<html dir="ltr"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body ocsi="0" fpstyle="1" bgcolor="#ffffff"> <div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Hi.<br> Thanks for all the feedback, I think I'll start with this route and see if I can get a more recent SSSD working.<br> And yes, I do all my documentation in Zim, and my boss is quite supportive of sharing the work I/we do, so if I do get this working in a nice manner I will certainly be more than happy to share the documentation.<br> <br> As for contributing code, I'm more than a little rusty when it comes to coding Python(not that I was particularly good to begin with), but maybe if I get some spare time I could have a go at it. :)<br> Thanks again for all the feedback everyone.<br> <br> Regards<br> Johan<br> <div style="font-family: Times New Roman; color: rgb(0, 0, 0); font-size: 16px;"> <hr tabindex="-1"> <div style="direction: ltr;" id="divRpF908242"><font size="2" face="Tahoma" color="#000000"><b>From:</b> freeipa-users-bounces@redhat.com [freeipa-users-bounces@redhat.com] on behalf of Dmitri Pal [dpal@redhat.com]<br> <b>Sent:</b> 16 September 2011 22:42<br> <b>To:</b> freeipa-users@redhat.com; Nalin Dahyabhai<br> <b>Subject:</b> Re: [Freeipa-users] Debian clients?<br> </font><br> </div> <div></div> <div>On 09/16/2011 11:19 AM, Johan Sunnerstig wrote: <blockquote type="cite"><style id="owaParaStyle" type="text/css">  BODY {direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;}P {margin-top:0;margin-bottom:0;}</style> <div style="direction: ltr; font-family: Tahoma; color: rgb(0, 0, 0); font-size: 10pt;"> Hello.<br> I'm wondering if anyone has used FreeIPA with Debian clients, and if so, what client software you opted to use?<br> Right now I have nss-pam-ldapd (<a class="moz-txt-link-freetext" href="http://arthurdejong.org/nss-pam-ldapd/" target="_blank">http://arthurdejong.org/nss-pam-ldapd/</a>) and the MIT-based krb software that's included in Debian 6 working decently. By that I mean I can use it to allow logins as expected, but so far I haven't worked out allowing or disallowing login based on group membership.<br> <br> Obviously the best solution would be a "real" IPA client, but has anyone attempted this? I mucked around a bit with the SSSD included in the Debian repos(1.2.1) but didn't get it to work. Though in all fairness I didn't try THAT hard since it seems like SSSD has evolved quite a bit since 1.2.1.<br> Is the SSSD route worthwhile?<br> </div> </blockquote> <br> If you can get SSSD 1.5.x (latest) working that would be best avenue as it supports natively IPA host based access control features.<br> If you manage to do so we will help you to setup it manually. If you as a result of this would be able to share youer experience and create a wiki page with the steps need to do all this manually would be awesome.<br> <br> An alternative would be to try and port ipa-client to Debian.<br> <br> <blockquote type="cite"> <div style="direction: ltr; font-family: Tahoma; color: rgb(0, 0, 0); font-size: 10pt;"> <br> I really just need group based logins, sudo controls I can handle based on groups with Puppet, but again, if the real client route isn't too much work that's of course preferable.<br> </div> </blockquote> <br> If you want something simple there might be some options in the nss ldap but you need to dig it from man pages or from Nalin...<br> <blockquote type="cite"> <div style="direction: ltr; font-family: Tahoma; color: rgb(0, 0, 0); font-size: 10pt;"> <br> I hope this makes sense, late friday and I have a horrible headache, so if it doesn't I apologize in advance. :)<br> <br> Regards<br> Johan<br> </div> <pre><fieldset class="mimeAttachmentHeader" target="_blank"></fieldset> _______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <br> <br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a> </pre> </div> </div> </div> </body> </html>