[Freeipa-users] new freeipa user
Natxo Asenjo
natxo.asenjo at gmail.com
Wed Feb 25 22:37:11 UTC 2009
hi,
After reading a lot of good things about this project I have decided
to give it a try. I have set up a virtual environment (all fedora
based, it works great with virtual manager). I have two fedora10
virtual machines, on the first one I followed the instructions on
http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_(Windows/Linux)_-_Step_by_step
:
# yum install ipa-*
# yum install bind
(no chroot for bind, but it works fine) ; so I have succesfully
installed freeipa 1.2.1 and I am iimpressed. Very good documentation,
it works as advertised.
On the other vm I run
# yum install ipa-client
and then run ipa-client-install and everything worked! Adding users
thru the web interface is a breeze. Great stuff.
I have so far only run into a problem and that is the auto creation of
home dirs on the firs login. I used the authenthication configuration
gui from fedora10 on the ipaclient and checked the option to
auto-create homedirs but that doesn't work. There is a selinux error:
Feb 25 23:28:47 ipaclient01 setroubleshoot: SELinux is preventing sshd
(sshd_t) "write" to ./home (home_root_t). For complete SELinux
messages. run sealert -l 2f194ec1-0764-48b0-b66c-d84734105283
apparently the pam_mkhomedir.so is not allowed to work with selinux.
Any workarounds?
If I login as root and su - to a kerberos user in the ipaclient vm,
then it creates the homedir, obviously. I want to use nfs homedirs
anyway, so it is not a huge issue. Speaking of which: for nfs homedirs
in ldap: do I have to wait for the next release of freeipa? Is it easy
to install from sources? I am no coder, but if I can help you testing
stuff I will be happy to do it.
--
Groeten,
J.Asenjo
More information about the Freeipa-users
mailing list