Client_Configuration_Guide#
__TOC__
Introduction#
FreeIPA supports a range of clients, all of which can be configured to work with an IPA server. In freeIPA version 1.0, the client installation script is only available for a limited range of clients.
Purpose of this Guide#
This guide provides instructions on how to configure all of the supported clients to connect to an IPA server. This includes:
System login (for accounts that exist in the IPA server)
NFS v4 with Kerberos (for mounting remote filesystems)
SSH access (secure client system access with Kerberos)
Using Firefox to access the IPA WebUI (for administrative operations)
Audience#
This guide is aimed at IPA administrators and those who are responsible for the installation and day to day operation and maintenance of an IPA deployment.
Configuring IPA Clients#
This guide covers the following topics:
Configuring Your Browser#
Firefox can use your Kerberos credentials for authentication, but you need to specify which domains you want to communicate with, and using which attributes.
Open Firefox, and type “about:config” in the Address Bar.
In the Search field, type “negotiate”.
3. Ensure the following lines reflect your setup. Replace “.example.com” with your own IPA server’s domain, including the preceding period (.):
network.negotiate-auth.trusted-uris .example.com
network.negotiate-auth.delegation-uris .example.com
network.negotiate-auth.using-native-gsslib true
For firefox on Windows , do these:
network.negotiate-auth.trusted-uris .example.com
network.auth.use-sspi false
network.negotiate-auth.gsslib: C:\Program Files\MIT\Kerberos\bin\gssapi32.dll
On Some installs this last value may need to be
network.negotiate-auth.gsslib: C:\Program Files(x86)\MIT\Kerberos\bin\gssapi32.dll