[Freeipa-users] FreeIPA for Linux desktop deployment
nasir nasir
kollathodi at yahoo.com
Mon May 9 14:43:28 UTC 2011
Dimitri/Adam/Stephen,
Thnks a lot for all the replies!
This is a 64 bit machine. So I will try to install 32 bit and let you know the result.
Also, I was trying to configure NFS service on the FreeIPA machine. I followed exactly as given in the deployment guide and tested with another RHEL 6.1 client machine with ipa-client installed on it. When I try to mount the nfs export I am getting the following error,
[root at abc Packages]# mount -v -t nfs4 -o sec=krb5 openipa.cohort.org:/ /mntmount.nfs4: timeout set for Mon May 9 17:36:14 2011mount.nfs4: trying text-based options 'sec=krb5,addr=192.168.1.240,clientaddr=192.168.1.125'mount.nfs4: mount(2): Permission deniedmount.nfs4: access denied by server while mounting openipa.cohort.org:/[root at abc Packages]#
But when I try to remove the kerberos authentication (i.e without -o sec=krb5) it gets mounted without any problem. I googled a lot for this error and tried all the suggestions like adding allow_weak_crypto parameter in the krb5.conf file, checking host/DNS/Keytab entries etc. Still it does not work. When I give weak crypto entry and add some weak crypto like des-cbc-md5, server rejects and says that it is not supported. My /etc/export file and all the necessary commands are copy pasted from the deployment guide with only the necessary modifications to suite my values.
Please suggest me what to do.
Thanks indeed in advance and regards,Nidal
--- On Mon, 5/9/11, Adam Young <ayoung at redhat.com> wrote:
From: Adam Young <ayoung at redhat.com>
Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment
To: "nasir nasir" <kollathodi at yahoo.com>
Cc: freeipa-users at redhat.com
Date: Monday, May 9, 2011, 6:17 AM
On 05/08/2011 11:57 PM, nasir nasir wrote:
Adam,
I truly
appreciate your persistence !
I tried
using alien and it generated the .deb file successfully
and even installed the ipa client package without any
error on the client machine(Kubuntu 11.04). But when I
run the ipa-client-install command, it gave the
following error,
openway at dl-360:~/rpm$ sudo
ipa-client-install
There was a problem importing one of the
required Python modules. The
error was:
No module named
ipaclient.ipadiscovery
I'm guessing that this is a 64 bit system? It might be an arch
issue. IU know that Debian and RH mde different choices for 32 on
64. RH/Fedora puts the Python code into
/usr/lib64/python2.7/site-packages/
Debian might be looking under /usr/lib/ for Python.
Try a 32bit RPM.
openway at dl-360:~/rpm$
I even created the deb file out of ipa-python
package and installed it on the kubuntu
machine(without any error). Still, its the same. Any
idea ?
Thanks and regards,
Nidal
--- On Sun, 5/8/11, Adam Young <ayoung at redhat.com> wrote:
From: Adam Young <ayoung at redhat.com>
Subject: Re: [Freeipa-users] FreeIPA for Linux desktop
deployment
To: "nasir nasir" <kollathodi at yahoo.com>
Cc: freeipa-users at redhat.com
Date: Sunday, May 8, 2011, 4:39 PM
On 05/08/2011 06:20 AM, nasir nasir wrote:
Thanks indeed again for the reply. I went
through the deployment guide and installed
and configured FreeIPA 2.0 on a RHEL 6.1
beta machine for testing. I also
configured the browsers on this server and
a client Kubuntu machine as per the guide.
But I can't find any doc which explain how
to configure a client (kubuntu in my case)
for single sign on or even accessing a
service like nfs using the browser when
native ipa-client package is not
available. All the docs are focused on
configuring client machines using
ipa-client package. Is this possible? if
so could anyone suggest me some guide
lines or docs for the same ?
Did you try installing the ipa-client rpms with
Alien?
Thanks and Regards,
Nidal
--- On Mon, 5/2/11, Adam Young <ayoung at redhat.com>
wrote:
From: Adam Young <ayoung at redhat.com>
Subject: Re: [Freeipa-users] FreeIPA
for Linux desktop deployment
To: "nasir nasir" <kollathodi at yahoo.com>
Cc: freeipa-users at redhat.com
Date: Monday, May 2, 2011, 8:03 AM
On 05/01/2011
08:49 AM, nasir nasir wrote:
Thanks for all the
replies and great
suggestions! I do
appreciate it a lot.
Apologies for being a
bit confusing about the
cetralized /home foder
in my previous mail.
What I want is that all
the users should have
their /home folder
stored in the storage.
This entire partition
(or LUN) can be attached
to my Authentication
server(i.e FreeIPA) by
using iSCSI. From the
Authentication server, I
am NOT looking for iSCSI
to get it mounted to the
individual users'
machine. I think
NFS/automount would do
that(appreciate any
suggestion on this !)
And whenever a new user
is created, /home should
be allocated out of this
partition so that
whichever machine the
user is using to login
later, she should be
able to access the same
/home specific to her
regardless of the
machine. I hope it is
clear to all :-)
Thanks and regards,
Nidal
>
-- Centralized
storage with iSCSI for
/home folder for each
user by means of a
dedicated storage
IPA manages Automount,
which is possibly what
you want. Are you
going to give each
user their own
partition that follows
them around, or are
you going to give the
a home directory on a
a NAS server? I Have
to admit, the iSCSI
home mount sounds
interesting. You
could probably get
automount to help you
out there, but at this
point I think that you
would need a separate
key line for each
user.
Note that iSCSI won't
help you if you want
to mount the same
partition on multiple
clients. For this,
you either need a
distributed File
System, or stick to
NFS.
Nidal,
OK, I'd probably do something like
this: After install IPA, add one
host as an IPA client with the
following switch: --mkhomedir,,
something like ipa-client-install
--mkhomedir -p admin. Then, mount
the directory that you are going to
use a /home on that machine. Once
you create users in IPA, the first
time you log in as that user, do so
from that client, and it will
attempt to create the home directory
for you. This should be the only
machine that has permissions to
create directories under /home.
Now, create an automount location
and map, and create a key for /home
The instructions from our test day
should get you started:
https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110509/896ae6ca/attachment.htm>
More information about the Freeipa-users
mailing list