[CentOS] IPA Client Install
James Hogarth
james.hogarth at gmail.com
Fri Jun 14 08:01:04 UTC 2013
>
>
> My bad. I probably did a second ipa-clien-install without the proper
> --unistall before.
>
>
>
I've messed up clients like that before ...
Okay looking at my servers.... DNS records:
_kerberos TXT REALMNAME (eg EXAMPLE.COM)
_kerberos-master._tcp SRV 0 100 88 ipa01
_kerberos-master._udp SRV 0 100 88 ipa01
_kerberos._tcp SRV 0 100 88 ipa01
_kerberos._udp SRV 0 100 88 ipa01
_kpasswd._tcp SRV 0 100 464 ipa01
_kpasswd._udp SRV 0 100 464 ipa01
_ldap._tcp SRV 0 100 389 ipa01
_ntp._udp SRV 0 100 123 ipa01
Those are all the SRV records...
My sssd.conf looks like:
[domain/example.com]
cache_credentials = True
krb5_store_password_if_offline = True
krb5_realm = EXAMPLE.COM
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_dyndns_update = True
ipa_server = _srv_, ipa01.example.com
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh
config_file_version = 2
domains = example.com
[nss]
[pam]
[sudo]
[autofs]
[ssh]
This has been upgraded over time a bit and so on ... you might want to try
out libsss_sudo rather than ldap based sudo in EL6.4 for example (add sudo
to services and sss to nsswitch in a sudoers: files sss line for example).
Hope that helps out a bit!
I saw you post on freeipa-users ... they are a good bunch there and will
hopefully sort any remaining issues you have.
More information about the CentOS
mailing list