[Freeipa-users] [freeipa-users] Configuring Automount on Ubuntu Clients
Timo Aaltonen
tjaalton at ubuntu.com
Mon Feb 22 05:11:14 UTC 2016
14.02.2016, 09:14, Filip Pytloun kirjoitti:
> Hello,
>
> we are using Ubuntu 14.04 on FreeIPA clients and Ubuntu 16.04 on FreeIPA
> server for 2 months with no critical issues.
>
> Using newer freeipa-client was not needed, only sssd update from here,
> because trusty version is buggy:
> https://launchpad.net/~sssd/+archive/ubuntu/updates?field.series_filter=trusty
>
> On server side, it was only needed to fix apparmor policy for bind to
> fix FreeIPA DNS zones:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814314
/var/lib/sss* bits belong to the apparmor profile shipped by sssd..
mind removing them from the bind profile and testing this to
/etc/apparmor.d/usr.sbin.sssd instead?
@@ -33,6 +33,7 @@
/var/lib/sss/* rw,
/var/lib/sss/db/* rwk,
+ /var/lib/sss/mc/initgroups r,
/var/lib/sss/pipes/* rw,
/var/lib/sss/pipes/private/* rw,
/var/lib/sss/pubconf/* rw,
@@ -42,6 +43,7 @@
/{,var/}run/sssd.pid rw,
profile /usr/lib/@{multiarch}/sssd/* {
+ /var/lib/sss/pubconf/krb5.include.d/** rw,
/var/lib/sss/pubconf/krb5.include.d/ rw,
}
--
t
More information about the Freeipa-users
mailing list