[Freeipa-users] Re: FreeIPA beginner

Simo Sorce ssorce at redhat.com
Thu Jun 4 12:58:26 UTC 2009


Moved to freeipa-users,
Rob please use this list for user help questions.

On Thu, 2009-06-04 at 14:46 +0200, Rob Visser wrote:
> Hello,
>  
> Just recently I installed na IPA server and IP client on two Fedora 10
> computers.
> I managed to get ssh working for the admin user (with single sign on).
> I am confused about the the relation between Kerberos and UNIX
> identities.
> A few questions:
> - Is it required to add the UNIX user (in the passwd file) after
> entering the user with FreeIPA? Or perhaps the other way around?

your client should be configured to use nss_ldap, users are created on
the freeIPA server and seen by all clients.

> - If so, then I assume with the UID/GID that are generated with the
> "add  user".

UID/GID are generate on the freeipa server and distributed to all
clients via nss_ldap

> - The admin user automagically seems to be linked to the (unix) root
> user?

It should really not be, did you create some mapping on the client ?

> When I create a new user with FreeIPA, then I can login with GDM with
> the new identity, however, the pam_namespace does not create
> a /home/user and /tmp

pam_mkhomedir is what creates home directories if properly configured.
 
> When I try to change the Kerkeros password, it complains that it
> cannot find any kdc.

looks like a network or client configuration issue.

> Is there something I missed in reading documents?
>  
> Any help is appreciated.

Make sure you follow the user guides throughly.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York




More information about the Freeipa-users mailing list