[Freeipa-users] cant authenticate using freeipa userid on ubuntu12.04

Todd Maugh tmaugh at boingo.com
Mon Mar 31 22:30:28 UTC 2014 

I have found this to be my only way to get Ubuntu to work with ipa as clients

Add the IDM servers to the hosts file

		echo "{ip address of idmserver}   {fqdn of idm server " >> /etc/hosts

Set the Hostname for the box

		echo "ubuntu-idm-02.boingo.com" > /etc/hostname
	
Add ipa and sssd repos to box

		apt-add-repository http://ppa.launchpad.net/freeipa/ppa/ubuntu

		apt-add-repository 'http://ppa.launchpad.net/sssd/updates/ubuntu'

		apt-get update

Install the Ipa Client

		apt-get install -y freeipa-client


Realm: YOUR REALM

DOMAIN: YOUR DOMAIN

SERVER: FQDN OF YOUR IDMSERVER

user to enroll: admin

password : YOUR PASSWORD


Make some modifications to ubuntu

		mkdir -p /etc/pki/nssdb

		certutil -N --empty-password -d /etc/pki/nssdb 

		mkdir -p /var/run/ipa

Clear out original install 

		rm -f /etc/ipa/default.conf

Move aside and re version the python version

		cp /usr/share/pyshared/ipapython/version.py /usr/share/pyshared/ipapython/version.py.bak

		sed -i "s/API_VERSION=.*/API_VERSION=u'2.49'/g" /usr/share/pyshared/ipapython/version.py

install the ipa

		ipa-client-install


		restart sssd

		service sssd restart



you should then have a walking talking Ubuntu client

-----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Rob Crittenden
Sent: Monday, March 31, 2014 1:58 PM
To: Gustavo Berman; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] cant authenticate using freeipa userid on ubuntu12.04

Gustavo Berman wrote:
>
> Sabin Ranjit <sabinranjit at ...> writes:
>
>>
>>
>>      hi,
>>      i followed this page for the installation of freeipa client over the
>>      ubuntu 12.04
> server.http://www.redhat.com/archives/freeipa-users/2013-June/msg00091
> .html
>>      everything seem to go as mentioned in the page. when i get at the
>>      freeipa server with the command ipa host-find
>>      i can even see my ubuntu server listed there with "Keytab: 
>> True". The
> problem is that im not being able
>>        to authenticate with the username listed in the freeipa server.
>>        if i try to run : "su ldapuserid" ubuntu errors "unknown id:
>>        ldapuserid"
>>        i cant even ssh to the ubuntu server with the ldapuserid.
>>        what can be the possible solutions?
>>        please help. thanks.
>>        regards,
>>        sabin
>>
>
>
> Hi Sabin
> Please try my howto:
> http://askubuntu.com/questions/295075/freeipa-client-on-ubuntu
>
> I assembled it from that same mail and other sources
>
> Tavo.

Sabin, if you can confirm these steps maybe we can add this to the Howto section on freeipa.org. Except for the localhost thing (probably
unnecessary) and maybe messing with the version (we might agree to disagree on that) this looks really good.

cheers

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list