User Tools
Sidebar
snippets:linux_quickshotsetups:ipa_client5
manual kerberos/ldap hookup per nscd
vi /etc/hosts #ensure the partitipating boxes are in box vi /etc/security/network #ensure HOSTNAME is fully qualified rpm -e sssd yum -y install krb5-workstation openldap-clients pam_ldap pam_krb5 nss_ldap # copy configs from ipa server scp rhel6u1a:/etc/krb5.conf /etc scp rhel6u1a:/etc/resolv.conf /etc kinit chorn ldapsearch -x -b dc=fluxcoil,dc=net -h rhel6u1a.fluxcoil.net cn=chorn # cd /etc/openldap/cacerts # for i in *; do ln -s $i $(openssl x509 -noout -hash -in $i); done authconfig --enableldap --enableldapauth --ldapserver=rhel6u1a.fluxcoil.net --ldapbasedn="dc=fluxcoil,dc=net" \ --enableldaptls --enablelocauthorize --enablemkhomedir --updateall # this /etc/ldap.conf works for cleartext (for debugging): base dc=fluxcoil,dc=net timelimit 120 bind_timelimit 120 idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm uri ldap://rhel6u1a.fluxcoil.net/ tls_cacertdir /etc/openldap/cacerts pam_password md5 service nscd restart chkconfig nscd on vi /etc/pam.d/system-auth # auth sufficient pam_krb5.so use_first_pass # password sufficient pam_krb5.so use_authtok # login should work now ssh chorn@127.0.0.1 # to be able to do kerberos password changes vi /etc/pam.d/system-auth # auth sufficient pam_krb5.so use_first_pass # password sufficient pam_krb5.so use_authtok
snippets/linux_quickshotsetups/ipa_client5.txt ยท Last modified: 2022/11/13 12:06 by 127.0.0.1
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
