I'm testing FreeIPA for a proof-of-concept replacement of NIS on OEL 6.3
(RHEL 6.3). I followed the guide to set up the FreeIPA server, and it
seems to be working great on the IPA server itself. I can ssh in as admin,
type my password, and I'm in.
I then have been struggling with getting it going on client systems. As
I'm not setting any of this up with DNS (I want this to be as un-obtrusive
as possible), I executed the following command:
ipa-client-install --no-dns-sshfp --no-ntp --server=ovm-auth.<domain>
It asked me for admin's username and password and threw a warning about
getent passwd admin not returning anything. Sure enough, it doesn't return
anything on the client (although it does on the server).
>From the client, I'm able to kinit admin, type my password, and then
passwordlessly ssh over to the auth server.
I do see these entries in my log file on the client:
Aug 7 12:52:56 ovm-c19-db [sssd[ldap_child]]: Failed to initialize
credentials using keytab [(null)]: Client 'host/ovm-c19-db<domain>@<REALM>'
not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP
Aug 7 12:52:56 ovm-c19-db [sssd[ldap_child]]: Client not found in
I'm pretty new at Kerberos, so am unsure exactly what this might mean.
Thanks for any pointers!
Freeipa-users mailing list