<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 05/09/2011 09:12 AM, Dmitri Pal wrote:
<blockquote cite="mid:4DC7E828.3010206@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
On 05/08/2011 07:39 PM, Adam Young wrote:
<blockquote cite="mid:4DC729A2.1010301@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
On 05/08/2011 06:20 AM, nasir nasir wrote:
<blockquote
cite="mid:895514.84135.qm@web161308.mail.bf1.yahoo.com"
type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top"><br>
Thanks indeed again for the reply. I went through the
deployment guide and installed and configured FreeIPA
2.0 on a RHEL 6.1 beta machine for testing. I also
configured the browsers on this server and a client
Kubuntu machine as per the guide. But I can't find any
doc which explain how to configure a client (kubuntu
in my case) for single sign on or even accessing a
service like nfs using the browser when native
ipa-client package is not available. All the docs are
focused on configuring client machines using
ipa-client package. Is this possible? if so could
anyone suggest me some guide lines or docs for the
same ?</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</blockquote>
<br>
Does the client have SSSD?<br>
If it does making ipa-client work is probably the best path.<br>
<br>
If the SSSD is not an option then you are in the realm of PAM_KRB5
for the SSO.<br>
Please see the FreeIPA 1.2.1 documentation. There is no exact
documentation ofr your case but the closest IMO would be the
instructions for the Solaris client.<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/chap-Client_Configuration_Guide-Configuring_Solaris_as_an_IPA_Client.html">http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/chap-Client_Configuration_Guide-Configuring_Solaris_as_an_IPA_Client.html</a><br>
<br>
Also see man pages for pam_krb5.<br>
Hope this helps.<br>
<br>
Thanks<br>
Dmitri<br>
</blockquote>
<br>
<br>
According to Stephen, Ubuntu has an older version of sssd
available. Even Debian sid only has 1.2.1<br>
<br>
<a class="moz-txt-link-freetext" href="http://packages.debian.org/unstable/main/sssd">http://packages.debian.org/unstable/main/sssd</a><br>
<blockquote cite="mid:4DC7E828.3010206@redhat.com" type="cite"> <br>
<br>
<blockquote cite="mid:4DC729A2.1010301@redhat.com" type="cite">
Did you try installing the ipa-client rpms with Alien?<br>
<br>
<blockquote
cite="mid:895514.84135.qm@web161308.mail.bf1.yahoo.com"
type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top">
<div><br>
</div>
<div>Thanks and Regards,</div>
<div>Nidal</div>
<div><br>
--- On <b>Mon, 5/2/11, Adam Young <i><a
moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:ayoung@redhat.com"><ayoung@redhat.com></a></i></b>
wrote:<br>
<blockquote style="border-left: 2px solid rgb(16,
16, 255); margin-left: 5px; padding-left: 5px;"><br>
From: Adam Young <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:ayoung@redhat.com"><ayoung@redhat.com></a><br>
Subject: Re: [Freeipa-users] FreeIPA for Linux
desktop deployment<br>
To: "nasir nasir" <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:kollathodi@yahoo.com"><kollathodi@yahoo.com></a><br>
Cc: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
Date: Monday, May 2, 2011, 8:03 AM<br>
<br>
<div id="yiv902619029"> On 05/01/2011 08:49 AM,
nasir nasir wrote:
<blockquote type="cite">
<table border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top">
<div> Thanks for all the replies and
great suggestions! I do appreciate
it a lot.</div>
<div><br
class="yiv902619029Apple-interchange-newline">
Apologies for being a bit confusing
about the cetralized /home foder in
my previous mail. What I want is
that all the users should have their
/home folder stored in the storage.
This entire partition (or LUN) can
be attached to my Authentication
server(i.e FreeIPA) by using iSCSI.
From the Authentication server, I am
NOT looking for iSCSI to get it
mounted to the individual users'
machine. I think NFS/automount would
do that(appreciate any suggestion on
this !) And whenever a new user is
created, /home should be allocated
out of this partition so that
whichever machine the user is using
to login later, she should be able
to access the same /home specific to
her regardless of the machine. I
hope it is clear to all :-)</div>
<div><br>
</div>
<div>Thanks and regards,</div>
<div>Nidal</div>
<div><br>
</div>
<blockquote style="border-left: 2px
solid rgb(16, 16, 255); margin-left:
5px; padding-left: 5px;">
<div class="yiv902619029plainMail">>
-- Centralized storage with
iSCSI for /home folder for each
user by means of a dedicated
storage<br>
IPA manages Automount, which is
possibly what you want. Are you
going to give each user their own
partition that follows them
around, or are you going to give
the a home directory on a a NAS
server? I Have to admit, the
iSCSI home mount sounds
interesting. You could probably
get automount to help you out
there, but at this point I think
that you would need a separate key
line for each user.<br>
<br>
Note that iSCSI won't help you if
you want to mount the same
partition on multiple clients.
For this, you either need a
distributed File System, or stick
to NFS.<br>
</div>
<div class="yiv902619029plainMail"><br>
</div>
</blockquote>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
<br>
Nidal,<br>
<br>
OK, I'd probably do something like this: After
install IPA, add one host as an IPA client with
the following switch: --mkhomedir,, something
like ipa-client-install --mkhomedir -p admin.
Then, mount the directory that you are going to
use a /home on that machine. Once you create
users in IPA, the first time you log in as that
user, do so from that client, and it will
attempt to create the home directory for you.
This should be the only machine that has
permissions to create directories under /home.
Now, create an automount location and map, and
create a key for /home<br>
<br>
The instructions from our test day should get
you started:<br>
<br>
<a moz-do-not-send="true" rel="nofollow"
class="yiv902619029moz-txt-link-freetext"
target="_blank"
href="https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount">https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount</a><br>
<br>
<br>
</div>
</blockquote>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</body>
</html>