[Freeipa-users] Ubuntu precise client install -

Guy Matz gmatz at collective.com
Fri Jun 14 14:43:44 UTC 2013 

Yeah, ubuntu's ipa-client doesn't work for 12.04.  I wish it had been easier to find this out, but you can benefit from my weeks of hard work!  :-)

install the ipa client from the freeIPA PPA:

apt-add-repository ppa:freeipa/ppa



You'll also need the sssd updates PPA:

apt-add-repository ppa:sssd/updates

Run apt-get update, then

apt-get -y install openssh-server freeipa-client sssd

That may work.  If it doesn't install those packages, run apt-get dist-upgrade.

Next run ipa-client install.  You need to add a -N so that it doesn't check for ntp.  That's broken on ubuntu for some reason.  If the install doesn't work, and it tells you to uninstall first, check for /etc/ipa/default.conf and remove it.  If it still doesn't work, remove the files under /var/lib/ipa-client/sysrestore/ and run the ipa-client install again.  You'll get many warning & error messages, even with a successful install.  After install you can do a "ipa host-find host.domain" on your ipa server and you should see "Keytab: True"

restart sssd to get ssh authentication to work.

The ubuntu client install does not seem to do anything with the --mkhomedir switch, so you need to do that yourself.  create the file /usr/share/pam-configs/mkhomedir with the contents:
Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
        required                        pam_mkhomedir.so umask=0022 skel=/etc/skel

and run pam-auth-update

That should do it.

MANY thanks to tjaalton of ubuntu-freeipa for helping me out with most of this!!

On 06/13/2013 06:47 PM, Marcelo Carvalho wrote:
My first question is answered.

It took aa "ipa-client-install --uninstall"  to clean up all the mess done up to now and a new

  ipa-client-install --domain=xxxx.xxx --server=ipaserver.xxxxxx.xxx --realm=XXXXXX.XXX

It is working on the CentOS 6.4 but this did not clean the mess at the Ubuntu node.



On Thu, Jun 13, 2013 at 3:24 PM, Marcelo Carvalho <joaquimdecarvalho at gmail.com<mailto:joaquimdecarvalho at gmail.com>> wrote:
Sorry I do not use Ubuntu as my main desktop, and got confused by it.  All files are in /home/root-local.

I can login as root-local from the console using the local password.   From the GUI it show <user> name and does not allow me to login with either the local passwd nor the IPA one.


On Thu, Jun 13, 2013 at 2:48 PM, Marcelo Carvalho <joaquimdecarvalho at gmail.com<mailto:joaquimdecarvalho at gmail.com>> wrote:
"It shows on the Login GUI" I meant.


On Thu, Jun 13, 2013 at 2:47 PM, Marcelo Carvalho <joaquimdecarvalho at gmail.com<mailto:joaquimdecarvalho at gmail.com>> wrote:
Ubuntu 12.04.2

This is a box I use very often for testing and now after the ipa-client-install and a reboot, I complete lost my local user.  I show on the Login GUI but does not allow me to authenticate any password, not the IPA one not the local user one.  In fact I just logged as root and the local user is not even listed on the passwd file and there is NO files left on the /home/user directory.  /home/user is empty, but exist.




On Thu, Jun 13, 2013 at 2:21 PM, Guy Matz <gmatz at collective.com<mailto:gmatz at collective.com>> wrote:
Which version of ubuntu are you using?

On 06/13/2013 04:12 PM, Marcelo Carvalho wrote:
> Hi Folks.
>
> I have installed an ipa server and a replica on linux CentOS release
> 6.4 (Final).  It is using outside DNS.  I have https console access
> authenticating admin user through kerberos, and have migrated
> information on 80+ users and groups to it from a LDAP server.
>
> Packages related to ipa installed at main server are:
>
> [root ~]# rpm -qa | grep ipa
> ipa-server-selinux-3.0.0-26.el6_4.2.x86_64
> ipa-pki-ca-theme-9.0.3-7.el6.noarch
> libipa_hbac-1.9.2-82.el6.x86_64
> ipa-python-3.0.0-26.el6_4.2.x86_64
> ipa-admintools-3.0.0-26.el6_4.2.x86_64
> ipa-client-3.0.0-26.el6_4.2.x86_64
> python-iniparse-0.3.1-2.1.el6.noarch
> ipa-pki-common-theme-9.0.3-7.el6.noarch
> libipa_hbac-python-1.9.2-82.el6.x86_64
> ipa-server-3.0.0-26.el6_4.2.x86_64
> [root ~]#
>
> I am now on the process of installing a CentOS 6.4 as IPA client, and
> switch my Ubuntu desktop to use IPA as well.
>
> 1- On the CentOS 6.4 as IPA client:
>
> Packages installed are:
>
>  $ rpm -qa | grep ipa
> ipa-client-3.0.0-26.el6_4.2.x86_64
> ipa-python-3.0.0-26.el6_4.2.x86_64
> python-iniparse-0.3.1-2.1.el6.noarch
> libipa_hbac-python-1.9.2-82.el6.x86_64
> libipa_hbac-1.9.2-82.el6.x86_64
>
>
> I run installation line as follows and
>
>     ipa-client-install --domain=xxxx.xxx --server=ipaserver.xxxxxx.xxx
> --realm=XXXXXX.XXX
>
> Id did go well and I see output line:
>
>     Client configuration complete.
>
> Although all of the above I still cannot login into this new node
> using IPA.  It still checks the local users.
>
>
> 2- On the Ubunto desktop
>
>    I am locked out.  It now does not accept my IPA user-passwd not my
> local-user-passwd.
>
> Please advise on both.
>
> Many thanks,
>
> Marcelo
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130614/448b7499/attachment.htm>

More information about the Freeipa-users mailing list