[Freeipa-users] A crazy idea maybe, migration to Free-IPA 4.1.
Orkhan Gasimov
orkhan-azeri at mail.ru
Thu Oct 23 10:21:09 UTC 2014
Yet with FreeIPA v4 we've got another thing to keep in mind regarding
FreeBSD - FreeIPA integration: the cron script proposed at FreeBSD
forums won't work.
Here's what was said in the post:
"The tricky part was gettingsudoto work with host groups. FreeIPA keeps
host groups in netgroups, and FreeBSD's support for netgroups is
limited. One solution would have been to enable NIS services on the
FreeIPA server so that we could use proper netgroups on FreeBSD clients.
We didn't like that solution, so instead we wrote a script that pulls
all netgroup data from FreeIPA and stores it in/etc/netgroup. We run the
script every hour viacron."
The script looks for host groups in
'cn=hostgroups,cn=accounts,dc=<domain>', and that works with FreeIPA
3.3. But in FreeIPA v4 host groups get in 'cn=ng,cn=compat,dc=<domain>'.
So the script needs modification.
23-Oct-14 12:09, Orkhan Gasimov пишет:
> I already deployed FreeIPA 4.1 on Fedora 21 server alpha-release.
> Everything is good as far as FreeIPA server operation is concerned.
>
>
> 23-Oct-14 01:06, William Graboyes пишет:
>> 3) am I insane for wanting to introduce FC21 into my environment?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141023/754c5f20/attachment.htm>
More information about the Freeipa-users
mailing list