[Freeipa-users] Integrating with NIS Domains and Netgroups
Dmitri Pal
dpal at redhat.com
Wed Nov 19 13:19:14 UTC 2014
On 11/19/2014 05:25 AM, Zhong Qiang wrote:
> thank you,
> It is work by using ldap+krb5 (nisclient:centos4.8).By the way, Is it
> possible to enroll nisclient ? And how to do this?And how to carry out
> HBAC RULES for nisclient?I try to use WebUI,but i am not succeed,look
Only SSSD understands IPA HBAC.
We have CentOS 7 nowadays and 7.1 is on the way so 4.8 is very old and
your options will be very limited.
> like this:
>
>
> Enrollment
>
>
> Kerberos Key:
> Kerberos Key Not Present
> One-Time-Password:
> One-Time-Password Not Present
>
> ------------------------------------------------------------------------
>
>
> Host Certificate
>
>
> Status:
> *No Valid Certificate*
>
>
> regards,
> zhongq
>
> 2014-11-19 6:17 GMT+08:00 Dmitri Pal <dpal at redhat.com
> <mailto:dpal at redhat.com>>:
>
> On 11/18/2014 02:13 AM, Zhong Qiang wrote:
>> hi,
>> I have some hosts installed centos4.8/6.5/5.9,and want to
>> centralize identity/policy/authorization.but ipa client isn't
>> compatible with centos4.8,so I try to configure FreeIPA
>> integrated with NIS Domains.
>> IPAserver:centos7 (+DNS)
>> nisclient:centos4.8
>> ipaclient:centos6.6
>>
>> I followed the instructions of this page:
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/nis.html,to
>> add netgroup(nis_test) and users(zhongq).then configured nis
>> client installed centos4.8.on the nis client, I could get users
>> data ,look like that:
>>
>> [root at nisclient ~]# getent passwd zhongq
>> zhongq:*:724800001:724800001:强 é:/home/zhongq:/bin/sh
>>
>>
>> However,I do not succeed to log into nisclient with zhongq account.
>> Any ideas?
>>
>> Regards,
>> zhongq
>>
>>
> You need to use some other method for authentication. NIS only
> supported for identity not for authentication. Use pam_ldap or
> pam_krb5 for authentication part.
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141119/6ddb649a/attachment.htm>
More information about the Freeipa-users
mailing list