[Freeipa-users] Ubuntu precise client install -
Guy Matz
gmatz at collective.com
Fri Jun 14 14:43:44 UTC 2013
Yeah, ubuntu's ipa-client doesn't work for 12.04. I wish it had been easier to find this out, but you can benefit from my weeks of hard work! :-)
install the ipa client from the freeIPA PPA:
apt-add-repository ppa:freeipa/ppa
You'll also need the sssd updates PPA:
apt-add-repository ppa:sssd/updates
Run apt-get update, then
apt-get -y install openssh-server freeipa-client sssd
That may work. If it doesn't install those packages, run apt-get dist-upgrade.
Next run ipa-client install. You need to add a -N so that it doesn't check for ntp. That's broken on ubuntu for some reason. If the install doesn't work, and it tells you to uninstall first, check for /etc/ipa/default.conf and remove it. If it still doesn't work, remove the files under /var/lib/ipa-client/sysrestore/ and run the ipa-client install again. You'll get many warning & error messages, even with a successful install. After install you can do a "ipa host-find host.domain" on your ipa server and you should see "Keytab: True"
restart sssd to get ssh authentication to work.
The ubuntu client install does not seem to do anything with the --mkhomedir switch, so you need to do that yourself. create the file /usr/share/pam-configs/mkhomedir with the contents:
Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
required pam_mkhomedir.so umask=0022 skel=/etc/skel
and run pam-auth-update
That should do it.
MANY thanks to tjaalton of ubuntu-freeipa for helping me out with most of this!!
On 06/13/2013 06:47 PM, Marcelo Carvalho wrote:
My first question is answered.
It took aa "ipa-client-install --uninstall" to clean up all the mess done up to now and a new
ipa-client-install --domain=xxxx.xxx --server=ipaserver.xxxxxx.xxx --realm=XXXXXX.XXX
It is working on the CentOS 6.4 but this did not clean the mess at the Ubuntu node.
On Thu, Jun 13, 2013 at 3:24 PM, Marcelo Carvalho <joaquimdecarvalho at gmail.com<mailto:joaquimdecarvalho at gmail.com>> wrote:
Sorry I do not use Ubuntu as my main desktop, and got confused by it. All files are in /home/root-local.
I can login as root-local from the console using the local password. From the GUI it show <user> name and does not allow me to login with either the local passwd nor the IPA one.
On Thu, Jun 13, 2013 at 2:48 PM, Marcelo Carvalho <joaquimdecarvalho at gmail.com<mailto:joaquimdecarvalho at gmail.com>> wrote:
"It shows on the Login GUI" I meant.
On Thu, Jun 13, 2013 at 2:47 PM, Marcelo Carvalho <joaquimdecarvalho at gmail.com<mailto:joaquimdecarvalho at gmail.com>> wrote:
Ubuntu 12.04.2
This is a box I use very often for testing and now after the ipa-client-install and a reboot, I complete lost my local user. I show on the Login GUI but does not allow me to authenticate any password, not the IPA one not the local user one. In fact I just logged as root and the local user is not even listed on the passwd file and there is NO files left on the /home/user directory. /home/user is empty, but exist.
On Thu, Jun 13, 2013 at 2:21 PM, Guy Matz <gmatz at collective.com<mailto:gmatz at collective.com>> wrote:
Which version of ubuntu are you using?
On 06/13/2013 04:12 PM, Marcelo Carvalho wrote:
> Hi Folks.
>
> I have installed an ipa server and a replica on linux CentOS release
> 6.4 (Final). It is using outside DNS. I have https console access
> authenticating admin user through kerberos, and have migrated
> information on 80+ users and groups to it from a LDAP server.
>
> Packages related to ipa installed at main server are:
>
> [root ~]# rpm -qa | grep ipa
> ipa-server-selinux-3.0.0-26.el6_4.2.x86_64
> ipa-pki-ca-theme-9.0.3-7.el6.noarch
> libipa_hbac-1.9.2-82.el6.x86_64
> ipa-python-3.0.0-26.el6_4.2.x86_64
> ipa-admintools-3.0.0-26.el6_4.2.x86_64
> ipa-client-3.0.0-26.el6_4.2.x86_64
> python-iniparse-0.3.1-2.1.el6.noarch
> ipa-pki-common-theme-9.0.3-7.el6.noarch
> libipa_hbac-python-1.9.2-82.el6.x86_64
> ipa-server-3.0.0-26.el6_4.2.x86_64
> [root ~]#
>
> I am now on the process of installing a CentOS 6.4 as IPA client, and
> switch my Ubuntu desktop to use IPA as well.
>
> 1- On the CentOS 6.4 as IPA client:
>
> Packages installed are:
>
> $ rpm -qa | grep ipa
> ipa-client-3.0.0-26.el6_4.2.x86_64
> ipa-python-3.0.0-26.el6_4.2.x86_64
> python-iniparse-0.3.1-2.1.el6.noarch
> libipa_hbac-python-1.9.2-82.el6.x86_64
> libipa_hbac-1.9.2-82.el6.x86_64
>
>
> I run installation line as follows and
>
> ipa-client-install --domain=xxxx.xxx --server=ipaserver.xxxxxx.xxx
> --realm=XXXXXX.XXX
>
> Id did go well and I see output line:
>
> Client configuration complete.
>
> Although all of the above I still cannot login into this new node
> using IPA. It still checks the local users.
>
>
> 2- On the Ubunto desktop
>
> I am locked out. It now does not accept my IPA user-passwd not my
> local-user-passwd.
>
> Please advise on both.
>
> Many thanks,
>
> Marcelo
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130614/448b7499/attachment.htm>
More information about the Freeipa-users
mailing list