On Tue, Feb 09, 2016 at 04:54:55PM -0600, Michael Rainey (Contractor) wrote:
> I have a question about migrating a system from NIS to freeIPA. In my
> efforts of setting up a host on freeIPA I would normally use a fresh install
> to setup the system. I'm now at a point where I'm moving existing systems
> from an NIS domain to a freeIPA domain. Is it recommended to perform a
> clean install for every new host added to the domain?
> During my testing, I have found running the ipa-client-install command does
> a great job of adding the host to the domain, but when I try to use the
> smart card it is never recognized by gdm. I tried tweaking some of the
> configurations to get GDM to recognize the card with no luck. Is there a
> checklist available that I could follow to make sure everything is
All you have to do after running ipa-client-install is to add
'pam_cert_auth = True' to the [pam] section of sssd.conf. This is not
enabled by default since checking the Smartcard in the reader takes some
time and will slow down authentication.
If new a user tries to login which has his certificates stored in the
user entry on the IPA server and a Smartcard with a certificate in the
reader gdm will not ask for a password but for the Smartcard pin.
> configured properly? All configurations work when using a username and
> *Michael Rainey*
> Manage your subscription for the Freeipa-users mailing list:
> Go to http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project