted.org/freeipa/ticket/3816 </ref>
| {{result|none}}
| {{result|none}}
| {{result|none}}
| AD 2012
| <references/>
|-
| [[User:jhrozek|Jakub Hrozek]]
| {{result|pass}}
| {{result|pass}}
| {{result|none}}
| {{result|pass}}
| {{result|none}}
| {{result|warn}} <ref>(IPA native users don't auth)</ref>
| {{result|warn}} <ref>(IPA native users don't auth)</ref>
| AD 2012
| <references/>
|-
| [[User:steeve|Steeve Goveas]]
| {{result|pass}}
| {{result|pass}}
| {{result|pass}} <ref>https://fedorahosted.org/sssd/ticket/2030</ref>
| {{result|pass}}
| {{result|warn}} <ref>(IPA native users don't auth)</ref>
| {{result|none}}
| {{result|warn}} <ref>(IPA native users don't auth)</ref>
| AD 2008r2
| <references/>
|-
| [[User:spoore|Scott Poore]]
| {{result|pass}}
| {{result|pass}}
| {{result|pass}}
| {{result|warn||988520}}
| {{result|warn}} <ref>rhel4 fails</ref><ref>rhel5 works</ref>
| {{result|warn}} <ref>ad users work, ipa doesn't</ref>
| {{result|warn}} <ref>ad users work, ipa doesn't</ref>
| AD 2012
| <references/>
|-
| [[User:Sgallagh|Stephen Gallagher]]
| {{result|pass}}
| {{result|pass}}
| {{result|pass}}
| {{result|pass}}
| {{result|none}}
| {{result|none}}
| {{result|none}}
| AD 2012
| <references/>
|}
|}


[[Category:Test Days]]
[[Category:Fedora 19 Test Days]]
[[Category:QA Templates]]

Latest revision as of 21:20, 26 June 2015

Fedora Test Days
Echo-testing-48px.png
Provide users from trusted Active directory domain to legacy clients

Date 2013-07-25
Time all day

Website QA/Fedora_19_test_days
IRC #fedora-test-day (webirc)
Mailing list test


Note.png
Can't make the date?
If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find at Bugzilla, and add your results to the results section. If this page is more than a month old when you arrive here, please check the current schedule and see if a similar but more recent Test Day is planned or has already happened.

What to test?[edit]

Today's instalment of Fedora Test Day will focus on making the support for users coming from a trusted Active Directory domain available to legacy (non-SSSD) clients as well as providing support for using POSIX attributes from AD.

Who's available[edit]

Feedback[edit]

We need your feedback!

Prerequisite for Test Day[edit]

# wget http://repos.fedorapeople.org/repos/jhrozek/freeipa-test-day/fedora-freeipa-test-day.repo \
       -O /etc/yum.repos.d/fedora-freeipa-test-day.repo

How to test?[edit]

This test day focuses on making users and groups from a trusted AD domain available to a wide range of clients. Even if your flavor of Linux or UNIX client is not described in the steps below, you are still welcome to join the test day! In general, the testing would include:

  • Establish a trust between an IPA server and an Active Directory instance following the steps below
    • Install/Setup test cases 1 and 2, Serving legacy clients for trusts test case 1.
  • Set up the LDAP client software (such as nss_ldap or pam_ldap) on your client to point to the IPA server
  • Retrieve identity information about users coming from the trusted AD domain
  • Authenticate as a user coming from the trusted AD domain

Please report any issues you find using the channels described above or simply start a thread on the freeipa-users mailing list.

You can also use our public Etherpad http://openetherpad.org/p/Fedora-19-IPA-33-Test-Day to share bugs, workarounds or any other useful info.

Test Cases[edit]

Install/Setup Tests[edit]

Using POSIX attributes defined in AD[edit]

Serving legacy clients for trusts[edit]

Test Results[edit]

If you have problems with any of the tests, report a bug to Trac or Bugzilla usually for the component freeipa

Note.png
Filing a bug
If you are unsure about exactly how to file the report or what other information to include, just ask us on IRC and we will help you.

Once you have completed the tests, add your results to the appropriate Results table below, following the example results from the first line as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, use the result template to enter your result, as shown in the example result line.

Note.png
Active Directory version
Even with sucessful tests, please report the version of Active Directory you worked with.
User IPA Installation Trust preparation POSIX in AD Trust creation Generic legacy client Legacy clients with nss-pam-ldapd Legacy client with SSSD Active Directory version References
Sample User
none
Pass pass
none
none
Warning warn
[1]
Fail fail
[2]
Pass pass
AD 2012
  1. Test pass, but also encountered RHBZ #54321
  2. RHBZ #12345
mrniranjan
Pass pass
Pass pass
Pass pass
Pass pass
Pass pass
[1]
Pass pass
[2]
none
AD 2008 R2
  1. Test pass with nss_ldap on RHEL5
  2. Test pass with nss-pam-ldapd on RHEL6
Tomas Babej
Pass pass
Pass pass
Pass pass
[1]
Pass pass
[2]
none
none
none
AD 2012
Jakub Hrozek
Pass pass
Pass pass
none
Pass pass
none
Warning warn
[1]
Warning warn
[2]
AD 2012
  1. (IPA native users don't auth)
  2. (IPA native users don't auth)
Steeve Goveas
Pass pass
Pass pass
Pass pass
[1]
Pass pass
Warning warn
[2]
none
Warning warn
[3]
AD 2008r2
  1. https://fedorahosted.org/sssd/ticket/2030
  2. (IPA native users don't auth)
  3. (IPA native users don't auth)
Scott Poore
Pass pass
Pass pass
Pass pass
Warning warn [1]
Warning warn
[2][3]
Warning warn
[4]
Warning warn
[5]
AD 2012
  1. RHBZ #988520
  2. rhel4 fails
  3. rhel5 works
  4. ad users work, ipa doesn't
  5. ad users work, ipa doesn't
Stephen Gallagher
Pass pass
Pass pass
Pass pass
Pass pass
none
none
none
AD 2012