Share this post
FaceBook  Twitter  

This article explains how to configure a Fedora 15 client against a FreeIPA 1.2.x server using SSSD.

You do not need to install the freeipa packages - they will only work with a FreeIPA 2.x server - you need to configure the system using basic Kerberos/LDAP authentication/authorization.

DO NOT use the authconfig-tui tool - it is not compatible with FreeIPA or SSSD.

The following command should perform most (all?) of the required configuration:

´╗┐authconfig --update \
--enablesssd --enablesssdauth \
--enableldap --enablerfc2307bis \
--ldapserver=ldap://freeipa.example.com \
--ldapbasedn=dc=example,dc=com \
--enablekrb5 \
--krb5kdc=freeipa.example.com \
--krb5adminserver=freeipa.example.com \
--krb5realm=EXAMPLE.COM

Ensure that SSSD is running using:

systemctl status sssd.service

If not, start it using:

systemctl enable sssd.service && systemctl start sssd.service && 

You can test the system by performing user lookups:

id $USERNAME