<div dir="ltr"><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">No, I don't believe 3.0 on CentOS 6 (sorry I didn't share that detail) has ipa-advise. Isn't it introduced in FreeIPA 4? I'm not necessarily opposed to upgrading, but I'm a bit reticent about switching from a yum package to a git pull (perhaps I'm just a bit gun shy today). Is there anything I can try before that?</span><div> <font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">On a related note, I've fallen back to pointing nsswitch.conf at my ipa server using ldap. It's working over plain old ldap on 389, but when I try to config it as ldaps, I can do an ldapsearch, but id/getent fail.</font></div> <div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">This works "well enough" for my current needs, but it's still a curious situation.</font></div><div><font face="arial, sans-serif"><br> </font><div style="font-family:arial,sans-serif;font-size:12.727272033691406px"><br></div><div style="font-family:arial,sans-serif;font-size:12.727272033691406px">:DS</div></div></div><div class="gmail_extra"><br clear="all"> <div><div dir="ltr">===================================<br><div style="margin-left:40px"><b style="font-family:arial,helvetica,sans-serif">Daniel Shown,</b><br style="font-family:arial,helvetica,sans-serif">Linux Systems Administrator<br style="font-family:arial,helvetica,sans-serif"> <span style="font-family:arial,helvetica,sans-serif">Advanced Technology Group</span><br style="font-family:arial,helvetica,sans-serif"><a style="font-family:arial,helvetica,sans-serif" href="http://www.slu.edu/its" target="_blank">Information Technology Services</a><br style="font-family:arial,helvetica,sans-serif"> <span style="font-family:arial,helvetica,sans-serif">at </span><a style="font-family:arial,helvetica,sans-serif" href="http://www.slu.edu/" target="_blank">Saint Louis University</a><span style="font-family:arial,helvetica,sans-serif">.</span><br style="font-family:arial,helvetica,sans-serif"> <br style="font-family:arial,helvetica,sans-serif"><a style="font-family:arial,helvetica,sans-serif">314-977-2583</a><br></div>===================================<br><br><div style="margin-left:40px">"The aim of education <br> is the knowledge, <br>not of facts, <br>but of values." <br>– William S. Burroughs<br><br><br></div><img style="background-color:rgb(51,51,153)" src="https://sites.google.com/a/slu.edu/slu-its-101/_/rsrc/1303829218862/config/customLogo.gif?revision=2" height="21" width="420"><br> </div></div> <br><br><div class="gmail_quote">On Thu, Jul 24, 2014 at 3:38 AM, Tomas Babej <span dir="ltr"><<a href="mailto:tbabej@redhat.com" target="_blank">tbabej@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div class=""><br> On 07/24/2014 02:30 AM, Fraser Tweedale wrote:<br> > On Wed, Jul 23, 2014 at 04:37:03PM -0500, Daniel Shown wrote:<br> >> So, I'm trying to get a FreeBSD (because ZFS is more stable there than in<br> >> Linux) file server configured to have access user accounts in FreeIPA for<br> >> proper ownership/permissions. It seems like it should be pretty<br> >> straightforward. I don't even need to update pam.d configs, just<br> >> nsswitch.conf. I've gone through a couple of guides, and i still get<br> >> nothing when I do an id or getent for users in FreeIPA, it sees nothing. I<br> >> can do an ldapsearch against the FreeIPA ldap, I can get a Kerberos ticket<br> >> from my IPA server, and I can even run id/getent on Linux hosts. What could<br> >> I be missing that could be throwing a wrench in this?<br> >><br> > Hi Daniel,<br> ><br> > Did you follow the steps suggested by::<br> ><br> > % ipa-advise config-freebsd-nss-pam-ldapd<br> ><br> > (Note that you will need a Kerberos ticket to run the above<br> > command).<br> <br> </div>Another note: You'll need to run this command on the<br> server. The client machines do not have ipa-advise tool.<br> <div class="HOEnZb"><div class="h5"><br> ><br> > If you have followed this advice (note that some commands have<br> > changed and recent versions of FreeBSD - soon I will update the<br> > advice accordingly), and it still does not work, let me know - I<br> > will be happy to work with you to get things working.<br> ><br> > Regards,<br> ><br> > Fraser<br> ><br> ><br> >> Best!<br> >> ===================================<br> >> *Daniel Shown,*<br> >> Linux Systems Administrator<br> >> Advanced Technology Group<br> >> Information Technology Services <<a href="http://www.slu.edu/its" target="_blank">http://www.slu.edu/its</a>><br> >> at Saint Louis University <<a href="http://www.slu.edu/" target="_blank">http://www.slu.edu/</a>>.<br> >><br> >> <a href="tel:314-977-2583" value="+13149772583">314-977-2583</a><br> >> ===================================<br> >><br> >> "The aim of education<br> >> is the knowledge,<br> >> not of facts,<br> >> but of values."<br> >> – William S. Burroughs<br> >> --<br> >> Manage your subscription for the Freeipa-users mailing list:<br> >> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br> >> Go To <a href="http://freeipa.org" target="_blank">http://freeipa.org</a> for more info on the project<br> <br> </div></div><span class="HOEnZb"><font color="#888888">--<br> Tomas Babej<br> Associate Software Engineer | Red Hat | Identity Management<br> RHCE | Brno Site | IRC: tbabej | <a href="http://freeipa.org" target="_blank">freeipa.org</a><br> <br> </font></span></blockquote></div><br></div>