[Freeipa-users] red hat 5 and red hat 6 compatability

Matthew Davidson matt at mldserviceslex.com
Wed May 2 15:10:20 UTC 2012 

To clarify one point.
I used the current redhat documents to setup the two systems.

Red_Hat_Enterprise_Linux-5-Configuring_Identity_Management-en-US

Red_Hat_Enterprise_Linux-6-Identity_Management_Guide-en-US

SSH does not seem to be discussed and that is when I started web surfing in an attempt to fix my problem before reaching out for help.

thanks,Matt
----------------------------------------
> Date: Wed, 2 May 2012 10:17:02 -0400
> From: rcritten at redhat.com
> To: matt at mldserviceslex.com
> CC: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] red hat 5 and red hat 6 compatability
>
> Matthew Davidson wrote:
> > Greetings,
> >
> > Trying to get a Red Hat 5.8 server installed as a client to my Red Hat 6
> > server.
> >
> > The first problem was at the install.
> >
> > yum install ipa-client ipa-admintools
> >
> > *No ipa-admintools! The RHEL5 system is registered with Red Hat and I
> > have searched the web.*
>
> There is no admin tools package for 5.x. Only a client enrollment script
> is availab.e
>
> > But I went ahead with the installation and I have joined RHEL5 to the
> > domain.
> >
> > From the command line.
> >
> > kinit mdavidson will log in.
> >
> > klist
> >
> > Ticket cache: FILE:/tmp/krb5cc_0
> >
> > Default principal: mdavidson at EXAMPLE.COM <mailto:mdavidson at EXAMPLE.COM>
> >
> > Looks good but I cannot setup ssh and ssh is essential.
> >
> > I assume it’s because I cannot perform this part of the steps.
> >
> > http://bit.ly/Ivxxwj : Procedure 1.5. To configure a Red Hat Enterprise
> > Linux 5 IPA client for incoming SSH connections:
> >
> > The IPA client installation process configures the NTP service by
> > default, but you should ensure that time on the IPA client and server is
> > synchronized. If it is not, run the following commands on the IPA client:
> >
> > # service ntpd stop
> >
> > # ntpdate -s -p 8 -u ipaserver.example.com
> >
> > # service ntpd start
> >
> > Note
> >
> > The ntpdate command does not work if ntpd is running.
> >
> > Obtain a Kerberos ticket for the admin user.
> >
> > # kinit admin
> >
> > Add a host service principal on the IPA client.
> >
> > # ipa-addservice host/ipaclient.example.com *(My error is -bash: ipa:
> > command not found)*
> >
> > Retrieve the keytab.
> >
> > # ipa-getkeytab -s ipaserver.example.com -p host/ipaclient.example.com
> > -k /etc/krb5.keytab *(My error is -bash: ipa: command not found)*
>
> These instructions are for IPA v1. I don't know why you get an error
> message about ipa not found when running ipa-<something> though.
>
> The client installer should have already created a host service
> principal. Run: klist -kt /etc/krb5.keytab to see what keys are available.
>
> When you ran ipa-client-install were any errors reported?
>
> It appears that basic nss services aren't working. Can you do:
>
> id mdavidson
> getent passwd mdavidson
>
> If these don't work then sssd won't either (nor anything else).
>
> rob
>
> >
> > From RHEL5 /var/log/secure:
> >
> > May 1 14:09:41 wkylexsys21 sshd[2984]: Invalid user mdavidson from
> > 192.168.1.110
> >
> > May 1 14:09:41 wkylexsys21 sshd[2985]: input_userauth_request: invalid
> > user mdavidson
> >
> > May 1 14:09:46 wkylexsys21 sshd[2984]: pam_unix(sshd:auth): check pass;
> > user unknown
> >
> > May 1 14:09:46 wkylexsys21 sshd[2984]: pam_unix(sshd:auth):
> > authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> > rhost=rhel6.example.com
> >
> > May 1 14:09:46 wkylexsys21 sshd[2984]: pam_succeed_if(sshd:auth): error
> > retrieving information about user mdavidson
> >
> > May 1 14:09:48 wkylexsys21 sshd[2984]: Failed password for invalid user
> > mdavidson from 192.168.1.110 port 58959 ssh2
> >
> > May 1 14:10:04 wkylexsys21 sshd[2984]: Failed password for invalid user
> > mdavidson from 192.168.1.110 port 58959 ssh2
> >
> > May 1 14:10:09 wkylexsys21 sshd[2984]: pam_unix(sshd:auth): check pass;
> > user unknown
> >
> > May 1 14:10:09 wkylexsys21 sshd[2984]: pam_succeed_if(sshd:auth): error
> > retrieving information about user mdavidson
> >
> > May 1 14:10:10 wkylexsys21 sshd[2984]: Failed password for invalid user
> > mdavidson from 192.168.1.110 port 58959 ssh2
> >
> > May 1 14:10:22 wkylexsys21 sshd[2984]: pam_unix(sshd:auth): check pass;
> > user unknown
> >
> > May 1 14:10:22 wkylexsys21 sshd[2984]: pam_succeed_if(sshd:auth): error
> > retrieving information about user mdavidson
> >
> > May 1 14:10:24 wkylexsys21 sshd[2984]: Failed password for invalid user
> > mdavidson from 192.168.1.110 port 58959 ssh2
> >
> > DNS works.
> >
> > ntpd is running.
> >
> > I checked all the configuration files.
> >
> > I have searched for ipa-admintools and I’m sure this is why I cannot run
> > the ipa commands in step 1.5.
> >
> > What am I missing? Any thoughts or suggestions?
> >
> > Matt
> >
> >
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
>
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120502/3d0ff3d7/attachment.htm>

More information about the Freeipa-users mailing list