[Freeipa-users] New FreeIPA Install; Testing for Proof of Concept
Rob Ogilvie
rob at axpr.net
Tue Aug 7 20:00:20 UTC 2012
Good Afternoon,
I'm testing FreeIPA for a proof-of-concept replacement of NIS on OEL 6.3
(RHEL 6.3). I followed the guide to set up the FreeIPA server, and it
seems to be working great on the IPA server itself. I can ssh in as admin,
type my password, and I'm in.
I then have been struggling with getting it going on client systems. As
I'm not setting any of this up with DNS (I want this to be as un-obtrusive
as possible), I executed the following command:
ipa-client-install --no-dns-sshfp --no-ntp --server=ovm-auth.<domain>
--domain=<domain>
It asked me for admin's username and password and threw a warning about
getent passwd admin not returning anything. Sure enough, it doesn't return
anything on the client (although it does on the server).
>From the client, I'm able to kinit admin, type my password, and then
passwordlessly ssh over to the auth server.
I do see these entries in my log file on the client:
Aug 7 12:52:56 ovm-c19-db [sssd[ldap_child[2010]]]: Failed to initialize
credentials using keytab [(null)]: Client 'host/ovm-c19-db<domain>@<REALM>'
not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP
connection.
Aug 7 12:52:56 ovm-c19-db [sssd[ldap_child[2010]]]: Client not found in
Kerberos database
I'm pretty new at Kerberos, so am unsure exactly what this might mean.
Thanks for any pointers!
Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120807/013a4e31/attachment.htm>
More information about the Freeipa-users
mailing list