On 06/08/2011 08:43 PM, Steven Jones wrote:
> Hi,
>
> I am still tryig to figure getting ubuntu connected....
>
> So to get a non-rhel client computer into freeipa the first thing I have to 
> do is make a client computer instance in freepia first? or doesnt it matter? 
> ie can a non rhel client only do authentication or can it be acted upon fully 
> as per a rhel client?
>
Unless you want to have the client use Kerberos to protect your ldap
connection from host to IPA you do not need to have the host principal
in the server.
For not RHEL machines or machines that do not use SSSD you need to
configure only PAM and NSS.
For PAM you can use kerberos or ldap.
For NSS you need to use ldap.
Effectively you need to manually do what ipa-client on rhel 5.6 does for
you.
It is covered in the Freeipa v1 client config guides. Nothing changed there.
http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/

Hope this helps.

> Are there certificates for ssl or something that have to be copied over to 
> the client(s)?
>
> I dont have it working yet beyond I can do a kinit and admin and give a 
> password and then do klist etc....
>
> :/
>
> Its proving very painful....
>
> regards
>
> Steven
>
>
> 8><----
>
> Maybe this article could be a good jumping-off point?
> http://www.aput.net/~jheiss/krbldap/howto.html
>
> It's pretty old, but seems to bring together many things and overview them 
> well, with enough static examples to give you a feel for what you're getting 
> into.
>
> 8><---
>
> thanks, its helping.
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to