[Freeipa-users] Solaris 10 client configuration using profile
mohammad sereshki
mohammadsereshki at yahoo.com
Sat Oct 11 17:38:22 UTC 2014
Dear
I have done steps of be;low link for solaris 10 and it works fine.
Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?
Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index] Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?
View on www.redhat.com Preview by Yahoo
________________________________
From: Rob Crittenden <rcritten at redhat.com>
To: sipazzo <sipazzo at yahoo.com>; "Freeipa-users at redhat.com" <Freeipa-users at redhat.com>
Sent: Saturday, October 11, 2014 8:40 PM
Subject: Re: [Freeipa-users] Solaris 10 client configuration using profile
sipazzo wrote:
> Thank you,I know where the profile is in the directory tree and how I would invoke it were it there...I don't know how to get it into the directory tree so that it is available to clients. I see posts giving examples of different profilesthat could be used but no post as to how to add it to the directory. Sorry if I am missing something obvious.
>
>
> --------------------------------------------
> On Fri, 10/10/14, Rob Crittenden <rcritten at redhat.com> wrote:
>
> Subject: Re: [Freeipa-users] Solaris 10 client configuration using profile
> To: "sipazzo" <sipazzo at yahoo.com>, freeipa-users at redhat.com
> Date: Friday, October 10, 2014, 4:53 PM
>
> sipazzo wrote:
> >
> Hello, I am trying to set up a default profile for my
> Solaris 10 IPA clients as recommended. I generated a profile
> on a Solaris with the attributes I needed except I got an
> "invalid parameter" error when specifying the
> domainName attribute like this -a domainName=example.com
> even though this parameter works when I use it in
> ldapclient manual. More of an issue though is I have been
> unable to find documentation on getting the profile
> incorporated into the ipa server. How do I get this profile
> on the ipa server and make it available to my Solaris
> clients? Also, my understanding is the clients periodically
> check this profile so they stay updated with the latest
> configuration information. What generates this check? Is it
> time based, a restart of a service or ??
> >
> > Thank you for any
> assistance.
> >
>
> It's been forever since I configured a
> Solaris anything client but I can
> tell you
> where the profile gets stored:
> cn=profilename,cn=default,ou=profile,$SUFFIX
>
> IPA ships with a default
> profile of:
>
> dn:
> cn=default,ou=profile,$SUFFIX
> ObjectClass:
> top
> ObjectClass: DUAConfigProfile
> defaultServerList: $FQDN
> defaultSearchBase: $SUFFIX
> authenticationMethod: none
> searchTimeLimit: 15
> cn:
> default
> serviceSearchDescriptor:
> passwd:cn=users,cn=accounts,$SUFFIX
> serviceSearchDescriptor:
> group:cn=groups,cn=compat,$SUFFIX
> bindTimeLimit: 5
> objectClassMap:
> shadow:shadowAccount=posixAccount
> followReferrals:TRUE
>
> The full schema can be found at
> http://docs.oracle.com/cd/E23824_01/html/821-1455/schemas-17.html
>
> So if your profile is named
> foo you'd invoke it with something like:
>
> # ldapclient init -a
> profileName=foo ipa.example.com
>
> rob
>
>
Here is an example inspired by
https://bugzilla.redhat.com/show_bug.cgi?id=815515
$ ldapmodify -x -D 'cn=Directory Manager' -W
dn: cn=solaris_authssl_test,ou=profile,dc=example,dc=com
objectClass: top
objectClass: DUAConfigProfile
cn: solaris_authssl_test
authenticationMethod: tls:simple
bindTimeLimit: 5
credentialLevel: proxy
defaultSearchBase: dc=example,dc=com
defaultSearchScope: one
defaultServerList: ipa01.example.com ipa02.example.com ipa03.example.com
followReferrals: TRUE
objectclassMap: shadow:shadowAccount=posixAccount
objectclassMap: printers:sunPrinter=printerService
preferredServerList: ipa01.example.com ipa02.example.com
profileTTL: 6000
searchTimeLimit: 10
serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=example,dc=com
serviceSearchDescriptor: group:cn=groups,cn=compat,dc=example,dc=com
serviceSearchDescriptor: netgroup:cn=ng,cn=compat,dc=example,dc=com
serviceSearchDescriptor: ethers:cn=computers,cn=accounts,dc=example,dc=com
serviceSearchDescriptor: automount:cn=default,cn=automount,dc=example,dc=com
serviceSearchDescriptor:
auto_master:automountMapName=auto.master,cn=defualt,cn=automount,dc=example,dc=com
serviceSearchDescriptor: aliases:ou=aliases,ou=test,dc=example,dc=com
serviceSearchDescriptor: printers:ou=printers,ou=test,dc=example,dc=com
<blank line>
^D
You may want to check out
https://bugzilla.redhat.com/show_bug.cgi?id=815533 as well.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141011/1f5b7eb7/attachment.htm>
More information about the Freeipa-users
mailing list