[Freeipa-users] SSSD client (amazon linux) + IPA server (Redhat)
Alexander Bokovoy
abokovoy at redhat.com
Sat Sep 19 16:49:52 UTC 2015
On Wed, 16 Sep 2015, Gustavo Mateus wrote:
>Hi,
>
>I have an IPA server running on redhat and I'm trying find the best way to
>get my amazon linux instances to use it for authentication, ssh key
>management and sudo rules.
>
>I'm now trying to use SSSD to achieve those goals. Authentication is
>working but I'm having problems to get the user public ssh keys using
>/usr/bin/sss_ssh_authorizedkeys.
>
>
>This is my sssd.conf:
>
>[sssd]
>services = nss, pam, ssh, sudo
>config_file_version = 2
>domains = default
>re_expression = (?P<name>.+)
>
>[domain/default]
>debug_level = 8
>cache_credentials = True
>id_provider = ldap
>auth_provider = ldap
>ldap_uri = ldap://ipa.my.domain.com
>ldap_search_base = cn=compat,dc=my,dc=domain,dc=com
>ldap_tls_cacert = /etc/openldap/cacerts/ipa.crt
>ldap_user_ssh_public_key = ipaSshPubKey
>
>
>The original configuration was done using ipa-advise ipa-advise
>config-redhat-sssd-before-1-9. I just hanged the services parameter to
>include "ssh, sudo" and "ldap_user_ssh_public_key"
>
Change your ldap_search_base to 'cn=accounts,dc=my,dc=domain,dc=com'
ipa-advise recipes are templates, mostly to allow old non-RFC2307bis
clients to be configured. You have SSSD, it supports RFC2307bis.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list