Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA server
On 06/08/2011 08:43 PM, Steven Jones wrote: Hi, I am still tryig to figure getting ubuntu connected So to get a non-rhel client computer into freeipa the first thing I have to do is make a client computer instance in freepia first? or doesnt it matter? ie can a non rhel client only do authentication or can it be acted upon fully as per a rhel client? Unless you want to have the client use Kerberos to protect your ldap connection from host to IPA you do not need to have the host principal in the server. For not RHEL machines or machines that do not use SSSD you need to configure only PAM and NSS. For PAM you can use kerberos or ldap. For NSS you need to use ldap. Effectively you need to manually do what ipa-client on rhel 5.6 does for you. It is covered in the Freeipa v1 client config guides. Nothing changed there. http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/ Hope this helps. Are there certificates for ssl or something that have to be copied over to the client(s)? I dont have it working yet beyond I can do a kinit and admin and give a password and then do klist etc :/ Its proving very painful regards Steven 8 Maybe this article could be a good jumping-off point? http://www.aput.net/~jheiss/krbldap/howto.html It's pretty old, but seems to bring together many things and overview them well, with enough static examples to give you a feel for what you're getting into. 8--- thanks, its helping. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA server
Hi, I am still tryig to figure getting ubuntu connected So to get a non-rhel client computer into freeipa the first thing I have to do is make a client computer instance in freepia first? or doesnt it matter? ie can a non rhel client only do authentication or can it be acted upon fully as per a rhel client? Are there certificates for ssl or something that have to be copied over to the client(s)? I dont have it working yet beyond I can do a kinit and admin and give a password and then do klist etc :/ Its proving very painful regards Steven 8 Maybe this article could be a good jumping-off point? http://www.aput.net/~jheiss/krbldap/howto.html It's pretty old, but seems to bring together many things and overview them well, with enough static examples to give you a feel for what you're getting into. 8--- thanks, its helping. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA server
On 05/31/2011 05:12 PM, Steven Jones wrote: Ive tried googling and found nothing really...it doesnt bode well. The general theme: is use standard NSS_LDAP + PAM_KRB5 instructions provided on the platforms that do not support SSSD. There is nothing better than that. Maybe this article could be a good jumping-off point? http://www.aput.net/~jheiss/krbldap/howto.html It's pretty old, but seems to bring together many things and overview them well, with enough static examples to give you a feel for what you're getting into. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA server
Hi, Thanks any help to kick off is good. regards From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of David L. Willson [dlwill...@thegeek.nu] Sent: Thursday, 2 June 2011 5:31 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA server On 05/31/2011 05:12 PM, Steven Jones wrote: Ive tried googling and found nothing really...it doesnt bode well. The general theme: is use standard NSS_LDAP + PAM_KRB5 instructions provided on the platforms that do not support SSSD. There is nothing better than that. Maybe this article could be a good jumping-off point? http://www.aput.net/~jheiss/krbldap/howto.html It's pretty old, but seems to bring together many things and overview them well, with enough static examples to give you a feel for what you're getting into. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA server
On 05/31/2011 03:06 PM, Steven Jones wrote: Anybody good and help/howto documentation for this please? regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users Ubuntu ha one of the early versions of SSSD so configuring LDAP+Kerberos should work there. Centos - depends upon what version of SSSD they have. If not NSS_LDAP+PAM_KRB5 would be a good starting point. Same with netbsd. I would look at this as a guidance. Ther might be differences but it is a good starting point: http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/chap-Client_Configuration_Guide-_Configuring_HP_UX_as_an_IPA_Client.html -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA server
