[Freeipa-users] red hat 5 and red hat 6 compatability
Rob Crittenden
rcritten at redhat.com
Wed May 2 14:17:02 UTC 2012
Matthew Davidson wrote:
> Greetings,
>
> Trying to get a Red Hat 5.8 server installed as a client to my Red Hat 6
> server.
>
> The first problem was at the install.
>
> yum install ipa-client ipa-admintools
>
> *No ipa-admintools! The RHEL5 system is registered with Red Hat and I
> have searched the web.*
There is no admin tools package for 5.x. Only a client enrollment script
is availab.e
> But I went ahead with the installation and I have joined RHEL5 to the
> domain.
>
> From the command line.
>
> kinit mdavidson will log in.
>
> klist
>
> Ticket cache: FILE:/tmp/krb5cc_0
>
> Default principal: mdavidson at EXAMPLE.COM <mailto:mdavidson at EXAMPLE.COM>
>
> Looks good but I cannot setup ssh and ssh is essential.
>
> I assume it’s because I cannot perform this part of the steps.
>
> http://bit.ly/Ivxxwj : Procedure 1.5. To configure a Red Hat Enterprise
> Linux 5 IPA client for incoming SSH connections:
>
> The IPA client installation process configures the NTP service by
> default, but you should ensure that time on the IPA client and server is
> synchronized. If it is not, run the following commands on the IPA client:
>
> # service ntpd stop
>
> # ntpdate -s -p 8 -u ipaserver.example.com
>
> # service ntpd start
>
> Note
>
> The ntpdate command does not work if ntpd is running.
>
> Obtain a Kerberos ticket for the admin user.
>
> # kinit admin
>
> Add a host service principal on the IPA client.
>
> # ipa-addservice host/ipaclient.example.com *(My error is -bash: ipa:
> command not found)*
>
> Retrieve the keytab.
>
> # ipa-getkeytab -s ipaserver.example.com -p host/ipaclient.example.com
> -k /etc/krb5.keytab *(My error is -bash: ipa: command not found)*
These instructions are for IPA v1. I don't know why you get an error
message about ipa not found when running ipa-<something> though.
The client installer should have already created a host service
principal. Run: klist -kt /etc/krb5.keytab to see what keys are available.
When you ran ipa-client-install were any errors reported?
It appears that basic nss services aren't working. Can you do:
id mdavidson
getent passwd mdavidson
If these don't work then sssd won't either (nor anything else).
rob
>
> From RHEL5 /var/log/secure:
>
> May 1 14:09:41 wkylexsys21 sshd[2984]: Invalid user mdavidson from
> 192.168.1.110
>
> May 1 14:09:41 wkylexsys21 sshd[2985]: input_userauth_request: invalid
> user mdavidson
>
> May 1 14:09:46 wkylexsys21 sshd[2984]: pam_unix(sshd:auth): check pass;
> user unknown
>
> May 1 14:09:46 wkylexsys21 sshd[2984]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=rhel6.example.com
>
> May 1 14:09:46 wkylexsys21 sshd[2984]: pam_succeed_if(sshd:auth): error
> retrieving information about user mdavidson
>
> May 1 14:09:48 wkylexsys21 sshd[2984]: Failed password for invalid user
> mdavidson from 192.168.1.110 port 58959 ssh2
>
> May 1 14:10:04 wkylexsys21 sshd[2984]: Failed password for invalid user
> mdavidson from 192.168.1.110 port 58959 ssh2
>
> May 1 14:10:09 wkylexsys21 sshd[2984]: pam_unix(sshd:auth): check pass;
> user unknown
>
> May 1 14:10:09 wkylexsys21 sshd[2984]: pam_succeed_if(sshd:auth): error
> retrieving information about user mdavidson
>
> May 1 14:10:10 wkylexsys21 sshd[2984]: Failed password for invalid user
> mdavidson from 192.168.1.110 port 58959 ssh2
>
> May 1 14:10:22 wkylexsys21 sshd[2984]: pam_unix(sshd:auth): check pass;
> user unknown
>
> May 1 14:10:22 wkylexsys21 sshd[2984]: pam_succeed_if(sshd:auth): error
> retrieving information about user mdavidson
>
> May 1 14:10:24 wkylexsys21 sshd[2984]: Failed password for invalid user
> mdavidson from 192.168.1.110 port 58959 ssh2
>
> DNS works.
>
> ntpd is running.
>
> I checked all the configuration files.
>
> I have searched for ipa-admintools and I’m sure this is why I cannot run
> the ipa commands in step 1.5.
>
> What am I missing? Any thoughts or suggestions?
>
> Matt
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list