[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa



On 04/28/2015 02:12 PM, Roderick Johnstone wrote:
On 23/04/15 14:14, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 23/04/15 04:25, Rob Crittenden wrote:
Roderick Johnstone wrote:
On 22/04/15 14:30, Dmitri Pal wrote:
On 04/21/2015 01:13 PM, Roderick Johnstone wrote:
Hi

I also need to integrate Solaris 10 clients with freeipa servers.

I've been round many resources, eg freeipa wiki, Fedora and Red Hat
manuals, various bug trackers and the freeipa-users mailing list.

It looks to me as if this:
https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html


might be the best guide available, although I'm not sure what changes
I might need to make because I'm actually on Solaris 10 rather than
11.

Can anyone advise please?

There is a comment in the above post:
"Make sure that the automount maps in ipaserver is named auto_* and
NOT auto.* so they are compatible with Solaris name standards."

My automount maps are already called eg auto.master, auto.home on my
ipa server and I'm sure I've seen a post somewhere suggesting an
attributeMap can fix this issue, but I can't find it now, so maybe I
am mistaken.

Am I on the right track? Is anyone familiar with that fix.

Thanks

Roderick Johnstone

We are not strong in Solaris so you really need to search user archives
or wait for someone who accomplished Solaris integration to chime in
here on the list.


Dmitri

I had gathered that from previous postings to the list and was indeed
hoping that one of the Solaris experts might comment.

By the way, there are various suggestions on the list of putting the
best Solaris instructions on the wiki. Is that still a possibility? I'd be happy to help, but I'm not experienced with connecting Solaris to ipa
yet!

Roderick


A few weeks back I added what I thought were the most relevant threads
and pointers. The mailing list thread you refer to was converted into
some documentation bugs and tickets. I referenced those at
http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources

If there is anything I can improve here just let me know.

Rob

This page has expanded since I was searching a few weeks ago. Thanks for
that. I understand that the project has no direct Solaris expertise.

There are some things that could be made easier to follow and others
that seem inconsistent with the mailing list thread that I found. Maybe
some are just different ways of doing the same thing.

I started to point some some differences in this email, but its probably best if I go through the mailing list link that I found and the web page
you referenced, systematically, and list what the differences are. I'll
be in touch when I have done that.

In the meantime I noticed a few of small html link issues on the web
page you referenced...

1) Under the section Solaris 8/9/10 / Configuring Client Authentication
the link to the reference files in /var/ldap
(http://www.freeipa.com/page/ConfiguringUnixClients#Client_Configuration_Files),
for me,  resolves to the top level "Open Source Community page"
http://community.redhat.com/software/. I do however see the files
correctly linked from the section "Client Configuration Files" at bottom
of the page.

Fixed.


2) There is the same issue for the links to the nsswitch.conf and
pam.conf files linked in items 2 and 4 below the above - sorry, its hard
to describe well where these links are.

Fixed, and fixed a couple of similar issues in other OS's.

And it would be good if the patch ("Patch to update Solaris
documentation") that is referred to in Solaris 8/9/10 / Additional
resources could be applied to the original document and the patched
document made available, or at least the information in it.

Unfortunately the upstream doc project that this is patched against was
discontinued. The patch is mostly interesting for the two tickets it
links to.

rob


Rob

Sorry to be slow getting back on this.

Thanks for fixing those links in the existing web page.

It seems that the existing page and the mailing list thread that I found are doing slightly different things in rather different ways. The mailing list thread is more focused on using the DUAprofile and tls encrypted connections to the ldap server as well as filling in some more details of other parts of the Solaris configuration that are necessary for other features.

I think it would be good to have the prescription from the mailing list also in the wiki to help others that come along. I'll not be in a position to try to join a Solaris host to my ipa server until next week at the earliest, but it is a priority for me, so when other things stop getting in the way I'll definitely be doing this.

I'll document what I do following the prescription in the mailing list, for myself, and maybe this can all be made this into a new wiki page. I would be happy to lead on writing the page (and giving references where appropriate) if I had access, but realise that I might not be able to get that access.

We can arrange that and give you permissions. Thank you for your desire to document this. It is really appreciated.
Please send me an email off list to set things up when you are ready.


Thanks

Roderick




--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]