thank you, It is work by using ldap+krb5 (nisclient:centos4.8).By the way, Is it possible to enroll nisclient ? And how to do this?And how to carry out HBAC RULES for nisclient?I try to use WebUI,but i am not succeed,look like this:
Enrollment Kerberos Key: Kerberos Key Not Present One-Time-Password: One-Time-Password Not Present ------------------------------ Host Certificate Status: *No Valid Certificate* regards, zhongq 2014-11-19 6:17 GMT+08:00 Dmitri Pal <d...@redhat.com>: > On 11/18/2014 02:13 AM, Zhong Qiang wrote: > > hi, > I have some hosts installed centos4.8/6.5/5.9,and want to centralize > identity/policy/authorization.but ipa client isn't compatible with > centos4.8,so I try to configure FreeIPA integrated with NIS Domains. > IPAserver:centos7 (+DNS) > nisclient:centos4.8 > ipaclient:centos6.6 > > I followed the instructions of this page: > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/nis.html,to > add netgroup(nis_test) and users(zhongq).then configured nis client > installed centos4.8.on the nis client, I could get users data ,look like > that: > > [root@nisclient ~]# getent passwd zhongq > zhongq:*:724800001:724800001:强 é:/home/zhongq:/bin/sh > > > However,I do not succeed to log into nisclient with zhongq account. > Any ideas? > > Regards, > zhongq > > > You need to use some other method for authentication. NIS only supported > for identity not for authentication. Use pam_ldap or pam_krb5 for > authentication part. > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
