[Freeipa-users] how to configure Linux Cent Os as ipa client manual installation
Martin Kosek
mkosek at redhat.com
Mon Jan 5 15:15:59 UTC 2015
On 01/05/2015 03:24 PM, Janelle wrote:
> Hi everyone, Happy New Year.
>
> Was following this thread and wondering about those of us with a couple of
> 2000-3000 servers to run ipa-client-install on? Any suggestions? Was looking
> around for even the basics of puppet or chef configs, but nothing exists.
>
> Any suggestions? One of the concerns I have is, even with puppet/chef, you need
> credentials during the install to "add" the client on the server. Security?
Right, it is not a very good idea to bake an admin password in the Puppet
scripts. Couple options you can follow:
- Install clients using pre-created one time password or host keytab (you need
to create the client host entry first)
- If you still want to use the privileged account to enroll the client, you can
also pass it's password to ipa-client-install stdin, when it's running it
unattended mode. This way you will avoid having it baked in your configs directly:
# cat /root/enrollman_password | ipa-client-install --unattended --principal
enrollman
HTH.
>
> ~J
>
>
> On 1/5/15 3:27 AM, Martin Kosek wrote:
>> On 12/29/2014 09:54 PM, Dmitri Pal wrote:
>>> On 12/20/2014 05:02 AM, Ben .T.George wrote:
>>>> Hi
>>>>
>>>> I was trying to configure centos as ipa client and got failed with that,.
>>>>
>>>> anyone please help me to configure centos as ipa client through manual
>>>> configuration.
>>>>
>>>> Regards,
>>>> Ben
>>>>
>>>>
>>> Sorry for a delayed response.
>>> What version of CentOS? What version of the server?
>>> Why manually? On CentOS you can use ipa-client-install and it will do the work
>>> for you.
>>> What did you do and what did not work?
>> You can find some info here:
>> http://www.freeipa.org/page/Troubleshooting#Client_Installation
>>
>> If I read correctly, you are trying to do manual configuration. This may be a
>> tricky procedure and is not tested regularly. ipa-client-install is the way to
>> go in most deployments as it helps you avoid the pitfalls you probably hit.
>>
>> Martin
>>
>
More information about the Freeipa-users
mailing list