[Freeipa-users] Radius schema addition to default user objectclasses in FreeIPA 4.1
Orkhan Gasimov
orkhan-azeri at mail.ru
Wed Oct 29 10:23:58 UTC 2014
I checked myself on test VMs.
It's enough to add Radius schema to one FreeIPA server and issue "ipactl
restart" on another.
29-Oct-14 10:16, Orkhan Gasimov пишет:
> One last question: if I'm using 2 FreeIPA servers in a multi-master
> replication scenario, should I add the radiusschema.ldif file on both
> servers? Or it's sufficient to add it on just one server?
>
>
> 29-Oct-14 09:50, Orkhan Gasimov пишет:
>> I solved the problem.
>> I tried to add my radiusschema.ldif using LDAP admin, and it gave an
>> error: "Line 64: "dn" expected, but "add" found".
>> So instructions here:
>> https://www.redhat.com/archives/freeipa-users/2014-February/msg00050.html
>> are incomplete.
>> When creating an ldif-file from the schema-file, it's necessary to
>> repeat this part:
>>
>> dn: cn=schema
>> changetype: modify
>>
>> before this part:
>>
>> add: objectclasses
>>
>> After that everything proceeds normally, and it's possible to add
>> "radiusprofile" objectclass to default user objectclasses.
>>
>> 28-Oct-14 15:43, Orkhan Gasimov пишет:
>>> OK, thanks for info.
>>> First I used that command with " | grep radius" at the end prior to
>>> adding my radiusschema.ldif.
>>> It returned no data.
>>> Then I added my radiusschema.ldif using the command:
>>>
>>> # ldapmodify -ZZ -x -D "cn=Directory Manager" -W -H
>>> ldap://localhost -f /usr/share/radiusschema.ldif
>>>
>>> Then I issued the command you suggested again with " | grep
>>> radius|less" at the end.
>>> This time it retrned a lot of entries (apparently those that were in
>>> the radiusschema.ldif file).
>>>
>>> But when I tried to switch to GUI and add "radiusprofile"
>>> objectclass, I got the same message:
>>>
>>> "IPA Error 4001: NotFound
>>>
>>> objectclass radiusprofile not found"
>>>
>>> I know that radius schema taken from
>>> http://open.rhx.it/phamm/schema/radius.schema works,
>>> it was checked by me with OpenLDAP 2.4 and FreeRadius 2.2.
>>>
>>> What am I doing wrong? Removing "MUST cn" from the schema gives no
>>> difference.
>>>
>>>
>>>
>>> 25-Oct-14 00:38, Rich Megginson пишет:
>>>> Are you trying to list the schema over LDAP? Where did you get the
>>>> above instructions? They are wrong. Use
>>>>
>>>> ldapsearch -o ldif-wrap=no -Y GSSAPI -s base -b "cn=schema"
>>>> attributeTypes objectClasses
>>>
>>
>
More information about the Freeipa-users
mailing list