Integrating a Ubuntu 18.04 notebook into freeipa

Since an while I started using freeipa as my central authentication service. (Not yet fully transitioned).
To benefit not only from a centralized place to store and change credentials (Passwords, One-Time-Pads, Keys) but so Single-Sign-On the (mobile) desktop must be integrated too.

Install and configure freeipa

For the ipa-client I followed mostly this howto. With admin credentials execute sudo apt-get install freeipa-client
Make sure, your DNS reursor can resolv DNS-Entries inside your IPA-Domain and the hostname is a fully qualified domain name (fqdn).

After that, you should be able to install the freeipa-client by executing sudo ipa-client-install –mkhomedir – –domain and answer if you want to continue with yes.
Later there is a ipa-user needed, that is able to enrol new computer, that’s it.

Implement the small „mkhomedir-bugfix“:

Name: activate mkhomedir 
Default: yes Priority: 900
Session-Type: Additional
Session: required umask=0022 skel=/etc/skel

in the file /usr/share/pam-configs/mkhomedir and then execute pam-auth-update and enable mkhomedir.

Also make sure that the file /etc/nsswitch.conf contains the following lines:

passwd:         compat sss
group: compat sss

After a reboot, you should be able to login with any ipa-user that the ipa rules allow. If the username is an already existing local user, delete the local user and chown the data to the „new“ user before login in.

Dieser Beitrag wurde unter Allgemein abgelegt und mit , , verschlagwortet. Setze ein Lesezeichen auf den Permalink.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.