On Tue, Feb 09, 2016 at 04:54:55PM -0600, Michael Rainey (Contractor) wrote: > Greetings, > > I have a question about migrating a system from NIS to freeIPA. In my > efforts of setting up a host on freeIPA I would normally use a fresh install > to setup the system. I'm now at a point where I'm moving existing systems > from an NIS domain to a freeIPA domain. Is it recommended to perform a > clean install for every new host added to the domain? > > During my testing, I have found running the ipa-client-install command does > a great job of adding the host to the domain, but when I try to use the > smart card it is never recognized by gdm. I tried tweaking some of the > configurations to get GDM to recognize the card with no luck. Is there a > checklist available that I could follow to make sure everything is
All you have to do after running ipa-client-install is to add 'pam_cert_auth = True' to the [pam] section of sssd.conf. This is not enabled by default since checking the Smartcard in the reader takes some time and will slow down authentication. If new a user tries to login which has his certificates stored in the user entry on the IPA server and a Smartcard with a certificate in the reader gdm will not ask for a password but for the Smartcard pin. HTH bye, Sumit > configured properly? All configurations work when using a username and > password. > -- > *Michael Rainey* > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
