Difference between revisions of "Talk:HOWTO: Attach a system to auth.sshchicago.org"
Jump to navigation
Jump to search
(My notes about doing a manual test install on Debian.) |
|||
Line 141: | Line 141: | ||
This almost works, but with the following caveats applied: | This almost works, but with the following caveats applied: | ||
− | * For some reason, auto-password-changes via GDM don't work (possibly related to the next issue): | + | * For some reason, auto-password-changes via GDM don't work (<strike>possibly related to the next issue</strike> Nope; breaks even with manual creation): |
* Auto-creation of home directories does not work | * Auto-creation of home directories does not work |
Latest revision as of 15:59, 30 March 2014
Raspbian Notes
Manual setup notes are at https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/linux-manual.html
For systems that you can't get the freeipa-client (in particular, raspbian) you can manually set things up. Here's my history transcript from an attempt:
17 apt-cache search sssd 18 apt-get install sssd ssd-tools 19 apt-get install sssd sssd-tools 20 hostname -fqdn 21 hostname --fqdn 22 /sbin/ifconfig 23 /sbin/ifconfig 24 cd /etc/ 25 ls 26 cp /home/user/debian6fipatest.chrisswingler.com.keytab krb5.keytab 27 chown root:root /etc/krb5.keytab 28 chmod 0600 /etc/krb5.keytab 29 chcon 30 chcon system_u:object_r:krb5_keytab_t:s0 /etc/krb5.keytab 31 vi /etc/sssd/ssd.conf 32 vim /etc/sssd/ssd.conf 33 apt-cache search vim 34 apt-cache install vim 35 apt-get install vim 36 vim /etc/sssd/ssd.conf 37 vim /etc/nsswitch.conf 38 vim /etc/krb5.conf 39 cd /etc/pam.d/ 40 ls 41 apt-cache search system | grep pam 42 ls 43 vim passwd 44 locate sss 45 apt-cache search sss 46 apt-get install libpam-sss 47 ls 48 less passwd 49 vim common-password 50 grep auth * 51 vim common-auth 52 pam-auth-update 53 pam-auth-update 54 wget -O /etc/ipa/ca.cert http://dir.chrisswingler.com/ipa/config/ca.crt 55 mkdir -p /etc/ipa 56 wget -O /etc/ipa/ca.cert http://dir.chrisswingler.com/ipa/config/ca.crt 57 certutil -A -d /etc/pki/nssdb -n "IPA CA" -t CT,C,C -a -i /etc/ipa/ca.crt 58 apt-cache search certutil 59 apt-get install libnss3-tools 60 certutil -A -d /etc/pki/nssdb -n "IPA CA" -t CT,C,C -a -i /etc/ipa/ca.crt 61 cat /etc/ipa/ca.cert 62 mv /etc/ipa/ca.cert /etc/ipa/ca.crt 63 certutil -A -d /etc/pki/nssdb -n "IPA CA" -t CT,C,C -a -i /etc/ipa/ca.crt 64 certutil -A -d /etc/pki/nssdb -n "IPA CA" -t CT,C,C -a -i /etc/ipa/ca.crt 65 apt-cache search ca-certificates 66 apt-cache install ca-certificates 67 apt-get install ca-certificates 68 cd /etc/ca-certificates/ 69 ls 70 updatedb 71 locate nssdb 72 apt-cache search nss 73 apt-cache search nssd 74 apt-cache install certmonger 75 apt-get install certmonger 76 updatedb 77 locate nssdb 78 certutil -A -d /etc/pki/nssdb -n "IPA CA" -t CT,C,C -a -i /etc/ipa/ca.crt 79 cd /etc/ 80 ls 81 vim certmonger/certmonger.conf 82 cd /etc/default/ 83 ls 84 cat cacerts 85 cd /etc/ss 86 cd /etc/ssl/ 87 ls 88 cd certs/ 89 ls 90 history | grep wget 91 wget -O /etc/ssl/certs/dir.chrisswingler.com.crt http://dir.chrisswingler.com/ipa/config/ca.crt 92 ls 93 file * 94 /etc/init.d/certmonger status 95 /etc/init.d/certmonger restart 96 ipa-getcert request -d /etc/pki/nssdb -n Server-Cert -K HOST/$(hostname --fqdn) -N 'CN=debian6fipatest.chrisswingler.com,O=CHRISSWINGLER.COM' 97 mkdir /etc/pki 98 ipa-getcert request -d /etc/pki/nssdb -n Server-Cert -K HOST/$(hostname --fqdn) -N 'CN=debian6fipatest.chrisswingler.com,O=CHRISSWINGLER.COM' 99 apt-get install libnss-ldapd libnss-ldap 100 history | grep certutil 101 mkdir -p /etc/pki 102 crtutil -N -d sql:/etc/pki/nssdb 103 certutil -N -d sql:/etc/pki/nssdb 104 man certutil 105 certutil --help 106 certutil --help | less 107 certutil --help | less 108 certutil --help | less 109 certutil --help 2>&1 | less 110 certutil -N -d /etc/pki/ 111 certutil -A -d /etc/pki/nssdb -n "IPA CA" -t CT,C,C -a -i /etc/ipa/ca.crt 112 certutil -N -d sql:/etc/pki/nssdb 113 certutil -N -d /etc/pki/nssdb 114 certutil -N -d /etc/pki/nssdb 115 file /etc/pki/nssdb 116 certutil -d/etc/pki/nssdb -N 117 mkdir -p /etc/pki/nssdb 118 certutil -N -d sql:/etc/pki/nssdb 119 rm /etc/pki/* 120 certutil -A -d /etc/pki/nssdb -n "IPA CA" -t CT,C,C -a -i /etc/ipa/ca.crt 121 history | grep getcert 122 ipa-getcert request -d /etc/pki/nssdb -n Server-Cert -K HOST/$(hostname --fqdn) -N 'CN=debian6fipatest.chrisswingler.com,O=CHRISSWINGLER.COM' 123 getent plug1 124 getent passwd 125 getent 126 id plug2 127 cd /etc/pam.d/ 128 ls 129 grep sss & 130 grep sss *& 131 tail /var/log/messages 132 grep cswingler /var/log/messages 133 cd /var/log/ 134 ls 135 grep cswingler * 136 cd sssd/ 137 ls 138 ls -l 139 cd .. 140 ls 141 /etc/init.d/sssd status 142 /etc/init.d/sssd start 143 tail /var/log/messages 144 tail /var/log/daemon.log 145 cd /etc/sssd/ 146 mv ssd.conf sssd.conf 147 stat sssd.conf 148 chmod 600 sssd.conf 149 /etc/init.d/sssd start 150 /etc/init.d/sssd status
This almost works, but with the following caveats applied:
- For some reason, auto-password-changes via GDM don't work (
possibly related to the next issueNope; breaks even with manual creation): - Auto-creation of home directories does not work