LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 01-15-2013, 07:02 AM   #1
turiyain
Member
 
Registered: Dec 2006
Location: Delhi, India
Distribution: Centos 5.8, 6.5 Linux Mint 13 & 16, OpenSuse 12
Posts: 111

Rep: Reputation: 16
FreeIPA Client Authentication


All Experts,

I have setup my FreeIPA Server in Fedora 17. It is working fine. I am able to authenticate Centos, Redhat Systems to FreeIPA. But Ubuntu and Windows Systems are not working as per the documentation at FreeIPA Web site. Is there any one in the forum who used it for Ubuntu and Windows Authentication or any specific web site to guide.

Kindly share your experience to solve the issue.

Thanks in advance,

VJ++
 
Old 01-15-2013, 09:50 PM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653
Did you follow the documentation? See sections 3.5 and 3.7 .. if you have any issues let us know.
 
Old 01-16-2013, 12:30 AM   #3
turiyain
Member
 
Registered: Dec 2006
Location: Delhi, India
Distribution: Centos 5.8, 6.5 Linux Mint 13 & 16, OpenSuse 12
Posts: 111

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by kbp View Post
Did you follow the documentation? See sections 3.5 and 3.7 .. if you have any issues let us know.
Thanks for your reply. As per the section 3.7, there is no files with /etc/pam.d/fingerprint-auth and /etc/pam.d/system-auth files in
Ubuntu 12.04. Is these files are with other names in my ubuntu desktop.
I am getting the following error, when adding the certificate:

certutil -A -d /etc/pki/nsssdb -n "IPA CA" -t CT,C,C -a -i /etc/pam/ca.crt
certutil: unable to open "/etc/pam/ca.crt" for reading (-5950, 2).
root@edubuntu:/etc/pam.d# certutil -A -d /etc/pki/nsssdb -n "IPA CA" -t CT,C,C -a -i /etc/pam.d/ca.crt
certutil: function failed: security library: bad database.


Kindly help.


VJ++

Last edited by turiyain; 01-16-2013 at 12:39 AM.
 
Old 01-16-2013, 02:25 AM   #4
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653
/etc/pam is probably not the ideal location to keep the ca.crt in but anyway, could you please run:

Code:
file /etc/pam/ca.crt
 
Old 01-16-2013, 04:35 AM   #5
turiyain
Member
 
Registered: Dec 2006
Location: Delhi, India
Distribution: Centos 5.8, 6.5 Linux Mint 13 & 16, OpenSuse 12
Posts: 111

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by kbp View Post
/etc/pam is probably not the ideal location to keep the ca.crt in but anyway, could you please run:

Code:
file /etc/pam/ca.crt

Thanks. I have added the certificate now. But how can i login with other than ubuntu system user. Becuase at login window there is no place for select or type out of the system user.

Will you explain that how you have done windows 7 authentication. Any docs or web link will helpful. Official documement Wiki is confusing and not giving any idea about windows 7 OS.


Your help is highly appreciated.


VJ++
 
Old 01-16-2013, 05:50 AM   #6
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653
What window manager are you using .. Gnome with GDM?

I haven't tried joining Windows 7 to IPA sorry .. only Win XP
 
Old 01-17-2013, 01:14 AM   #7
turiyain
Member
 
Registered: Dec 2006
Location: Delhi, India
Distribution: Centos 5.8, 6.5 Linux Mint 13 & 16, OpenSuse 12
Posts: 111

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by kbp View Post
What window manager are you using .. Gnome with GDM?

I haven't tried joining Windows 7 to IPA sorry .. only Win XP
Thanks for your reply. I am using Gnome with GDM. Please send me steps for windows XP. I will try to manupulate it
in windows 7.

Regards,

VJ++
 
Old 01-17-2013, 05:52 AM   #8
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653
Maybe try adding the following to /etc/pam.d/gdm:
Code:
auth sufficient pam_krb5.so
The process in section 3.7 of the docs should work fine on Win XP
 
Old 01-17-2013, 07:09 AM   #9
turiyain
Member
 
Registered: Dec 2006
Location: Delhi, India
Distribution: Centos 5.8, 6.5 Linux Mint 13 & 16, OpenSuse 12
Posts: 111

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by kbp View Post
Maybe try adding the following to /etc/pam.d/gdm:
Code:
auth sufficient pam_krb5.so
The process in section 3.7 of the docs should work fine on Win XP
/etc/pam.d/gdm file does not exist. Should i create it manually and then edit it.

Regards,
 
Old 01-17-2013, 07:51 PM   #10
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653
Sorry, I don't use Ubuntu so maybe someone else could comment on whether adding /etc/pam.d/gdm is valid ..?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Active Directory Replacement OpenLdap and/or freeipa? Lantzvillian Linux - Server 7 09-13-2012 06:20 AM
LDAP Client Authentication vijaykumar7474 Linux - Newbie 1 02-21-2012 06:49 AM
FreeIPA vs Windows AD stilgoe Linux - Newbie 1 09-20-2011 03:25 PM
freeIPA setup to ssh to client machines MikeyCarter Linux - Software 1 06-16-2011 08:01 AM
[SOLVED] FreeIPA - error while Installing jomy Linux - Server 3 02-03-2011 08:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration