FreeIPAv1:Client Configuration Guide
FreeIPA supports a range of clients, all of which can be configured to work with an IPA server. In freeIPA version 1.0, the client installation script is only available for a limited range of clients.
Purpose of this Guide
This guide provides instructions on how to configure all of the supported clients to connect to an IPA server. This includes:
- System login (for accounts that exist in the IPA server)
- NFS v4 with Kerberos (for mounting remote filesystems)
- SSH access (secure client system access with Kerberos)
- Using Firefox to access the IPA WebUI (for administrative operations)
This guide is aimed at IPA administrators and those who are responsible for the installation and day to day operation and maintenance of an IPA deployment.
Configuring IPA Clients
This guide covers the following topics:
- Configuring Red Hat Enterprise Linux Clients
- Configuring Fedora Clients
- Configuring Solaris Clients
- Configuring AIX Clients
- Configuring HP-UX Clients
- Configuring Mac OS X Clients
- Configuring Windows Clients
Configuring Your Browser
Firefox can use your Kerberos credentials for authentication, but you need to specify which domains you want to communicate with, and using which attributes.
1. Open Firefox, and type "about:config" in the Address Bar.
2. In the Search field, type "negotiate".
3. Ensure the following lines reflect your setup. Replace ".example.com" with your own IPA server's domain, including the preceding period (.):
network.negotiate-auth.trusted-uris .example.com network.negotiate-auth.delegation-uris .example.com network.negotiate-auth.using-native-gsslib true
For firefox on Windows , do these:
network.negotiate-auth.trusted-uris .example.com network.auth.use-sspi false network.negotiate-auth.gsslib: C:\Program Files\MIT\Kerberos\bin\gssapi32.dll
On Some installs this last value may need to be
network.negotiate-auth.gsslib: C:\Program Files(x86)\MIT\Kerberos\bin\gssapi32.dll