On Mon, 14 Oct 2013, Tomas Babej wrote:
+def estabilish_trust_with_ad(master, ad, extra_args=[]): + """ + Estabilishes trust with Active Directory. Trust type is detected depending + on the presence of SfU (Services for Unix) support on the AD. + + Use extra arguments to pass extra arguments to the trust-add command, such + as --range-type="ipa-ad-trust" to enfroce a particular range type. + """ + + # Force KDC to reload MS-PAC info by trying to get TGT for HTTP + master.run_command(['kinit', '-kt', '/etc/httpd/conf/ipa.keytab', + 'HTTP/%s' % master.hostname])
It would be good to actually run 'kdestroy -A' before 'kinit' so that we don't have any left overs.
+ master.run_command(['systemctl', 'restart', 'krb5kdc.service']) + + kinit_admin(master)
Same here.
+ master.run_command(['klist']) + master.run_command(['smbcontrol', 'all', 'debug', '100']) + assert util.run_repeatedly(master, + ['ipa', 'trust-add', + '--type', 'ad', ad.domain.name, + '--admin', 'Administrator', + '--password'] + extra_args, + stdin_text=master.config.ad_admin_password) + master.run_command(['smbcontrol', 'all', 'debug', '1']) + clear_sssd_cache(master) +
The rest looks fine although it could be nice to have generic description of what is expected from AD setup -- there is assumption of POSIX attributes being enabled in one of tests which is definitely not a default configuration. I'm here after reproducible configurations using different test lab (like running an Azure or EC2 cloud). I'm still not able to reproduce the issue with missing MS-PAC in admin's ticket when running 'ipa trust-add' in the test, though... -- / Alexander Bokovoy _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
