On 06/08/2011 06:57 PM, Steven Jones wrote: > Attached are F15 adnd RHEL5.6 conf scripts.
You have not attached pam configurations and nsswitch for 5.6. > regards > ________________________________________ > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Steven Jones [steven.jo...@vuw.ac.nz] > Sent: Thursday, 9 June 2011 10:31 a.m. > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Inconsistant first login behaviour > > Hi, > > These files/clients have all been configured by the ipa-client-install > script, so any settings are standard, I have modified nothing. > > So when I built all 3 client/workstations I made a default user jonesst1 at > build time with password 1 and its the same across all three. > > So in the freeipa server I set password2 for jonesst1 which is different so I > know that I am getting a centralised login....really basic stuff. > > So then using the ipa-client-install script I joined them each in turn to > IPA....for F15 and 6.1 clients they now accept the IPA password2 without an > issue...for RHEL 5.6 it initially asked to reset the password....and I only > had 1 hour......later logins are fine. > > So my use case is nothing more than a simple centralised login...... > > regards > > ________________________________________ > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Dmitri Pal [d...@redhat.com] > Sent: Thursday, 9 June 2011 8:56 a.m. > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Inconsistant first login behaviour > > On 06/08/2011 04:04 PM, Steven Jones wrote: >> Hi, >> >> Can you fix 5.6 so it runs the ipa-client-install script the same way then >> please? because running the same command giving differing results seems >> strange....unless you are telling me its simply the way rhel5.6 will work? > Well the problem is that SSSD is not in 5.6 by default. ipa-client on > 5.6 configures LDAP+Kerberos. In fedora there is SSSD and it is > configured. In 5.7 there will be a new ipa-client that will act in the > same way as in RHEL 6 or Fedora. > > But the expectation is that they should act in the same way now. But > apparently there is some difference. > > We need to understand exactly what is your use case. > What is configured in your nsswitch and pam config on RHEL and Fedora? > And if in one case it is SSSD and not in the other we need to see SSSD > configuration and LDAP and Kerberos configuration files. > > >> regards >> >> Steven >> ________________________________________ >> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on >> behalf of Dmitri Pal [d...@redhat.com] >> Sent: Thursday, 9 June 2011 5:00 a.m. >> To: freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] Inconsistant first login behaviour >> >> On 06/07/2011 10:36 PM, Steven Jones wrote: >>> Logging into the F15 client and I just login with the ldap password... >>> >>> If I try the same thing with RHEL5.6 I get told I have one hour to password >>> expiry.... >>> >>> I'd like it to do one or other across platforms....and be able to set this >>> behaviour, per user....or not at all. >>> >> This is probably because in one case you log using LDAP password and in >> another as Kerberos credential. The underlying password string is the >> same but other properties like expiration are different as you see. >> To have the consistent experience configure both systems to use same >> type of the credential. >> >> >>> regards >>> >>> Steven >>> >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> Freeipa-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >>> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager IPA project, >> Red Hat Inc. >> >> >> ------------------------------- >> Looking to carve out IT costs? >> www.redhat.com/carveoutcosts/ >> >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IPA project, > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users