Skip to content

ganto/ansible-freeipa_client

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

This role installs SSSD and Certmonger and configures them to be used as clients for a FreeIPA server. It is meant to be used on systems which don't package the official ipa-client-script setup script (yet), such as Debian (wheezy/jessie).

This role is still in development. Use it at your own risk.

Documentation

  1. Add the following minimal configuration to your inventory:

     freeipa_client: True
     freeipa_servers: [ 'auth01.{{ ansible_domain }}' ]
     auth_cracklib: False
     auth_nsswitch: [ 'compat', 'sss' ]
     sshd_authorized_keys_lookup: True
     sshd_authorized_keys_lookup_type: [ 'sss' ]
    

In this case auth01 is the hostname of the FreeIPA server.

  1. Before applying the role, add the host(s) to your FreeIPA server and copy the Kerberos keytab to the corresponding servers.

On the server:

    ipa host-add --ip-address=<ip-address> <fqdn-hostname>
    ipa-getkeytab -s <ipa-server> -p host/<fqdn-hostname> -k /tmp/krb5.keytab

On the client:

   scp <ipa-server>:/tmp/krb5.keytab /etc/krb5.keytab

Authors and license

freeipa_client role was written by:

License: GPLv3


About

Debian FreeIPA (client) integration for DebOps/Ansible

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published