[Freeipa-users] FreeIPA for Linux desktop deployment
Adam Young
ayoung at redhat.com
Mon May 9 13:38:59 UTC 2011
On 05/09/2011 09:12 AM, Dmitri Pal wrote:
> On 05/08/2011 07:39 PM, Adam Young wrote:
>> On 05/08/2011 06:20 AM, nasir nasir wrote:
>>>
>>> Thanks indeed again for the reply. I went through the deployment
>>> guide and installed and configured FreeIPA 2.0 on a RHEL 6.1 beta
>>> machine for testing. I also configured the browsers on this server
>>> and a client Kubuntu machine as per the guide. But I can't find any
>>> doc which explain how to configure a client (kubuntu in my case) for
>>> single sign on or even accessing a service like nfs using the
>>> browser when native ipa-client package is not available. All the
>>> docs are focused on configuring client machines using ipa-client
>>> package. Is this possible? if so could anyone suggest me some guide
>>> lines or docs for the same ?
>>>
>>
>
> Does the client have SSSD?
> If it does making ipa-client work is probably the best path.
>
> If the SSSD is not an option then you are in the realm of PAM_KRB5 for
> the SSO.
> Please see the FreeIPA 1.2.1 documentation. There is no exact
> documentation ofr your case but the closest IMO would be the
> instructions for the Solaris client.
> http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/chap-Client_Configuration_Guide-Configuring_Solaris_as_an_IPA_Client.html
>
> Also see man pages for pam_krb5.
> Hope this helps.
>
> Thanks
> Dmitri
According to Stephen, Ubuntu has an older version of sssd available.
Even Debian sid only has 1.2.1
http://packages.debian.org/unstable/main/sssd
>
>
>> Did you try installing the ipa-client rpms with Alien?
>>
>>>
>>> Thanks and Regards,
>>> Nidal
>>>
>>> --- On *Mon, 5/2/11, Adam Young /<ayoung at redhat.com>/* wrote:
>>>
>>>
>>> From: Adam Young <ayoung at redhat.com>
>>> Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment
>>> To: "nasir nasir" <kollathodi at yahoo.com>
>>> Cc: freeipa-users at redhat.com
>>> Date: Monday, May 2, 2011, 8:03 AM
>>>
>>> On 05/01/2011 08:49 AM, nasir nasir wrote:
>>>> Thanks for all the replies and great suggestions! I do
>>>> appreciate it a lot.
>>>>
>>>> Apologies for being a bit confusing about the cetralized /home
>>>> foder in my previous mail. What I want is that all the users
>>>> should have their /home folder stored in the storage. This
>>>> entire partition (or LUN) can be attached to my Authentication
>>>> server(i.e FreeIPA) by using iSCSI. From the Authentication
>>>> server, I am NOT looking for iSCSI to get it mounted to the
>>>> individual users' machine. I think NFS/automount would do
>>>> that(appreciate any suggestion on this !) And whenever a new
>>>> user is created, /home should be allocated out of this
>>>> partition so that whichever machine the user is using to login
>>>> later, she should be able to access the same /home specific to
>>>> her regardless of the machine. I hope it is clear to all :-)
>>>>
>>>> Thanks and regards,
>>>> Nidal
>>>>
>>>> > -- Centralized storage with iSCSI for /home folder
>>>> for each user by means of a dedicated storage
>>>> IPA manages Automount, which is possibly what you want.
>>>> Are you going to give each user their own partition that
>>>> follows them around, or are you going to give the a home
>>>> directory on a a NAS server? I Have to admit, the iSCSI
>>>> home mount sounds interesting. You could probably get
>>>> automount to help you out there, but at this point I think
>>>> that you would need a separate key line for each user.
>>>>
>>>> Note that iSCSI won't help you if you want to mount the
>>>> same partition on multiple clients. For this, you either
>>>> need a distributed File System, or stick to NFS.
>>>>
>>>
>>>
>>> Nidal,
>>>
>>> OK, I'd probably do something like this: After install IPA, add
>>> one host as an IPA client with the following switch:
>>> --mkhomedir,, something like ipa-client-install --mkhomedir -p
>>> admin. Then, mount the directory that you are going to use a
>>> /home on that machine. Once you create users in IPA, the first
>>> time you log in as that user, do so from that client, and it
>>> will attempt to create the home directory for you. This
>>> should be the only machine that has permissions to create
>>> directories under /home. Now, create an automount location and
>>> map, and create a key for /home
>>>
>>> The instructions from our test day should get you started:
>>>
>>> https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount
>>>
>>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110509/db6049ae/attachment.htm>
More information about the Freeipa-users
mailing list