On Thu, Apr 14, 2016 at 2:28 PM, Stephen Berg (Contractor) < [email protected]> wrote:
> I'm looking for a command line method to get current status on a client > without having a ticket or authenticating to the IPA domain. > > Back in the NIS days from a client you could run "ypwhich" and be able to > know if that system were bound to the NIS and which server it had bound > to. So far I can't find a way to do a similar function in FreeIPA. > > I'd to do this from a cron job on each client once a day. > interesting. In a fast review in some domain joined hosts you could get the info in /var/lib/sss/pubconf/kdcinfo.YOUR.REALM, there you see the ip address of the kdc last contated by the host before renewing its secure channel, I guess. The file is world readable, so you should not need any special privileges to read it. Otherwise you would have to enable some logging in sssd (out of the box it does not log nearly anything) and parse the logs in /var/log/sssd/* HTH -- Groeten, natxo
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
