Configure AIX 6.x and 7.x clients on IPA
Note: This is not tested by Red Hat and is not supported by Red Hat.
Install AIX packages with installp:
- GSKit8.gskcrypt32.ppc.rte
- GSKit8.gskcrypt64.ppc.rte
- GSKit8.gskssl32.ppc.rte
- GSKit8.gskssl64.ppc.rte
- krb5.lic
- krb5.client
- krb5.doc.en_US
- krb5.toolkit
- krb5.server
Accept IDS License:
{{ packages_path }}/license/idsLicense -q
Install IDS packages with installp:
- idsldap.license64,
- idsldap.cltbase64
- idsldap.clt32bit64
- idsldap.clt64bit64
- idsldap.cltjava64
- idsldap.clt_max_crypto32bit64
- idsldap.clt_max_crypto64bit64
Install RPMS from IBM Toolkit:
- openssl-1.0.2s-1.aix5.1.ppc.rpm
- openldap-2.4.44-0.1.aix5.1.ppc.rpm
- sudo-1.8.21p2-1.aix5.1.ppc.rpm
Configure AIX client:
/usr/bin/gsk8capicmd -keydb -create -db /etc/security/ldap/ldap.kdb /usr/bin/gsk8capicmd -cert -add -db /etc/security/ldap/ldap.kdb -file /etc/ipa/ca.crt -label ipa_server_cert /usr/bin/gsk8capicmd -keydb -changepw -new_pw 3edc#EDC3edc#EDC -db /etc/security/ldap/ldap.kdb /usr/sbin/mksecldap -c -h {{ipaserver}} -a "uid=admin,cn=users,cn=accounts,dc=server,dc=cr" -p {{ipaadminpassword}} -d "dc=server,dc=cr" -k "/etc/security/ldap/ldap.kdb" -w "3edc#EDC3edc#EDC" /usr/sbin/mkkrb5clnt -c linux81ipa.server.cr -r SERVER.CR -s linux81ipa.server.cr -d server.cr -i LDAP -D /usr/bin/chsec -f /etc/security/login.cfg -s usw -a mkhomeatlogin=true /usr/bin/chown root:sys /etc/krb5/krb5.keytab /usr/bin/chmod 700 /etc/krb5/krb5.keytab /usr/bin/chsec -f /etc/security/user -s default -a SYSTEM="KRB5LDAP OR compat" /usr/bin/chauthent -k5 -std
Check the configuration of /etc/krb5/krb5.conf:
[libdefaults] default_realm = SERVER.CR default_keytab_name = FILE:/etc/krb5/krb5.keytab dns_lookup_realm = true dns_lookup_kdc = true [realms] SERVER.CR = { kdc = linux81ipa.server.cr:88 master_kdc = linux81ipa.server.cr:88 admin_server = linux81ipa.server.cr:749 default_domain = server.cr pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .server.cr = SERVER.CR server.cr = SERVER.CR linux81ipa.server.cr = SERVER.CR [logging] kdc = FILE:/var/krb5/log/krb5kdc.log admin_server = FILE:/var/krb5/log/kadmin.log kadmin_local = FILE:/var/krb5/log/kadmin_local.log default = SYSLOG:info:local1'
Check the configuration of /etc/ldap.conf:
URI ldap://linux81ipa.server.cr tls_cacert /etc/ipa/ca.crt BIND_TIMELIMIT 5 TIMELIMIT 15 binddn uid=admin,cn=users,cn=accounts,dc=server,dc=cr bindpw {{ipaadminpassword}} sudoers_base ou=sudoers,dc=server,dc=cr
Restart ldap service:
/usr/sbin/restart-secldapclntd
Sudo configuration edit /etc/netsvc.conf and add:
hosts = bind4,local sudoers = files, ldap
Responses