tag:blogger.com,1999:blog-9074088395935637281.post7781835349603410078..comments2023-11-02T05:39:04.737-05:00Comments on Rick Foos HowTo Blog: HowTo: Free IPA on FedoraAnonymoushttp://www.blogger.com/profile/14367824362433235663noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-9074088395935637281.post-41890855512782066912013-05-14T13:57:07.360-05:002013-05-14T13:57:07.360-05:00Flawless!Flawless!Anonymoushttps://www.blogger.com/profile/08492028947426301508noreply@blogger.comtag:blogger.com,1999:blog-9074088395935637281.post-83479667977858971442012-02-01T11:16:12.514-06:002012-02-01T11:16:12.514-06:00Perfect, thank you. My goal is to define a default...Perfect, thank you. My goal is to define a default set of commands to have a physical server share accounts and permissions with IPA. So each VM would be an ipa client. ipa-ldap-updater isn't doing what I expect yet, on to ipa-client-install.Anonymoushttps://www.blogger.com/profile/14367824362433235663noreply@blogger.comtag:blogger.com,1999:blog-9074088395935637281.post-43321660814616502632012-02-01T07:11:06.418-06:002012-02-01T07:11:06.418-06:00Authconfig (aka system-config-authentication) is n...Authconfig (aka system-config-authentication) is not the correct way to set up a client of FreeIPA right now.<br /><br />We have an open bug (https://bugzilla.redhat.com/show_bug.cgi?id=731094) to add direct support.<br /><br />What you're seeing here is actually the configuration necessary to set up a client to talk to FreeIPA v1. It does not support setting up some of the advanced features of FreeIPA v2, most notably client enrollment and host-based access control (HBAC rules).<br /><br />The preferred way to configure a client to connect to a FreeIPA v2+ server is to use the 'ipa-client-install' tool from the 'freeipa-client' package.<br /><br />This will perform all the necessary steps to configure and enroll the client, including acquiring a host keytab that can be used by openssh for GSSAPI/Kerberos single-sign-on.Anonymousnoreply@blogger.com