subject:"\[Freeipa\-users\] Integrating with NIS Domains and Netgroups"

Re: [Freeipa-users] Integrating with NIS Domains and Netgroups

2014-11-19 Thread Dmitri Pal

On 11/19/2014 05:25 AM, Zhong Qiang wrote:

thank you,
It is work by using ldap+krb5 (nisclient:centos4.8).By the way, Is it
possible to enroll nisclient ? And how to do this?And how to carry out
HBAC RULES for nisclient?I try to use WebUI,but i am not succeed,look

Only SSSD understands IPA HBAC.
We have CentOS 7 nowadays and 7.1 is on the way so 4.8 is very old and
your options will be very limited.

like this:

Enrollment

Kerberos Key:
Kerberos Key Not Present
One-Time-Password:
One-Time-Password Not Present

Host Certificate

Status:
*No Valid Certificate*

regards,
zhongq

2014-11-19 6:17 GMT+08:00 Dmitri Pal >:

On 11/18/2014 02:13 AM, Zhong Qiang wrote:

hi,
I have some hosts installed centos4.8/6.5/5.9,and want to
centralize identity/policy/authorization.but ipa client isn't
compatible with centos4.8,so I try to configure FreeIPA
integrated with NIS Domains.
IPAserver:centos7 (+DNS)
nisclient:centos4.8
ipaclient:centos6.6

I followed the instructions of this page:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/nis.html,to
add netgroup(nis_test) and users(zhongq).then configured nis
client installed centos4.8.on the nis client, I could get users
data ,look like that:

[root@nisclient ~]# getent passwd zhongq
zhongq:*:72481:72481:å¼º é:/home/zhongq:/bin/sh

However,I do not succeed to log into nisclient with zhongq account.
Any ideas?

Regards,
zhongq

You need to use some other method for authentication. NIS only
supported for identity not for authentication. Use pam_ldap or
pam_krb5 for authentication part.

--
Thank you,

Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Integrating with NIS Domains and Netgroups

2014-11-19 Thread Zhong Qiang

thank you,
It is work by using ldap+krb5 (nisclient:centos4.8).By the way, Is it
possible to enroll nisclient ? And how to do this?And how to carry out HBAC
RULES for nisclient?I try to use WebUI,but i am not succeed,look
like this:

Enrollment

Kerberos Key:
Kerberos Key Not Present
One-Time-Password:
One-Time-Password Not Present
--
Host Certificate

Status:
*No Valid Certificate*

regards,
zhongq

2014-11-19 6:17 GMT+08:00 Dmitri Pal :

>  On 11/18/2014 02:13 AM, Zhong Qiang wrote:
>
>   hi,
>  I have some hosts installed centos4.8/6.5/5.9,and want to centralize
> identity/policy/authorization.but ipa client isn't compatible with
> centos4.8,so I try to configure FreeIPA integrated with NIS Domains.
>   IPAserver:centos7 (+DNS)
>   nisclient:centos4.8
>ipaclient:centos6.6
>
>   I followed the instructions of this page:
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/nis.html,to
> add netgroup(nis_test) and users(zhongq).then configured nis client
> installed centos4.8.on the nis client, I could get  users data ,look like
> that:
>
> [root@nisclient ~]# getent passwd zhongq
> zhongq:*:72481:72481:å¼º é:/home/zhongq:/bin/sh
>
>
>  However,I do not succeed to log into nisclient with zhongq account.
>  Any ideas?
>
>  Regards,
>  zhongq
>
>
>  You need to use some other method for authentication. NIS only supported
> for identity not for authentication. Use pam_ldap or pam_krb5 for
> authentication part.
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Integrating with NIS Domains and Netgroups

2014-11-18 Thread Dmitri Pal


On 11/18/2014 02:13 AM, Zhong Qiang wrote:

hi,
I have some hosts installed centos4.8/6.5/5.9,and want to 
centralize identity/policy/authorization.but ipa client isn't 
compatible with centos4.8,so I try to configure FreeIPA integrated 
with NIS Domains.

 IPAserver:centos7 (+DNS)
 nisclient:centos4.8
  ipaclient:centos6.6

 I followed the instructions of this page: 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/nis.html,to 
add netgroup(nis_test) and users(zhongq).then configured nis client 
installed centos4.8.on the nis client, I could get users data ,look 
like that:


[root@nisclient ~]# getent passwd zhongq
zhongq:*:72481:72481:å¼º é:/home/zhongq:/bin/sh


However,I do not succeed to log into nisclient with zhongq account.
Any ideas?

Regards,
zhongq


You need to use some other method for authentication. NIS only supported 
for identity not for authentication. Use pam_ldap or pam_krb5 for 
authentication part.


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

[Freeipa-users] Integrating with NIS Domains and Netgroups

2014-11-17 Thread Zhong Qiang

hi,
I have some hosts installed centos4.8/6.5/5.9,and want to centralize
identity/policy/authorization.but ipa client isn't compatible with
centos4.8,so I try to configure FreeIPA integrated with NIS Domains.
 IPAserver:centos7 (+DNS)
 nisclient:centos4.8
  ipaclient:centos6.6

 I followed the instructions of this page:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/nis.html,to
add netgroup(nis_test) and users(zhongq).then configured nis client
installed centos4.8.on the nis client, I could get  users data ,look like
that:

[root@nisclient ~]# getent passwd zhongq
zhongq:*:72481:72481:å¼º é:/home/zhongq:/bin/sh


However,I do not succeed to log into nisclient with zhongq account.
Any ideas?

Regards,
zhongq
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Integrating with NIS Domains and Netgroups

Re: [Freeipa-users] Integrating with NIS Domains and Netgroups

Re: [Freeipa-users] Integrating with NIS Domains and Netgroups

[Freeipa-users] Integrating with NIS Domains and Netgroups

4 matches

Site Navigation

Mail list logo

Footer information