[Freeipa-users] how to configure Linux Cent Os as ipa client manual installation

Dmitri Pal dpal at redhat.com
Mon Jan 5 15:57:54 UTC 2015 

On 01/05/2015 10:26 AM, Rob Crittenden wrote:
> Janelle wrote:
>> Hi everyone, Happy New Year.
>>
>> Was following this thread and wondering about those of us with a couple
>> of 2000-3000 servers to run ipa-client-install on? Any suggestions?  Was
>> looking around for even the basics of puppet or chef configs, but
>> nothing exists.
>>
>> Any suggestions? One of the concerns I have is, even with puppet/chef,
>> you need credentials during the install to "add" the client on the
>> server. Security?
> If you want puppet I'd start with https://github.com/purpleidea/puppet-ipa
>
> As for enrolling a slew of systems, it depends on whether they are new
> or to-be-deployed. You can generate an OTP for the clients to avoid
> having to pass around admin-level credentials, for example. You can do
> this for existing or new, but it can be easier on new systems as the OTP
> can be passed in during kickstart.

You might want to consider Foreman which now has IPA integration for 
automatic provisioning and enrollment.

>
> rob
>
>> ~J
>>
>>
>> On 1/5/15 3:27 AM, Martin Kosek wrote:
>>> On 12/29/2014 09:54 PM, Dmitri Pal wrote:
>>>> On 12/20/2014 05:02 AM, Ben .T.George wrote:
>>>>> Hi
>>>>>
>>>>> I was trying to configure centos as ipa client and got failed with
>>>>> that,.
>>>>>
>>>>> anyone please help me to configure centos as ipa client through manual
>>>>> configuration.
>>>>>
>>>>> Regards,
>>>>> Ben
>>>>>
>>>>>
>>>> Sorry for a delayed response.
>>>> What version of CentOS? What version of the server?
>>>> Why manually? On CentOS you can use ipa-client-install and it will do
>>>> the work
>>>> for you.
>>>> What did you do and what did not work?
>>> You can find some info here:
>>> http://www.freeipa.org/page/Troubleshooting#Client_Installation
>>>
>>> If I read correctly, you are trying to do manual configuration. This
>>> may be a
>>> tricky procedure and is not tested regularly. ipa-client-install is
>>> the way to
>>> go in most deployments as it helps you avoid the pitfalls you probably
>>> hit.
>>>
>>> Martin
>>>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

More information about the Freeipa-users mailing list