[Freeipa-users] FreeIPA V1.2 UBUNTU 10.04LTS Client Authentication
Stephen Gallagher
sgallagh at redhat.com
Tue Oct 5 18:34:36 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/05/2010 12:53 PM, Hemminger, Corey Lee.
[heco0701 at stcloudstate.edu] wrote:
> I was wondering if anyone knew of a good guide to get the new Ubuntu LTS 10.04 OS to authenticate against a FreeIPA server. It would also be a good one to add to the client config list as a Debian/Ubuntu client guide. Then I think you'd cover the majority of popular OS's in the client config guides. I noticed in the ubuntu apt repo that there is an sssd package version 1.0.6-0ubuntu1~lucid1. Just not sure how to configure it for authentication and FreeIPA.
>
Just so you know, the version of SSSD in Lucid right now is very old
(and no longer supported upstream). The Maverick APT repositories have
SSSD 1.2.1, which is much more recent and still supported. I'd recommend
using that as your IPA client, rather than 1.0.x
First, you'll need to create a host keytab for your client. You can do
this on the server by following these instructions:
http://freeipa.org/docs/1.2/Administration_Guide/en-US/html/sect-Administration_Guide-Configuring_Authentication-Managing_Service_Principals.html
You'll need to create a service principal for
host/fully.qualified.domain at REALM.COM, then generate a keytab and
transfer it over to the client.
With IPA 1.2, you'd want to set it up as an LDAP+Kerberos system. See
https://fedorahosted.org/sssd/wiki/HOWTO_Configure#Example3:AuthenticatingagainstaKerberosserver
for an example of how to do this.
As an option, you can also add the lines:
ldap_sasl_mech = gssapi
ldap_krb5_keyrab = /path/to/keytab
This will use your kerberos keytab to encrypt communications with your
LDAP server (an optional, but nice feature).
There is no documentation currently for Ubuntu because no one has tried
to write one. If you would like to record your notes and submit them
later, we can have one of our doc people take a look and see if we can
add it to the formal documentation.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkyrb7wACgkQeiVVYja6o6MC7QCdHVrnUDActC3cuuqnVogiaFTy
k9gAn16wUSy50Qv3vEHz0+u4vhT1GwX1
=k4f5
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list