On Thu, Feb 02, 2017 at 11:03:28AM -0800, spammewo...@cox.net wrote:
> I am running an IPA server (4.4.0) on RHEL 7.3 which is integrated with a
> Windows Active Directory server. I am trying to configure the IPA server to
> allow the Active Directory Users to log into Gnome with a CAC smart card.
> I’m having a hard time finding any instructions on how to do this. The
> problem I’m having is the Common Name from the smart card is not getting
> associated with the Active Directory account. I added the certificate from
> the smart card to the IPA server by creating a User ID override for the AD
> user account. I made sure to not use authconfig to configure smart cards and
> I added ifp to the services line in the sssd.conf file.
> I have the following packages installed:
> ipa-admintools.noarch 4.4.0-14.el7_3.4
> ipa-client.x86_64 4.4.0-14.el7_3.4
> ipa-client-common.noarch 4.4.0-14.el7_3.4
> ipa-common.noarch 4.4.0-14.el7_3.4
> ipa-python-compat.noarch 4.4.0-14.el7_3.4
> ipa-server.x86_64 4.4.0-14.el7_3.4
> ipa-server-common.noarch 4.4.0-14.el7_3.4
> ipa-server-dns.noarch 4.4.0-14.el7_3.4
> ipa-server-trust-ad.x86_64 4.4.0-14.el7_3.4
> I can log in with AD user accounts that are configured with UserName and
> Passswords, so I know that the integration is working. When I try to log
> into GDM with my smart card, I don’t get prompted for a PIN number. It only
> asks for the password from the AD account.
Please have a look at the steps described in
https://bugzilla.redhat.com/show_bug.cgi?id=1300420#c9 . Please let me
know if you run into issues.
> Manage your subscription for the Freeipa-users mailing list:
> Go to http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project