Back to the main page

Configure FreeIPA v4.4 client

FreeIPA client

Install ipa-client rpms and configure client with:

# /usr/sbin/ipa-client-install --domain=dom.com --realm=DOM.COM --ntp-server=10.x.x.x

Automount

Configure automount :

# ipa-client-automount --location=<automount_location>

Inspect the file /etc/nsswitch.conf since it's very possible that "automount:" is missing sss. If this is true, add it.

automount: files sss

And restart autofs service.

Review SUDO and HBAC [host base access control] policy.

Re-enroll the client

This is the use case:

1] backup /etc/krb5.keytab to another host 2] re-image the host, with same hostname and ipa-client RPM installed 3] restore krb5.keytab to /root/ 4] run: ipa-client-install --domain=dom.com --realm=DOM.COM --ntp-server=10.x.x.x --keytab /root/krb5.keytab --unattended



Back to the main page