HOWTO Configure an IPA Client
From Consultancy.EdVoncken.NET
Any client system that needs to use the IPA server infrastructure, must be properly configured.
- authconfig or system-config-authentication
- ipa-client-install
Contents |
authconfig
authconfig --enablelocauthorize --enableldap --enablekrb5 --updateall
The "--enablelocauthorize" option ensures that locally created user accounts (for example, local administrator accounts) can log on without consulting LDAP or Kerberos.
The configuration created by authconfig seems incomplete; for example, the /etc/openldap/ldap.conf file is not configured correctly. For example, "getent passwd" fails because the LDAP server was not defined correctly.
ipa-client
Obtain RPM packages
The second option requires the installation of the ipa-client package. According to this article: Red Hat Enterprise IPA on CentOS 5.2, packages are available from www.math.ias.edu.
Add this repository to Yum by creating a file /etc/yum.repos.d/CentOS-IPA:
[baseipa] name=CentOS-5-IPA baseurl=http://www.math.ias.edu/PU_IAS/RHEIPA/5/x86_64/
Import the RPM signing key for this repository, then install the ipa-client and ipa-admintools packages:
# rpm --import http://www.math.ias.edu/PU_IAS/5/en/os/x86_64/RPM-GPG-KEY # yum install ipa-client ipa-admintools
Run the installer
Run the IPA Client installation program:
# ipa-client-install Discovery was successful! Realm: EXAMPLE.LOCAL DNS Domain: example.local IPA Server: zeus.example.local BaseDN: dc=example,dc=local Continue to configure the system with these values? [no]: yes Created /etc/ipa/ipa.conf Configured /etc/ldap.conf Configured /etc/krb5.conf for IPA realm EXAMPLE.LOCAL LDAP enabled nss_ldap is not able to use DNS discovery! Changing configuration to use hardcoded server name: zeus.example.local Kerberos 5 enabled NTP enabled Client configuration complete.
Test the IPA Client configuration
The following command should display both local users and IPA users:
# getent passwd