[CentOS] IPA Client Install

Fri Jun 14 19:33:53 UTC 2013
Marcelo Carvalho <marcelo at alexa.com>

>  Okay looking at my servers.... DNS records:

Wonderful, thank you.  I will go over this and see how to implement.

> I saw you post on freeipa-users ...

Remaining issue are implementation of DNS records(above), Ubuntu and Mac clients, which I think now Ubunty is about CA installation.  Will see.  Mac is giving me more trouble and will deal with that later.  All others have been resolved.

Wiil keep posting solutions.

Many thanks,

M.

----- Original Message -----
From: "James Hogarth" <james.hogarth at gmail.com>
To: "CentOS mailing list" <centos at centos.org>
Sent: Friday, June 14, 2013 1:01:04 AM
Subject: Re: [CentOS] IPA Client Install

>
>
> My bad.  I probably did a second ipa-clien-install without the proper
> --unistall before.
>
>
>
I've messed up clients like that before ...

Okay looking at my servers.... DNS records:

_kerberos TXT REALMNAME (eg EXAMPLE.COM)
_kerberos-master._tcp SRV 0 100 88 ipa01
_kerberos-master._udp SRV 0 100 88 ipa01
_kerberos._tcp SRV 0 100 88 ipa01
_kerberos._udp SRV 0 100 88 ipa01
_kpasswd._tcp SRV 0 100 464 ipa01
_kpasswd._udp SRV 0 100 464 ipa01
_ldap._tcp SRV 0 100 389 ipa01
_ntp._udp SRV 0 100 123 ipa01

Those are all the SRV records...

My sssd.conf looks like:

[domain/example.com]

cache_credentials = True
krb5_store_password_if_offline = True
krb5_realm = EXAMPLE.COM
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_dyndns_update = True
ipa_server = _srv_, ipa01.example.com
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, pam, ssh
config_file_version = 2

domains = example.com
[nss]

[pam]

[sudo]

[autofs]

[ssh]


This has been upgraded over time a bit and so on ... you might want to try
out libsss_sudo rather than ldap based sudo in EL6.4 for example (add sudo
to services and sss to nsswitch in a sudoers: files sss line for example).

Hope that helps out a bit!

I saw you post on freeipa-users ... they are a good bunch there and will
hopefully sort any remaining issues you have.
_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos