Re: [Freeipa-users] Aix client configuration

[Rob Crittenden]

Sylvain Angers wrote:


2012/1/25 Rob Crittenden <rcrit...@redhat.com <mailto:rcrit...@redhat.com>>

    Sylvain Angers wrote:

        Hello
        In our lab, we are testing latest ipa  on redhat  and we are now
        configuring/testing  an IBM/AIX client 6.1

        Here is the ipa server command that we used
        *ipa-server-install -a ipa123 --hostname=mtl-ipa01d.cnppd.__lab -n
        cnppd.lab -p ldap123 -r CNPPD.LAB *


        We are following your documentation for AIX client and have some
        issue
        getting through the step

        we had to install  these fileset and we still fight modcrypt

        lslpp -L | grep idsldap
          idsldap.clt32bit61.rte    6.1.0.34    C     F    Directory
        Server - 32 bit
          idsldap.clt64bit61.rte    6.1.0.34    C     F    Directory
        Server - 64 bit
          idsldap.cltbase61.adt     6.1.0.34    C     F    Directory
        Server -
        Base Client
          idsldap.cltbase61.rte     6.1.0.34    C     F    Directory
        Server -
        Base Client


        lslpp -L | grep krb
          krb5.client.rte            1.5.0.2    C     F    Network
        Authentication Service
          krb5.client.samples        1.5.0.2    C     F    Network
        Authentication Service
          krb5.doc.en_US.html        1.5.0.2    C     F    Network Auth
        Service HTML
          krb5.doc.en_US.pdf         1.5.0.2    C     F    Network Auth
        Service PDF
          krb5.lic                   1.5.0.2    C     F    Network
        Authentication Service
          krb5.msg.en_US.client.rte  1.5.0.2    C     F    Network Auth
        Service
        Client
          krb5.server.rte            1.5.0.2    C     F    Network
        Authentication Service

        ww did run the  mksecldap command, as follow

        *mksecldap -c -h mtl-ipa01d.cnppd.lab -d
        cn=accounts,dc=cnppd,dc=lab -a
        uid=nss,cn=sysaccounts,cn=etc,__dc=cnppd,dc=lab -p abc123*


        and we got : Invalid bind DN or bind passwd.  Client presetup
        check failed.

        Do we need to customize further this command if so, what are we
        missing?
        also as we have not yet succeed to make modcrypt works on our
        AIX 6.1,
        we wonder if  we will need (temporary) to do some ldapmodify on
        the ipa
        server to disable ssl?

        Thank you for your assistance!


    Did you create the entry uid=nss,cn=sysaccounts,cn=etc,__... ?

    You can test that the password is correct independently with
    ldapsearch and the 389-ds access log may have additional information
    on the bind failure.

    rob

Hello Rob,

All I see at the moment is
uid=sudo,cn=sysaccounts,cn=etc,dc=cnppd,dc=lab
uid=kdc,cn=sysaccounts,cn=etc,dc=cnppd,dc=lab

whenever I create new users, it get under

uid=nss,cn=users,cn=accounts,dc=cnppd,dc=lab

How do we create uid=nss,cn=sysaccounts,cn=etc,__dc=cnppd,dc=lab ?

is this something we have to manually do via ldapadd?
about the nss password will the ldapadd be part of the command?

Thanks

--
Sylvain Angers


Use ldapmodify to create this entry:

# ldapmodify -D "cn=directory manager" -w secret -p 389 -h 
ipaserver.example.com -x -a

dn: uid=nss,cn=sysaccounts,cn=etc,dc=example,dc=com
objectClass: account
objectClass: simplesecurityobject
objectClass: top
uid: nss
userPassword: secretpassword

This is documented at 
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_AIX.html

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users