[Freeipa-users] FreeIPA for Linux desktop deployment

Adam Young ayoung at redhat.com
Mon May 9 13:38:59 UTC 2011 

On 05/09/2011 09:12 AM, Dmitri Pal wrote:
> On 05/08/2011 07:39 PM, Adam Young wrote:
>> On 05/08/2011 06:20 AM, nasir nasir wrote:
>>>
>>> Thanks indeed again for the reply. I went through the deployment 
>>> guide and installed and configured FreeIPA 2.0 on a RHEL 6.1 beta 
>>> machine for testing. I also configured the browsers on this server 
>>> and a client Kubuntu machine as per the guide. But I can't find any 
>>> doc which explain how to configure a client (kubuntu in my case) for 
>>> single sign on or even accessing a service like nfs using the 
>>> browser when native ipa-client package is not available. All the 
>>> docs are focused on configuring client machines using ipa-client 
>>> package. Is this possible? if so could anyone suggest me some guide 
>>> lines or docs for the same ?
>>>
>>
>
> Does the client have SSSD?
> If it does making ipa-client work is probably the best path.
>
> If the SSSD is not an option then you are in the realm of PAM_KRB5 for 
> the SSO.
> Please see the FreeIPA 1.2.1 documentation. There is no exact 
> documentation ofr your case but the closest IMO would be the 
> instructions for the Solaris client.
> http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/chap-Client_Configuration_Guide-Configuring_Solaris_as_an_IPA_Client.html
>
> Also see man pages for pam_krb5.
> Hope this helps.
>
> Thanks
> Dmitri


According to Stephen, Ubuntu has an older version of sssd available.  
Even Debian sid only has 1.2.1

http://packages.debian.org/unstable/main/sssd
>
>
>> Did you try installing the ipa-client rpms with Alien?
>>
>>>
>>> Thanks and Regards,
>>> Nidal
>>>
>>> --- On *Mon, 5/2/11, Adam Young /<ayoung at redhat.com>/* wrote:
>>>
>>>
>>>     From: Adam Young <ayoung at redhat.com>
>>>     Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment
>>>     To: "nasir nasir" <kollathodi at yahoo.com>
>>>     Cc: freeipa-users at redhat.com
>>>     Date: Monday, May 2, 2011, 8:03 AM
>>>
>>>     On 05/01/2011 08:49 AM, nasir nasir wrote:
>>>>     Thanks for all the replies and great suggestions! I do
>>>>     appreciate it a lot.
>>>>
>>>>     Apologies for being a bit confusing about the cetralized /home
>>>>     foder in my previous mail. What I want is that all the users
>>>>     should have their /home folder stored in the storage. This
>>>>     entire partition (or LUN) can be attached to my Authentication
>>>>     server(i.e FreeIPA) by using iSCSI. From the Authentication
>>>>     server, I am NOT looking for iSCSI to get it mounted to the
>>>>     individual users' machine. I think NFS/automount would do
>>>>     that(appreciate any suggestion on this !) And whenever a new
>>>>     user is created, /home should be allocated out of this
>>>>     partition so that whichever machine the user is using to login
>>>>     later, she should be able to access the same /home specific to
>>>>     her regardless of the machine. I hope it is clear to all :-)
>>>>
>>>>     Thanks and regards,
>>>>     Nidal
>>>>
>>>>         >     -- Centralized storage with iSCSI for /home folder
>>>>         for each user by means of a dedicated storage
>>>>         IPA manages Automount, which is possibly what you want. 
>>>>         Are you going to give each user their own partition that
>>>>         follows them around, or are you going to give the a home
>>>>         directory on a a NAS server?  I Have to admit, the iSCSI
>>>>         home mount sounds interesting.  You could probably get
>>>>         automount to help you out there, but at this point I think
>>>>         that you would need a separate key line for each user.
>>>>
>>>>         Note that iSCSI won't help you if you want to mount the
>>>>         same partition on multiple clients.  For this, you either
>>>>         need a distributed File System, or stick to NFS.
>>>>
>>>
>>>
>>>     Nidal,
>>>
>>>     OK, I'd probably do something like this:  After install IPA, add
>>>     one host as an IPA client with the following switch: 
>>>     --mkhomedir,, something like  ipa-client-install --mkhomedir -p
>>>     admin.   Then, mount the directory that you are going to use a
>>>     /home on that machine.  Once you create users in IPA, the first
>>>     time you log in as that user, do so from that client, and it
>>>     will attempt to create the home directory for you.    This
>>>     should be the only machine that has permissions to create
>>>     directories under /home.  Now, create an automount location and
>>>     map, and create a key for /home
>>>
>>>     The instructions from our test day should get you started:
>>>
>>>     https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount
>>>
>>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> -- 
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110509/db6049ae/attachment.htm>

More information about the Freeipa-users mailing list