[Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa

Roderick Johnstone rmj at ast.cam.ac.uk
Tue Apr 28 21:40:55 UTC 2015 

Siggi

Thanks for the reminder. I did see these a while ago - I've seen so much 
in so many places and became rapidly confused, because I don't have much 
ldap or ipa experience.

I'll review your instructions and see how they fit with the Solaris 11 
instructions from the mailing list that I found and try to distil a page 
with appropriate attributions when I've implemented something that works.

Roderick

On 28/04/2015 19:24, Sigbjorn Lie wrote:
> Hi,
>
> I wrote these bugzilla entries based on my own Solaris 10 configuration
> for IPA a while back. Did you try these? They include a working DUA
> profile (need to change server names of course) and the steps I did for
> configuring Solaris 10 as an IPA client.
>
> Config:
> https://bugzilla.redhat.com/show_bug.cgi?id=815533
>
> Dua Profile:
> https://bugzilla.redhat.com/show_bug.cgi?id=815515
>
> The attribute mapping I suggested was for auto.master only. The example
> dua profile above have this mapping. You may see here for a further
> explanation:
>
> https://www.redhat.com/archives/freeipa-users/2015-March/msg00317.html
>
>
> Regards,
> Siggi
>
>
>
>> On 23 Apr 2015, at 12:59, Roderick Johnstone <rmj at ast.cam.ac.uk
>> <mailto:rmj at ast.cam.ac.uk>> wrote:
>>
>> On 23/04/15 04:25, Rob Crittenden wrote:
>>> Roderick Johnstone wrote:
>>>> On 22/04/15 14:30, Dmitri Pal wrote:
>>>>> On 04/21/2015 01:13 PM, Roderick Johnstone wrote:
>>>>>> Hi
>>>>>>
>>>>>> I also need to integrate Solaris 10 clients with freeipa servers.
>>>>>>
>>>>>> I've been round many resources, eg freeipa wiki, Fedora and Red Hat
>>>>>> manuals, various bug trackers and the freeipa-users mailing list
>>>>>>
>>>>>> It looks to me as if this:
>>>>>> https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html
>>>>>> <https://www.redhat.com/archives/freeipa-users/2013-January/msg00030html>
>>>>>>
>>>>>> might be the best guide available, although I'm not sure what changes
>>>>>> I might need to make because I'm actually on Solaris 10 rather
>>>>>> than 11.
>>>>>>
>>>>>> Can anyone advise please?
>>>>>>
>>>>>> There is a comment in the above post:
>>>>>> "Make sure that the automount maps in ipaserver is named auto_* and
>>>>>> NOT auto.* so they are compatible with Solaris name standards."
>>>>>>
>>>>>> My automount maps are already called eg auto.master, auto.home on my
>>>>>> ipa server and I'm sure I've seen a post somewhere suggesting an
>>>>>> attributeMap can fix this issue, but I can't find it now, so maybe I
>>>>>> am mistaken.
>>>>>>
>>>>>> Am I on the right track? Is anyone familiar with that fix.
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Roderick Johnstone
>>>>>>
>>>>> We are not strong in Solaris so you really need to search user archives
>>>>> or wait for someone who accomplished Solaris integration to chime in
>>>>> here on the list.
>>>>>
>>>>
>>>> Dmitri
>>>>
>>>> I had gathered that from previous postings to the list and was indeed
>>>> hoping that one of the Solaris experts might comment.
>>>>
>>>> By the way, there are various suggestions on the list of putting the
>>>> best Solaris instructions on the wiki. Is that still a possibility? I'd
>>>> be happy to help, but I'm not experienced with connecting Solaris to ipa
>>>> yet!
>>>>
>>>> Roderick
>>>>
>>>
>>> A few weeks back I added what I thought were the most relevant threads
>>> and pointers. The mailing list thread you refer to was converted into
>>> some documentation bugs and tickets. I referenced those at
>>> http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources
>>>
>>> If there is anything I can improve here just let me know.
>>
>> Rob
>>
>> This page has expanded since I was searching a few weeks ago. Thanks
>> for that. I understand that the project has no direct Solaris expertise.
>>
>> There are some things that could be made easier to follow and others
>> that seem inconsistent with the mailing list thread that I found.
>> Maybe some are just different ways of doing the same thing.
>>
>> I started to point some some differences in this email, but its
>> probably best if I go through the mailing list link that I found and
>> the web page you referenced, systematically, and list what the
>> differences are. I'll be in touch when I have done that.
>>
>> In the meantime I noticed a few of small html link issues on the web
>> page you referenced...
>>
>> 1) Under the section Solaris 8/9/10 / Configuring Client Authentication
>> the link to the reference files in /var/ldap
>> (http://www.freeipa.com/page/ConfiguringUnixClients#Client_Configuration_Files),
>> for me,  resolves to the top level "Open Source Community page"
>> http://community.redhat.com/software/. I do however see the files
>> correctly linked from the section "Client Configuration Files" at
>> bottom of the page.
>>
>> 2) There is the same issue for the links to the nsswitch.conf and
>> pam.conf files linked in items 2 and 4 below the above - sorry, its
>> hard to describe well where these links are.
>>
>> And it would be good if the patch ("Patch to update Solaris
>> documentation") that is referred to in Solaris 8/9/10 / Additional
>> resources could be applied to the original document and the patched
>> document made available, or at least the information in it.
>>
>>
>> Thanks
>>
>> Roderick
>>
>>
>>>
>>> rob
>>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>

More information about the Freeipa-users mailing list