[Freeipa-users] Integrating with NIS Domains and Netgroups

Dmitri Pal dpal at redhat.com
Wed Nov 19 13:19:14 UTC 2014 

On 11/19/2014 05:25 AM, Zhong Qiang wrote:
> thank you,
> It is work by using ldap+krb5 (nisclient:centos4.8).By the way, Is it 
> possible to enroll nisclient ? And how to do this?And how to carry out 
> HBAC RULES for nisclient?I try to use WebUI,but i am not succeed,look


Only SSSD understands IPA HBAC.
We have CentOS 7 nowadays and 7.1 is on the way so 4.8 is very old and 
your options will be very limited.


> like this:
>
>
>     Enrollment
>
>
> Kerberos Key: 	
> Kerberos Key Not Present
> One-Time-Password: 	
> One-Time-Password Not Present
>
> ------------------------------------------------------------------------
>
>
>     Host Certificate
>
>
> Status: 	
> *No Valid Certificate*
>
>
> regards,
> zhongq
>
> 2014-11-19 6:17 GMT+08:00 Dmitri Pal <dpal at redhat.com 
> <mailto:dpal at redhat.com>>:
>
>     On 11/18/2014 02:13 AM, Zhong Qiang wrote:
>>     hi,
>>         I have some hosts installed centos4.8/6.5/5.9,and want to
>>     centralize identity/policy/authorization.but ipa client isn't
>>     compatible with centos4.8,so I try to configure FreeIPA
>>     integrated with NIS Domains.
>>          IPAserver:centos7 (+DNS)
>>          nisclient:centos4.8
>>           ipaclient:centos6.6
>>
>>          I followed the instructions of this page:
>>     https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/nis.html,to
>>     add netgroup(nis_test) and users(zhongq).then configured nis
>>     client installed centos4.8.on the nis client, I could get  users
>>     data ,look like that:
>>
>>     [root at nisclient ~]# getent passwd zhongq
>>     zhongq:*:724800001:724800001:强 é:/home/zhongq:/bin/sh
>>
>>
>>     However,I do not succeed to log into nisclient with zhongq account.
>>     Any ideas?
>>
>>     Regards,
>>     zhongq
>>
>>
>     You need to use some other method for authentication. NIS only
>     supported for identity not for authentication. Use pam_ldap or
>     pam_krb5 for authentication part.
>
>     -- 
>     Thank you,
>     Dmitri Pal
>
>     Sr. Engineering Manager IdM portfolio
>     Red Hat, Inc.
>
>
>     --
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     Go To http://freeipa.org for more info on the project
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141119/6ddb649a/attachment.htm>

More information about the Freeipa-users mailing list