On Thu, Apr 14, 2016 at 2:28 PM, Stephen Berg (Contractor) <
stephen.berg@nrlssc.navy.mil> wrote:
> I'm looking for a command line method to get current status on a client
> without having a ticket or authenticating to the IPA domain.
>
> Back in the NIS days from a client you could run "ypwhich" and be able to
> know if that system were bound to the NIS and which server it had bound
> to. So far I can't find a way to do a similar function in FreeIPA.
>
> I'd to do this from a cron job on each client once a day.
>
interesting. In a fast review in some domain joined hosts you could get the
info in /var/lib/sss/pubconf/kdcinfo.YOUR.REALM, there you see the ip
address of the kdc last contated by the host before renewing its secure
channel, I guess.
The file is world readable, so you should not need any special privileges
to read it.
Otherwise you would have to enable some logging in sssd (out of the box it
does not log nearly anything) and parse the logs in /var/log/sssd/*
HTH
--
Groeten,
natxo
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
