[Freeipa-users] New FreeIPA Install; Testing for Proof of Concept

[Rob Ogilvie]

Good Afternoon,

I'm testing FreeIPA for a proof-of-concept replacement of NIS on OEL 6.3
(RHEL 6.3).  I followed the guide to set up the FreeIPA server, and it
seems to be working great on the IPA server itself.  I can ssh in as admin,
type my password, and I'm in.

I then have been struggling with getting it going on client systems.  As
I'm not setting any of this up with DNS (I want this to be as un-obtrusive
as possible), I executed the following command:

ipa-client-install --no-dns-sshfp --no-ntp --server=ovm-auth.<domain>
--domain=<domain>

It asked me for admin's username and password and threw a warning about
getent passwd admin not returning anything.  Sure enough, it doesn't return
anything on the client (although it does on the server).

>From the client, I'm able to kinit admin, type my password, and then
passwordlessly ssh over to the auth server.

I do see these entries in my log file on the client:

Aug  7 12:52:56 ovm-c19-db [sssd[ldap_child[2010]]]: Failed to initialize
credentials using keytab [(null)]: Client 'host/ovm-c19-db<domain>@<REALM>'
not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP
connection.
Aug  7 12:52:56 ovm-c19-db [sssd[ldap_child[2010]]]: Client not found in
Kerberos database

I'm pretty new at Kerberos, so am unsure exactly what this might mean.

Thanks for any pointers!

Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120807/013a4e31/attachment.htm>