On 11/19/2014 05:25 AM, Zhong Qiang wrote:
thank you,
It is work by using ldap+krb5 (nisclient:centos4.8).By the way, Is it possible to enroll nisclient ? And how to do this?And how to carry out HBAC RULES for nisclient?I try to use WebUI,but i am not succeed,look


Only SSSD understands IPA HBAC.
We have CentOS 7 nowadays and 7.1 is on the way so 4.8 is very old and your options will be very limited.


like this:


    Enrollment


Kerberos Key:   
Kerberos Key Not Present
One-Time-Password:      
One-Time-Password Not Present

------------------------------------------------------------------------


    Host Certificate


Status:         
*No Valid Certificate*


regards,
zhongq

2014-11-19 6:17 GMT+08:00 Dmitri Pal <d...@redhat.com <mailto:d...@redhat.com>>:

    On 11/18/2014 02:13 AM, Zhong Qiang wrote:
    hi,
        I have some hosts installed centos4.8/6.5/5.9,and want to
    centralize identity/policy/authorization.but ipa client isn't
    compatible with centos4.8,so I try to configure FreeIPA
    integrated with NIS Domains.
         IPAserver:centos7 (+DNS)
         nisclient:centos4.8
          ipaclient:centos6.6

         I followed the instructions of this page:
    
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/nis.html,to
    add netgroup(nis_test) and users(zhongq).then configured nis
    client installed centos4.8.on the nis client, I could get  users
    data ,look like that:

    [root@nisclient ~]# getent passwd zhongq
    zhongq:*:724800001:724800001:强 é:/home/zhongq:/bin/sh


    However,I do not succeed to log into nisclient with zhongq account.
    Any ideas?

    Regards,
    zhongq


    You need to use some other method for authentication. NIS only
    supported for identity not for authentication. Use pam_ldap or
    pam_krb5 for authentication part.

-- Thank you,
    Dmitri Pal

    Sr. Engineering Manager IdM portfolio
    Red Hat, Inc.


    --
    Manage your subscription for the Freeipa-users mailing list:
    https://www.redhat.com/mailman/listinfo/freeipa-users
    Go To http://freeipa.org for more info on the project




--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to