[Freeipa-users] Re: FreeIPA beginner

Rob Visser visser.rob at gmail.com
Mon Jun 8 09:08:25 UTC 2009 

Hi Simo,

Thanks for the answer. Some problems are solved, some I am still working on.

In particula the following:
You suggested to use pam_makehomedir. However, the installation script
resulted in a PAM configuration with pam_namespace. I would prefer the
latter for reasons of security.
The pam_namespace, however does not work: a login with gdm simply hangs
forever.

Any suggestions?

Rob

On Thu, Jun 4, 2009 at 2:58 PM, Simo Sorce <ssorce at redhat.com> wrote:

> Moved to freeipa-users,
> Rob please use this list for user help questions.
>
> On Thu, 2009-06-04 at 14:46 +0200, Rob Visser wrote:
> > Hello,
> >
> > Just recently I installed na IPA server and IP client on two Fedora 10
> > computers.
> > I managed to get ssh working for the admin user (with single sign on).
> > I am confused about the the relation between Kerberos and UNIX
> > identities.
> > A few questions:
> > - Is it required to add the UNIX user (in the passwd file) after
> > entering the user with FreeIPA? Or perhaps the other way around?
>
> your client should be configured to use nss_ldap, users are created on
> the freeIPA server and seen by all clients.
>
> > - If so, then I assume with the UID/GID that are generated with the
> > "add  user".
>
> UID/GID are generate on the freeipa server and distributed to all
> clients via nss_ldap
>
> > - The admin user automagically seems to be linked to the (unix) root
> > user?
>
> It should really not be, did you create some mapping on the client ?
>
> > When I create a new user with FreeIPA, then I can login with GDM with
> > the new identity, however, the pam_namespace does not create
> > a /home/user and /tmp
>
> pam_mkhomedir is what creates home directories if properly configured.
>
> > When I try to change the Kerkeros password, it complains that it
> > cannot find any kdc.
>
> looks like a network or client configuration issue.
>
> > Is there something I missed in reading documents?
> >
> > Any help is appreciated.
>
> Make sure you follow the user guides throughly.
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20090608/8a2a277d/attachment.htm>

More information about the Freeipa-users mailing list