# ensure dns is clean, or atleast /etc/hosts yum -y install krb5-workstation sssd vi /etc/krb5.conf # or transfer from completed box like the KDC vi /etc/sssd/sssd.conf cat >/etc/sssd/sssd.conf.example<<EOT [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam # domains = LOCAL,PURELDAP domains = LOCAL,KRBLDAP [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [domain/LOCAL] description = LOCAL Users domain id_provider = local enumerate = true min_id = 500 max_id = 999 [domain/PURELDAP] auth_provider = ldap cache_credentials = True ldap_id_use_start_tls = False debug_level = 5 ldap_schema = rfc2307 ldap_search_base = dc=fluxcoil,dc=net chpass_provider = ldap id_provider = ldap ldap_uri = ldap://rhel6b.site/ ldap_tls_cacertdir = /etc/openldap/cacerts enumerate = True [domain/KRBLDAP] enumerate = True id_provider = ldap chpass_provider = krb5 ldap_uri = ldap://rhel6b.site/ ldap_search_base = dc=fluxcoil,dc=net # tls_reqcert = demand ldap_tls_cacertdir = /etc/openldap/cacerts # ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt cache_credentials = True # debug_level = 5 ldap_schema = rfc2307 auth_provider = krb5 krb5_kdcip = 192.168.4.12 krb5_realm = FLUXCOIL.NET krb5_changepw_principal = kadmin/changepw krb5_ccachedir = /tmp krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX krb5_auth_timeout = 15 EOT service sssd restart service sshd restart
yum install -y $(yum search xorg-x11-font|grep ^xorg-x11-font|sed -e 's,:.*,,') firefox kinit firefox > in URL-line type 'about:config' > in filter-line type 'network.nego' > 'network.negotiate-auth.delegation-uris' and 'network.negotiate-auth.gsslib' should be empty > 'network.negotiate-auth.trusted-uris' should be set to 'fluxcoil.net' or other domains where automatic signon is wanted for access http://rhel6u2b.fluxcoil.net access http://rhel6u2b.fluxcoil.net/private