Hi Nasir, Here are my notes (in Trac wiki markup format no less) for manually setting up Ubuntu clients to use our FreeIPA 1.2 server. I haven't tested the 2.0 branch yet, but I suspect it's primarily the same.
HTH. -ben -- | Ben Eisenbraun | SBGrid Consortium | http://sbgrid.org | | Harvard Medical School | http://hms.harvard.edu | == Accounts/Authentication == Install required packages: {{{ apt-get install ldap-utils krb5-user libpam-ldap libnss-ldap nss-updatedb libnss-db autofs nfs-common autofs-ldap }}} This should spawn a dpkg-configure instance for Kerberos, give the proper information. Edit /etc/nsswitch.conf to include: {{{ passwd: files ldap group: files ldap automount: files ldap }}} Edit /etc/ldap.conf to include: {{{ uri ldap://your.server.name base dc=EXAMPLE,dc=COM bind_policy soft pam_lookup_policy yes pam_password md5 nss_initgroups_ignoreusers root,ldap nss_schema rfc2307bis nss_map_attribute uniqueMember member ssl no ldap_version 3 pam_filter objectClass=posixAccount }}} To enable pam-ldap, run: {{{ pam-auth-update }}} To enable autofs-managed home directories, edit /etc/ldap/ldap.conf to read: {{{ BASE dc=EXAMPLE,dc=COM URI ldap://your.server.name }}} For kerberos config, edit /etc/krb5.conf to include {{{ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DEV-NETWORK.IN.HWLAB dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] DEV-NETWORK.IN.HWLAB = { kdc = your.server.name admin_server = your.server.name } [domain_realm] dev-network.in.hwlab = EXAMPLE.COM .dev-network.in.hwlab = EXAMPLE.COM }}} _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
