[Freeipa-users] FreeBSD client

Daniel Shown shownde at slu.edu
Thu Jul 24 15:27:27 UTC 2014 

No, I don't believe 3.0 on CentOS 6 (sorry I didn't share that detail) has
ipa-advise. Isn't it introduced in FreeIPA 4?  I'm not necessarily opposed
to upgrading, but I'm a bit reticent about switching from a yum package to
a git pull (perhaps I'm just a bit gun shy today). Is there anything I can
try before that?

On a related note, I've fallen back to pointing nsswitch.conf at my ipa
server using ldap. It's working over plain old ldap on 389, but when I try
to config it as ldaps, I can do an ldapsearch, but id/getent fail.

This works "well enough" for my current needs, but it's still a curious
situation.


:DS

===================================
*Daniel Shown,*
Linux Systems Administrator
Advanced Technology Group
Information Technology Services <http://www.slu.edu/its>
at Saint Louis University <http://www.slu.edu/>.

314-977-2583
===================================

"The aim of education
is the knowledge,
not of facts,
but of values."
– William S. Burroughs





On Thu, Jul 24, 2014 at 3:38 AM, Tomas Babej <tbabej at redhat.com> wrote:

>
> On 07/24/2014 02:30 AM, Fraser Tweedale wrote:
> > On Wed, Jul 23, 2014 at 04:37:03PM -0500, Daniel Shown wrote:
> >> So, I'm trying to get a FreeBSD (because ZFS is more stable there than
> in
> >> Linux) file server configured to have access user accounts in FreeIPA
> for
> >> proper ownership/permissions. It seems like it should be pretty
> >> straightforward. I don't even need to update pam.d configs, just
> >> nsswitch.conf. I've gone through a couple of guides, and i still get
> >> nothing when I do an id or getent for users in FreeIPA, it sees
> nothing. I
> >> can do an ldapsearch against the FreeIPA ldap, I can get a Kerberos
> ticket
> >> from my IPA server, and I can even run id/getent on Linux hosts. What
> could
> >> I be missing that could be throwing a wrench in this?
> >>
> > Hi Daniel,
> >
> > Did you follow the steps suggested by::
> >
> >     % ipa-advise config-freebsd-nss-pam-ldapd
> >
> > (Note that you will need a Kerberos ticket to run the above
> > command).
>
> Another note: You'll need to run this command on the
> server. The client machines do not have ipa-advise tool.
>
> >
> > If you have followed this advice (note that some commands have
> > changed and recent versions of FreeBSD - soon I will update the
> > advice accordingly), and it still does not work, let me know - I
> > will be happy to work with you to get things working.
> >
> > Regards,
> >
> > Fraser
> >
> >
> >> Best!
> >> ===================================
> >> *Daniel Shown,*
> >> Linux Systems Administrator
> >> Advanced Technology Group
> >> Information Technology Services <http://www.slu.edu/its>
> >> at Saint Louis University <http://www.slu.edu/>.
> >>
> >> 314-977-2583
> >> ===================================
> >>
> >> "The aim of education
> >> is the knowledge,
> >> not of facts,
> >> but of values."
> >> – William S. Burroughs
> >> --
> >> Manage your subscription for the Freeipa-users mailing list:
> >> https://www.redhat.com/mailman/listinfo/freeipa-users
> >> Go To http://freeipa.org for more info on the project
>
> --
> Tomas Babej
> Associate Software Engineer | Red Hat | Identity Management
> RHCE | Brno Site | IRC: tbabej | freeipa.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140724/20d721de/attachment.htm>

More information about the Freeipa-users mailing list