FreeIPA Client Install on Centos 7

on Feb. 12, 2015, 3:47 p.m.

First thing to check is that you have your first DNS server pointer to your IPA server

Next, make sure you have your fqdn in your host file
vi /etc/hosts localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 client

Set home directories to be auto created
yum -y install ipa-client oddjob-mkhomedir
echo "session required skel=/etc/skel/ umask=0022" >> /etc/pam.d/system-auth
authconfig --enablemkhomedir --update

Tell the nsswitch to look at ldap for sudoers
echo sudoers: files ldap >> /etc/nsswitch.conf

If ubuntu add sudo to /etc/sssd/sssd.conf
services = nss, pam, ssh, sudo

Add the bind account info

cat << EOF > /etc/sudo-ldap.conf
binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
ssl start_tls
tls_cacertfile /etc/ipa/ca.crt
tls_checkpeer yes
uri ldap://
sudoers_base ou=SUDOers,dc=example,dc=com

Set the nis lookup domain

cat << EOF >> /etc/rc.d/rc.local

Run the install for the client. It should have all the settings predefined for you if you have DNS and hostname setup.

Enable necessary services to start on boot
systemctl enable oddjobd
systemctl enable sssd