[Freeipa-users] Getting client status
Natxo Asenjo
natxo.asenjo at gmail.com
Thu Apr 14 12:53:15 UTC 2016
On Thu, Apr 14, 2016 at 2:28 PM, Stephen Berg (Contractor) <
stephen.berg.ctr at nrlssc.navy.mil> wrote:
> I'm looking for a command line method to get current status on a client
> without having a ticket or authenticating to the IPA domain.
>
> Back in the NIS days from a client you could run "ypwhich" and be able to
> know if that system were bound to the NIS and which server it had bound
> to. So far I can't find a way to do a similar function in FreeIPA.
>
> I'd to do this from a cron job on each client once a day.
>
interesting. In a fast review in some domain joined hosts you could get the
info in /var/lib/sss/pubconf/kdcinfo.YOUR.REALM, there you see the ip
address of the kdc last contated by the host before renewing its secure
channel, I guess.
The file is world readable, so you should not need any special privileges
to read it.
Otherwise you would have to enable some logging in sssd (out of the box it
does not log nearly anything) and parse the logs in /var/log/sssd/*
HTH
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160414/819a4f11/attachment.htm>
More information about the Freeipa-users
mailing list