[Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa

Sigbjorn Lie sigbjorn at nixtra.com
Tue Apr 28 18:24:53 UTC 2015 

Hi,

I wrote these bugzilla entries based on my own Solaris 10 configuration for IPA a while back. Did you try these? They include a working DUA profile (need to change server names of course) and the steps I did for configuring Solaris 10 as an IPA client.

Config:
https://bugzilla.redhat.com/show_bug.cgi?id=815533 <https://bugzilla.redhat.com/show_bug.cgi?id=815533>

Dua Profile:
https://bugzilla.redhat.com/show_bug.cgi?id=815515 <https://bugzilla.redhat.com/show_bug.cgi?id=815515>

The attribute mapping I suggested was for auto.master only. The example dua profile above have this mapping. You may see here for a further explanation:

https://www.redhat.com/archives/freeipa-users/2015-March/msg00317.html <https://www.redhat.com/archives/freeipa-users/2015-March/msg00317.html>


Regards,
Siggi



> On 23 Apr 2015, at 12:59, Roderick Johnstone <rmj at ast.cam.ac.uk> wrote:
> 
> On 23/04/15 04:25, Rob Crittenden wrote:
>> Roderick Johnstone wrote:
>>> On 22/04/15 14:30, Dmitri Pal wrote:
>>>> On 04/21/2015 01:13 PM, Roderick Johnstone wrote:
>>>>> Hi
>>>>> 
>>>>> I also need to integrate Solaris 10 clients with freeipa servers.
>>>>> 
>>>>> I've been round many resources, eg freeipa wiki, Fedora and Red Hat
>>>>> manuals, various bug trackers and the freeipa-users mailing list.
>>>>> 
>>>>> It looks to me as if this:
>>>>> https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html
>>>>> 
>>>>> might be the best guide available, although I'm not sure what changes
>>>>> I might need to make because I'm actually on Solaris 10 rather than 11.
>>>>> 
>>>>> Can anyone advise please?
>>>>> 
>>>>> There is a comment in the above post:
>>>>> "Make sure that the automount maps in ipaserver is named auto_* and
>>>>> NOT auto.* so they are compatible with Solaris name standards."
>>>>> 
>>>>> My automount maps are already called eg auto.master, auto.home on my
>>>>> ipa server and I'm sure I've seen a post somewhere suggesting an
>>>>> attributeMap can fix this issue, but I can't find it now, so maybe I
>>>>> am mistaken.
>>>>> 
>>>>> Am I on the right track? Is anyone familiar with that fix.
>>>>> 
>>>>> Thanks
>>>>> 
>>>>> Roderick Johnstone
>>>>> 
>>>> We are not strong in Solaris so you really need to search user archives
>>>> or wait for someone who accomplished Solaris integration to chime in
>>>> here on the list.
>>>> 
>>> 
>>> Dmitri
>>> 
>>> I had gathered that from previous postings to the list and was indeed
>>> hoping that one of the Solaris experts might comment.
>>> 
>>> By the way, there are various suggestions on the list of putting the
>>> best Solaris instructions on the wiki. Is that still a possibility? I'd
>>> be happy to help, but I'm not experienced with connecting Solaris to ipa
>>> yet!
>>> 
>>> Roderick
>>> 
>> 
>> A few weeks back I added what I thought were the most relevant threads
>> and pointers. The mailing list thread you refer to was converted into
>> some documentation bugs and tickets. I referenced those at
>> http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources
>> 
>> If there is anything I can improve here just let me know.
> 
> Rob
> 
> This page has expanded since I was searching a few weeks ago. Thanks for that. I understand that the project has no direct Solaris expertise.
> 
> There are some things that could be made easier to follow and others that seem inconsistent with the mailing list thread that I found. Maybe some are just different ways of doing the same thing.
> 
> I started to point some some differences in this email, but its probably best if I go through the mailing list link that I found and the web page you referenced, systematically, and list what the differences are. I'll be in touch when I have done that.
> 
> In the meantime I noticed a few of small html link issues on the web page you referenced...
> 
> 1) Under the section Solaris 8/9/10 / Configuring Client Authentication
> the link to the reference files in /var/ldap (http://www.freeipa.com/page/ConfiguringUnixClients#Client_Configuration_Files), for me,  resolves to the top level "Open Source Community page" http://community.redhat.com/software/. I do however see the files correctly linked from the section "Client Configuration Files" at bottom of the page.
> 
> 2) There is the same issue for the links to the nsswitch.conf and pam.conf files linked in items 2 and 4 below the above - sorry, its hard to describe well where these links are.
> 
> And it would be good if the patch ("Patch to update Solaris documentation") that is referred to in Solaris 8/9/10 / Additional resources could be applied to the original document and the patched document made available, or at least the information in it.
> 
> 
> Thanks
> 
> Roderick
> 
> 
>> 
>> rob
>> 
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150428/cb47fe91/attachment.htm>

More information about the Freeipa-users mailing list