Foreman/Katello & FreeIPA Integration working partially.
Specifically, I can login in the UI by using username and password for IPA users. But, the kerberos authentication and group mapping are not working. I get this kerberos error (obviously having a kerberos ticket via kinit already in place):
**Kerberos Authentication did not pass**
The most important issue is the fact that the group mapping is not working and thus, all authenticated users basically see an empty, useless Katello interface (only the Bookmarks and and empty Task list).
Can someone help me to configure it?
Kerberos Authentication should work and group mapping should work.
Foreman and Proxy versions: 1.17.4
Foreman and Proxy plugin versions:
Other relevant data:
I have a Katello server which is already a FreeIPA client.
I want to manage Katello with FreeIPA groups and HBAC rules. Since the server is already a freeipa client, I did the following:
foreman-installer --foreman-ipa-authentication=true katello-service restart
Both commands were successful.
Then, I created the relevant group:
hammer user-group create --name KatelloGroup hammer user-group external create katello-adms --user-group KatelloGroup --auth-source-id 3 hammer user-group update --name KatelloGroup --admin true hammer user-group update --name KatelloGroup --roles Manager
I verified in the database the the external source is the id 3.
On the FreeIPA Server I have configured a new user group and a relevant HBAC as:
ipa group-show katello-adms Group name: katello-adms Description: Ketello Administrators GID: 690200065 Member users: ptselios Member of HBAC rule: Katello-Server
The HBAC rule is:
ipa hbacsvc-show katello Service name: katello Description: Katello Services ipa hbacrule-show Katello-Server Rule name: Katello-Server Description: HBAC rule that controls access the the Katello server Enabled: TRUE User Groups: katello-adms Hosts: katello-server.example.com Services: katello