<div dir="ltr"><div><div><div><div>thank you,<br></div>It is work by using ldap+krb5 (nisclient:centos4.8).By the way, Is it possible to enroll nisclient ? And how to do this?And how to carry out HBAC RULES for nisclient?I try to use WebUI,but i am not succeed,look <br></div>like this:<br><br><div class="" title="Enrollment" name="enrollment"><h2 title="Enrollment" name="enrollment"><span class="" name="icon"></span> Enrollment</h2><div style="display:block" class="" name="enrollment"><div class=""><br></div><table class=""><tbody><tr><td title="Kerberos Key" class=""><label class="" name="has_keytab">Kerberos Key:</label></td><td title="Kerberos Key" class=""><div class="" name="has_keytab"><span style="display:inline" name="missing"><img class="" src="https://ipaserver.ctcnet.com/ipa/ui/images/caution-icon.png"> Kerberos Key Not Present</span></div></td></tr><tr><td title="One-Time-Password" class=""><label class="" name="has_password">One-Time-Password:</label></td><td title="One-Time-Password" class=""><div class="" name="has_password"><span style="display:inline" name="missing"><img class="" src="https://ipaserver.ctcnet.com/ipa/ui/images/caution-icon.png"> One-Time-Password Not Present</span></div></td></tr></tbody></table></div></div><hr><div class="" title="Host Certificate" name="certificate"><h2 title="Host Certificate" name="certificate"><span class="" name="icon"></span> Host Certificate</h2><div class="" name="certificate"><div class=""><br></div><table class=""><tbody><tr><td title="Status" class=""><label class="" name="certificate_status">Status:</label></td><td title="Status" class=""><div class="" name="certificate_status"><div style name="certificate-missing"><img class="" style="float: left;" src="https://ipaserver.ctcnet.com/ipa/ui/images/caution-icon.png"><div style="float:left"><b>No Valid Certificate</b></div></div></div></td></tr></tbody></table></div></div><br></div>regards,<br></div>zhongq<br></div><div class="gmail_extra"><br><div class="gmail_quote">2014-11-19 6:17 GMT+08:00 Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000"><div><div class="h5">
    <div>On 11/18/2014 02:13 AM, Zhong Qiang
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">
        <div>
          <div>
            <div>hi,<br>
            </div>
                I have some hosts installed centos4.8/6.5/5.9,and want
            to centralize identity/policy/authorization.but ipa client
            isn't compatible with centos4.8,so I try to configure
            FreeIPA integrated with NIS Domains.<br>
          </div>
          <div>     IPAserver:centos7 (+DNS)<br>
          </div>
          <div>     nisclient:centos4.8<br>
          </div>
          <div>      ipaclient:centos6.6<br>
            <br>
          </div>
               I followed the instructions of this page:  <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/nis.html,to" target="_blank">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/nis.html,to</a>
          add netgroup(nis_test) and users(zhongq).then configured nis
          client installed centos4.8.on the nis client, I could get 
          users data ,look like that:<br>
          <br>
          [root@nisclient ~]# getent passwd zhongq<br>
          zhongq:*:724800001:724800001:强 é:/home/zhongq:/bin/sh<br>
          <br>
          <br>
        </div>
        <div>However,I do not succeed to log into nisclient with zhongq
          account.<br>
        </div>
        <div>Any ideas?<br>
          <br>
        </div>
        <div>Regards,<br>
        </div>
        <div>zhongq<br>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
    </blockquote></div></div>
    You need to use some other method for authentication. NIS only
    supported for identity not for authentication. Use pam_ldap or
    pam_krb5 for authentication part.<span class="HOEnZb"><font color="#888888"><br>
    <br>
    <pre cols="72">-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
  </font></span></div>

<br>--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go To <a href="http://freeipa.org" target="_blank">http://freeipa.org</a> for more info on the project<br></blockquote></div><br></div>