-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/05/2010 12:53 PM, Hemminger, Corey Lee. [[email protected]] wrote: > I was wondering if anyone knew of a good guide to get the new Ubuntu LTS > 10.04 OS to authenticate against a FreeIPA server. It would also be a good > one to add to the client config list as a Debian/Ubuntu client guide. Then I > think you'd cover the majority of popular OS's in the client config guides. I > noticed in the ubuntu apt repo that there is an sssd package version > 1.0.6-0ubuntu1~lucid1. Just not sure how to configure it for authentication > and FreeIPA. >
Just so you know, the version of SSSD in Lucid right now is very old (and no longer supported upstream). The Maverick APT repositories have SSSD 1.2.1, which is much more recent and still supported. I'd recommend using that as your IPA client, rather than 1.0.x First, you'll need to create a host keytab for your client. You can do this on the server by following these instructions: http://freeipa.org/docs/1.2/Administration_Guide/en-US/html/sect-Administration_Guide-Configuring_Authentication-Managing_Service_Principals.html You'll need to create a service principal for host/[email protected], then generate a keytab and transfer it over to the client. With IPA 1.2, you'd want to set it up as an LDAP+Kerberos system. See https://fedorahosted.org/sssd/wiki/HOWTO_Configure#Example3:AuthenticatingagainstaKerberosserver for an example of how to do this. As an option, you can also add the lines: ldap_sasl_mech = gssapi ldap_krb5_keyrab = /path/to/keytab This will use your kerberos keytab to encrypt communications with your LDAP server (an optional, but nice feature). There is no documentation currently for Ubuntu because no one has tried to write one. If you would like to record your notes and submit them later, we can have one of our doc people take a look and see if we can add it to the formal documentation. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkyrb7wACgkQeiVVYja6o6MC7QCdHVrnUDActC3cuuqnVogiaFTy k9gAn16wUSy50Qv3vEHz0+u4vhT1GwX1 =k4f5 -----END PGP SIGNATURE----- _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
