On Thu, Aug 29, 2013 at 10:04:43PM -0400, Rob Crittenden wrote:
Michał Dwużnik wrote:
Sorry for quick continuation...
Certificate added to nss DB in /etc/pki
certutil -A -d /etc/pki/ -n IPA CA -t CT,C,C -a -i pki/ca.crt
sssd configured according to
Ok, I somehow assumed certs are very much needed for ldaps...
In the meantime, I set up a debian wheezy machine to try the freeipa-client
from debs.
I managed to get working ipa-client (with a few quirks...- default nss
database needed to be created) with packages from
deb http://apt.numeezy.fr
On Fri, Aug 30, 2013 at 03:54:54PM +0200, Michał Dwużnik wrote:
Ok, I somehow assumed certs are very much needed for ldaps...
Well, for most operations the SSSD uses GSSAPI authentication. Only when
passwords are migrated, we do an LDAP bind with StartTLS.
In the meantime, I set up a debian
Michał Dwużnik wrote:
Hi folks,
did anyone succeed in connecting such an old thing recently to freeipa
server?
Is there a document (or an archive post) about connecting a 'non ipa
aware' client step by step?
I got as far as woing Kerberos with no issues, hit a wall with ldap part..
You might
As for now I have set up a 'known good' client on RH based distro, to get
the feeling how the config files
look like when configured correctly.
Thanks for the nice reference
M.
On Thu, Aug 29, 2013 at 7:56 PM, Rob Crittenden rcrit...@redhat.com wrote:
Michał Dwużnik wrote:
Hi folks,
did
Ok, going step by step I did the following on squeeze:
set up ntp, time synced with ipa server
test setup is done on
ipa.localdomain (server)
client.localdomain
(client on Scientific Linux 6.4, looks ok after ipa-client-install, ssh
works for test users tester and tester2)
client2.localdomain
Sorry for quick continuation...
Certificate added to nss DB in /etc/pki
certutil -A -d /etc/pki/ -n IPA CA -t CT,C,C -a -i pki/ca.crt
sssd configured according to
http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/linux-manual.html
How do I test now, before changing PAM options