[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa



Roderick Johnstone wrote:
> On 28/04/2015 19:23, Dmitri Pal wrote:
>> On 04/28/2015 02:12 PM, Roderick Johnstone wrote:
>>> On 23/04/15 14:14, Rob Crittenden wrote:
>>>> Roderick Johnstone wrote:
>>>>> On 23/04/15 04:25, Rob Crittenden wrote:
>>>>>> Roderick Johnstone wrote:
>>>>>>> On 22/04/15 14:30, Dmitri Pal wrote:
>>>>>>>> On 04/21/2015 01:13 PM, Roderick Johnstone wrote:
>>>>>>>>> Hi
>>>>>>>>>
>>>>>>>>> I also need to integrate Solaris 10 clients with freeipa servers.
>>>>>>>>>
>>>>>>>>> I've been round many resources, eg freeipa wiki, Fedora and Red
>>>>>>>>> Hat
>>>>>>>>> manuals, various bug trackers and the freeipa-users mailing list.
>>>>>>>>>
>>>>>>>>> It looks to me as if this:
>>>>>>>>> https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> might be the best guide available, although I'm not sure what
>>>>>>>>> changes
>>>>>>>>> I might need to make because I'm actually on Solaris 10 rather
>>>>>>>>> than
>>>>>>>>> 11.
>>>>>>>>>
>>>>>>>>> Can anyone advise please?
>>>>>>>>>
>>>>>>>>> There is a comment in the above post:
>>>>>>>>> "Make sure that the automount maps in ipaserver is named auto_*
>>>>>>>>> and
>>>>>>>>> NOT auto.* so they are compatible with Solaris name standards."
>>>>>>>>>
>>>>>>>>> My automount maps are already called eg auto.master, auto.home
>>>>>>>>> on my
>>>>>>>>> ipa server and I'm sure I've seen a post somewhere suggesting an
>>>>>>>>> attributeMap can fix this issue, but I can't find it now, so
>>>>>>>>> maybe I
>>>>>>>>> am mistaken.
>>>>>>>>>
>>>>>>>>> Am I on the right track? Is anyone familiar with that fix.
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>>>>>> Roderick Johnstone
>>>>>>>>>
>>>>>>>> We are not strong in Solaris so you really need to search user
>>>>>>>> archives
>>>>>>>> or wait for someone who accomplished Solaris integration to
>>>>>>>> chime in
>>>>>>>> here on the list.
>>>>>>>>
>>>>>>>
>>>>>>> Dmitri
>>>>>>>
>>>>>>> I had gathered that from previous postings to the list and was
>>>>>>> indeed
>>>>>>> hoping that one of the Solaris experts might comment.
>>>>>>>
>>>>>>> By the way, there are various suggestions on the list of putting the
>>>>>>> best Solaris instructions on the wiki. Is that still a
>>>>>>> possibility? I'd
>>>>>>> be happy to help, but I'm not experienced with connecting Solaris
>>>>>>> to ipa
>>>>>>> yet!
>>>>>>>
>>>>>>> Roderick
>>>>>>>
>>>>>>
>>>>>> A few weeks back I added what I thought were the most relevant
>>>>>> threads
>>>>>> and pointers. The mailing list thread you refer to was converted into
>>>>>> some documentation bugs and tickets. I referenced those at
>>>>>> http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources
>>>>>>
>>>>>>
>>>>>>
>>>>>> If there is anything I can improve here just let me know.
>>>>>
>>>>> Rob
>>>>>
>>>>> This page has expanded since I was searching a few weeks ago. Thanks
>>>>> for
>>>>> that. I understand that the project has no direct Solaris expertise.
>>>>>
>>>>> There are some things that could be made easier to follow and others
>>>>> that seem inconsistent with the mailing list thread that I found.
>>>>> Maybe
>>>>> some are just different ways of doing the same thing.
>>>>>
>>>>> I started to point some some differences in this email, but its
>>>>> probably
>>>>> best if I go through the mailing list link that I found and the web
>>>>> page
>>>>> you referenced, systematically, and list what the differences are.
>>>>> I'll
>>>>> be in touch when I have done that.
>>>>>
>>>>> In the meantime I noticed a few of small html link issues on the web
>>>>> page you referenced...
>>>>>
>>>>> 1) Under the section Solaris 8/9/10 / Configuring Client
>>>>> Authentication
>>>>> the link to the reference files in /var/ldap
>>>>> (http://www.freeipa.com/page/ConfiguringUnixClients#Client_Configuration_Files),
>>>>>
>>>>>
>>>>> for me,  resolves to the top level "Open Source Community page"
>>>>> http://community.redhat.com/software/. I do however see the files
>>>>> correctly linked from the section "Client Configuration Files" at
>>>>> bottom
>>>>> of the page.
>>>>
>>>> Fixed.
>>>>
>>>>>
>>>>> 2) There is the same issue for the links to the nsswitch.conf and
>>>>> pam.conf files linked in items 2 and 4 below the above - sorry, its
>>>>> hard
>>>>> to describe well where these links are.
>>>>
>>>> Fixed, and fixed a couple of similar issues in other OS's.
>>>>
>>>>> And it would be good if the patch ("Patch to update Solaris
>>>>> documentation") that is referred to in Solaris 8/9/10 / Additional
>>>>> resources could be applied to the original document and the patched
>>>>> document made available, or at least the information in it.
>>>>
>>>> Unfortunately the upstream doc project that this is patched against was
>>>> discontinued. The patch is mostly interesting for the two tickets it
>>>> links to.
>>>>
>>>> rob
>>>>
>>>
>>> Rob
>>>
>>> Sorry to be slow getting back on this.
>>>
>>> Thanks for fixing those links in the existing web page.
>>>
>>> It seems that the existing page and the mailing list thread that I
>>> found are doing slightly different things in rather different ways.
>>> The mailing list thread is more focused on using the DUAprofile and
>>> tls encrypted connections to the ldap server as well as filling in
>>> some more details of other parts of the Solaris configuration that are
>>> necessary for other features.
>>>
>>> I think it would be good to have the prescription from the mailing
>>> list also in the wiki to help others that come along. I'll not be in a
>>> position to try to join a Solaris host to my ipa server until next
>>> week at the earliest, but it is a priority for me, so when other
>>> things stop getting in the way I'll definitely be doing this.
>>>
>>> I'll document what I do following the prescription in the mailing
>>> list, for myself, and maybe this can all be made this into a new wiki
>>> page. I would be happy to lead on writing the page (and giving
>>> references where appropriate) if I had access, but realise that I
>>> might not be able to get that access.
>>
>> We can arrange that and give you permissions. Thank you for your desire
>> to document this. It is really appreciated.
> 
> Not at all. I can't contribute much on the tech side here, but if I can
> at least make it easier for someone later to follow I'm happy to do that.
> 
>> Please send me an email off list to set things up when you are ready.
> 
> Will do.

I think to edit the wiki all you need is a Fedora Account System (FAS)
account: https://admin.fedoraproject.org/accounts/

rob


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]