[Freeipa-users] No result when trying to integrate a FreeBSD client with the FreeIPA server

Fraser Tweedale ftweedal at redhat.com
Wed Oct 15 01:14:42 UTC 2014


On Tue, Oct 14, 2014 at 03:13:06PM +0200, Lukas Slebodnik wrote:
> On (14/10/14 17:48), Fraser Tweedale wrote:
> >On Tue, Oct 14, 2014 at 12:34:09PM +0500, Orkhan Gasimov wrote:
> >> With help from Alexander Bokovoy I found correct log destinations:
> >> 
> >> sssd-domain-log:
> >> https://cloud.mail.ru/public/1e803a00989e%2Fsssd_eurosel.az.log
> >> sssd-nss-log: https://cloud.mail.ru/public/ae41ae3b44b6%2Fsssd_nss.log
> >> 
> >> These files are from my second Fedora - FreeBSD setup, they have different
> >> domain name, but everything else is identical.
> >> 
> >> Interestingly enough, there are lines in sssd_nss.log telling that there are
> >> no users or groups in the domain. But as I said, I can ssh to the IPA server
> >> as an IPA user.
> >> 
> >Hi Orkhan,
> >
> >Thanks for the logs.  What were their actual locations?
> >
> >I'm going to try and reproduce your setup and see whether I get the
> >same outcome.  I have been building and installing the ports as
> >indicated in the forum post, and one thing I have noticed is that
> >there are a lot of configuration options on some of the important
> >ports - perhaps there was an important option that the author forgot
> >to mention.
> >
> You needn't build sssd from ports. You can install sssd with pkg utility.
> The only necessary step is to build openldap client with SASL support,
> because default version of openldap client is build without SASL support.
> sssd cannot initialize ipa_provider with openldap libraries without SASL
> support. On the other hand, {ldap,krb5,ad} providers can be used without any
> problem.
> 
> The steps, how to build openldap client with SASL support, are described
> in freebsd forum.
> 
> >It is the end of the day for me, but sssd is now installed so I
> >should let you know tomorrow whether I am running into the same
> >issues as you, or whether I find success.
> >
> >(As a side node: once I get to a working setup I will create and
> >publish a pkg(8) repo with the needed ports built with the correct
> >options and make.conf variables.  This should make it easier and
> >certainly quicker to use FreeBSD as a FreeIPA client.)
> I am not sure what you are trying to do. Everything is described on forum.
> If there isn't something clear feel free to send rephrased(updated) version of
> howto. I can contact an author of that post.
> 
Since there are non-default options and make variables to be set, is
it not desirable that there be a pkg(8) repository people can use to
install the packages needed for ipa integration?

I think it is desirable.  It is easy to thanks to
ports-mgmt/poudriere.

Fraser

> LS




More information about the Freeipa-users mailing list