<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 11/15/2011 10:37 PM, Boris Epstein wrote:
<blockquote
cite="mid:CADeF1XGsaFVTNZtxnYhqp=XPyY3jzJJFrjDO110BC1n=8gZkTA@mail.gmail.com"
type="cite"><br>
<br>
<div class="gmail_quote">On Tue, Nov 15, 2011 at 4:28 PM, Sigbjorn
Lie <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:sigbjorn@nixtra.com">sigbjorn@nixtra.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div class="HOEnZb">
<div class="h5">On 11/15/2011 09:54 PM, Stephen Gallagher
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
On Tue, 2011-11-15 at 20:40 +0000, Steven Jones wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
Hi,<br>
<br>
I dont think there is much realistic hope of getting
windows to<br>
authenticate to freeIPA......the others should be able
to and the<br>
fedora docs on the freeipa documentation web page list
a specific<br>
method for macs for one (but I have not tried it yet,
but I will<br>
be)....ubuntu has been mentioned before....I have to
try/do that as<br>
well....<br>
<br>
Siggi sent me some notes a while back,<br>
<br>
=============<br>
<br>
Ubuntu client install<br>
</blockquote>
<br>
I don't have all of the details handy right now, but I
know Timo<br>
Aaltonen was working on porting SSSD and ipa-client to
Ubuntu in order<br>
to support the enhanced client enrollment available with
those two<br>
packages.<br>
<br>
The SSSD and its dependencies are available in his PPA
here:<br>
<a moz-do-not-send="true"
href="https://launchpad.net/%7Etjaalton/+archive/ppa"
target="_blank">https://launchpad.net/~tjaalton/+archive/ppa</a><br>
<br>
</blockquote>
<br>
</div>
</div>
Just tried to install sssd from the above repo.<br>
<br>
There's only packages for the old 10.04 lucid and 10.10
maverick, nothing for 11.04 natty or 11.11 oneiric. I tried to
install on natty using packages from maverick, but it depends
on packages no longer available in the natty package tree. :(<br>
<br>
However for oneric sssd 1.5.13 seem to have made it into the
universe package tree:<br>
<a moz-do-not-send="true"
href="http://packages.ubuntu.com/oneiric/sssd"
target="_blank">http://packages.ubuntu.com/oneiric/sssd</a><br>
<br>
<br>
<br>
Rgds,<br>
Siggi</blockquote>
<div><br>
</div>
<div>Siggi,</div>
<div><br>
</div>
<div>Thanks, but why would I want sssd on my client machine?</div>
<div><br>
</div>
<div>Or - why would the current LDAP client that Ubuntu at least
claims to have not work?</div>
<br>
</div>
</blockquote>
<br>
The reasons I've found so far is:<br>
<br>
* Lack of support for the host based access control rules found in
IPA<br>
* Need to have the config file with a username/password for the
system to bind to the ldap directory readable by everyone... (not
secure)<br>
* SSSD uses the kerberos host key to talk to LDAP (secure)<br>
* No daemon keeping track of available ldap servers, e.g. in a
failover situation you'll keep asking the server that's down,
delaying your client response.<br>
* No offline caching of credentials (very handy if you have
laptops).<br>
<br>
I'm sure the SSSD developers can give you lots more. :)<br>
<br>
<br>
Rgds,<br>
Siggi<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</body>
</html>