thank you,
It is work by using ldap+krb5 (nisclient:centos4.8).By the way, Is it
possible to enroll nisclient ? And how to do this?And how to carry out HBAC
RULES for nisclient?I try to use WebUI,but i am not succeed,look
like this:
Enrollment
Kerberos Key:
Kerberos Key Not Present
One-Time-Password:
One-Time-Password Not Present
--
Host Certificate
Status:
*No Valid Certificate*
regards,
zhongq
2014-11-19 6:17 GMT+08:00 Dmitri Pal :
> On 11/18/2014 02:13 AM, Zhong Qiang wrote:
>
> hi,
> I have some hosts installed centos4.8/6.5/5.9,and want to centralize
> identity/policy/authorization.but ipa client isn't compatible with
> centos4.8,so I try to configure FreeIPA integrated with NIS Domains.
> IPAserver:centos7 (+DNS)
> nisclient:centos4.8
>ipaclient:centos6.6
>
> I followed the instructions of this page:
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/nis.html,to
> add netgroup(nis_test) and users(zhongq).then configured nis client
> installed centos4.8.on the nis client, I could get users data ,look like
> that:
>
> [root@nisclient ~]# getent passwd zhongq
> zhongq:*:72481:72481:强 é:/home/zhongq:/bin/sh
>
>
> However,I do not succeed to log into nisclient with zhongq account.
> Any ideas?
>
> Regards,
> zhongq
>
>
> You need to use some other method for authentication. NIS only supported
> for identity not for authentication. Use pam_ldap or pam_krb5 for
> authentication part.
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
