[Freeipa-users] Freeipa and spacewalk integration.
Danila Ladner
ladner.danila at gmail.com
Wed Jun 29 19:33:34 UTC 2016
Hello Folks.
I am stuck at this task integrating spacewalk freeipa authorization.
I have followed this docs from spacewalk to enable web authentication with
FreeIPA:
https://fedorahosted.org/spacewalk/wiki/SpacewalkAndIPA
I did all the steps above and trying to authenticate with the user I do not
have in the internal spacewalk database, but ssd ifp with sssd_dbus should
help me with that.
My configs:
sssd.conf:
[domain/lon1.veliosystems.com]
ldap_user_extra_attrs = mail, givenname, sn, ou
cache_credentials = True
krb5_store_password_if_offline = True
krb5_realm = VELIOSYSTEMS.COM
ipa_domain = lon1.veliosystems.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = spcwlk1.lon1.veliosystems.com
chpass_provider = ipa
ipa_server = _srv_, ipa1.sec1.veliosystems.com
ldap_tls_cacert = /etc/ipa/ca.crt
debug_level = 9
[sssd]
services = nss, pam, ssh, sudo, ifp
config_file_version = 2
domains = lon1.veliosystems.com
debug_level = 9
[nss]
homedir_substring = /home
[pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
allowed_uids = apache, root
user_attributes = +mail, +givenname, +sn
debug_level = 9
[root at spcwlk1.lon1 conf.d]#
when i try to login to the Spacewalk UI my pam auth passes as you can see
from /var/log/httpd/ssl_error.log:
[Wed Jun 29 19:12:42 2016] [warn] mod_authnz_pam: PAM account validation
failed for user admin: Permission denied
[Wed Jun 29 19:20:33 2016] [notice] mod_authnz_pam: PAM authentication
passed for user dladner
But i see this after entering password:
I did enabled sssd and sssd_ifp logs and see all the lookups go through if
you need them i can provide them.
The problem is it seems on the step where spacewalk can't create a new user
based on Organization Unit name.
I am a little bit lost and firstly asked Spacewalk community but no one was
able to help me.
If anyone has any additional information where can I troubleshoot further,
i'd appreciate it. I have integrated Jenkins UI with LDAP/IPA auth and it
works just fine, so I am sure it is not IPA backend, but something in
particular with spacewalk httpd modules, but still can't figure out what
exactly is the issue.
If anyone have some information or done similar integration, i'd appreciate
if you can share it.
Thank you,
Danila Ladner.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160629/0b444fdd/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-06-29 at 3.28.36 PM.png
Type: image/png
Size: 169693 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160629/0b444fdd/attachment.png>
More information about the Freeipa-users
mailing list