Steven- Sorry, I meant to reply to the list in hopes someone would know about this. Let me try again: I could be wrong on this, but wasn't there documentation available at one time (on the Website) as to how to manually join a system to IPA? Obviously that's not the ideal solution, but it's great if you are using an unsupported system. Steve On Tue, May 31, 2011 at 1:09 PM, Steven Jones steven.jo...@vuw.ac.nz wrote: Hi, Good manual documentation would be fineworst case I can always re-write to an idiots level to suit me...like I am with other stuff ;] Ive been googling and if its out there Ive not found it yet..but if I put it on my website that's a start. Ubuntu/Debian is of particular interestbut netbsd isnt far behind.oh and Macs..Solaris. They will all jump down my throat shortly I suspect once I have AD sync going and ppl find out... regards From: Stephen Ingram [sbing...@gmail.com] Sent: Wednesday, 1 June 2011 8:01 a.m. To: Steven Jones Subject: Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA server I could be wrong on this, but wasn't there documentation available at one time (on the Website) as to how to manually join a system to IPA? Obviously that's not the ideal solution, but it's great if you are using an unsupported system. Steve On Tue, May 31, 2011 at 12:06 PM, Steven Jones steven.jo...@vuw.ac.nz wrote: Anybody good and help/howto documentation for this please? regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA server
Ive tried googling and found nothing really...it doesnt bode well. regards From: Stephen Ingram [sbing...@gmail.com] Sent: Wednesday, 1 June 2011 8:45 a.m. To: Steven Jones; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA server Steven- Sorry, I meant to reply to the list in hopes someone would know about this. Let me try again: I could be wrong on this, but wasn't there documentation available at one time (on the Website) as to how to manually join a system to IPA? Obviously that's not the ideal solution, but it's great if you are using an unsupported system. Steve On Tue, May 31, 2011 at 1:09 PM, Steven Jones steven.jo...@vuw.ac.nz wrote: Hi, Good manual documentation would be fineworst case I can always re-write to an idiots level to suit me...like I am with other stuff ;] Ive been googling and if its out there Ive not found it yet..but if I put it on my website that's a start. Ubuntu/Debian is of particular interestbut netbsd isnt far behind.oh and Macs..Solaris. They will all jump down my throat shortly I suspect once I have AD sync going and ppl find out... regards From: Stephen Ingram [sbing...@gmail.com] Sent: Wednesday, 1 June 2011 8:01 a.m. To: Steven Jones Subject: Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA server I could be wrong on this, but wasn't there documentation available at one time (on the Website) as to how to manually join a system to IPA? Obviously that's not the ideal solution, but it's great if you are using an unsupported system. Steve On Tue, May 31, 2011 at 12:06 PM, Steven Jones steven.jo...@vuw.ac.nz wrote: Anybody good and help/howto documentation for this please? regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA server
On 05/31/2011 05:12 PM, Steven Jones wrote: Ive tried googling and found nothing really...it doesnt bode well. The general theme: is use standard NSS_LDAP + PAM_KRB5 instructions provided on the platforms that do not support SSSD. There is nothing better than that. regards From: Stephen Ingram [sbing...@gmail.com] Sent: Wednesday, 1 June 2011 8:45 a.m. To: Steven Jones; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA server Steven- Sorry, I meant to reply to the list in hopes someone would know about this. Let me try again: I could be wrong on this, but wasn't there documentation available at one time (on the Website) as to how to manually join a system to IPA? Obviously that's not the ideal solution, but it's great if you are using an unsupported system. Steve On Tue, May 31, 2011 at 1:09 PM, Steven Jones steven.jo...@vuw.ac.nz wrote: Hi, Good manual documentation would be fineworst case I can always re-write to an idiots level to suit me...like I am with other stuff ;] Ive been googling and if its out there Ive not found it yet..but if I put it on my website that's a start. Ubuntu/Debian is of particular interestbut netbsd isnt far behind.oh and Macs..Solaris. They will all jump down my throat shortly I suspect once I have AD sync going and ppl find out... regards From: Stephen Ingram [sbing...@gmail.com] Sent: Wednesday, 1 June 2011 8:01 a.m. To: Steven Jones Subject: Re: [Freeipa-users] Connecting ubuntu, Centos 5.x and netbsd to IPA server I could be wrong on this, but wasn't there documentation available at one time (on the Website) as to how to manually join a system to IPA? Obviously that's not the ideal solution, but it's great if you are using an unsupported system. Steve On Tue, May 31, 2011 at 12:06 PM, Steven Jones steven.jo...@vuw.ac.nz wrote: Anybody good and help/howto documentation for this please? regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
