<div dir="ltr">HI Siggi,<div><br></div><div>thanks for the detailed information.</div><div><br></div><div>how can i apply this DUA profile? can you please give me the steps to apply this.</div><div><br></div><div>my current stage is, i can able to login to solaris 10 box with AD user. only thing from command like without "-" in su</div><div><br></div><div>Regards,</div><div>Ben</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 12, 2015 at 4:00 PM, Sigbjorn Lie <span dir="ltr"><<a href="mailto:sigbjorn@nixtra.com" target="_blank">sigbjorn@nixtra.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Hi,<div><br></div><div><div style="margin:0px">Yes the DUA profile needs manually editing and updating as IPA servers are added or removed. Ideally this would be managed by ipa-replica-manage, however as I was advised in the BZ, Red Hat does not have the knowledge or resources to focus on integration with Solaris, which is understandable. :)</div><div style="margin:0px;min-height:14px"><br></div><div style="margin:0px">The DUA profile I’ve uploaded to the BZ is a copy (with server names edited), of the DUA profile I1ve used at several environments when configuring Solaris 10 to work with IPA, so unless there are typos I haven’t discovered, it would work ok. :)</div><div style="margin:0px;min-height:14px"><br></div><div style="margin:0px">As for the auto mount, Linux uses “.” between auto and the map name, such as auto.master, auto.home, etc. And Solaris uses “_” between the auto and the map name, such as auto_master, auto_home.</div><div style="margin:0px;min-height:14px"><br></div><div style="margin:0px">This can be worked around in the DUA profile by adding a searchServiceDescriptor for each auto mounter map, such as "serviceSearchDescriptor: auto_master:automountMapName=auto.master,cn=defualt,cn=automount,dc=ix,dc=test,dc=com”.</div><div style="margin:0px;min-height:14px"><br></div><div style="margin:0px">What I found as the best middle ground here, was to keep the master name auto.master and have a serviceSearchDescriptor in the DUA profile for auto.master, and have the remaining maps in IPA with “_”as the separator. This works the best as Linux will look for auto.master by default, and be happy with the other maps being referred to with “_”as separator. Solaris seem to require that all the maps use “_”as seperator, unless serviceSearchDescriptor entries are added for each map.</div><div style="margin:0px"><br></div><div style="margin:0px">I hope this was what you we’re looking for?</div><div style="margin:0px"><br></div><div style="margin:0px"><br></div><div style="margin:0px">Regards,</div><div style="margin:0px">Siggi</div><div style="margin:0px"><br></div><div style="margin:0px;min-height:14px"><br></div><div style="margin:0px;min-height:14px"><br></div><div style="margin:0px;min-height:14px"><br></div><div><blockquote type="cite"><div>On 11 Mar 2015, at 19:39, Dmitri Pal <<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>> wrote:</div><br><div>
<div bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
Is there any chance you can help this guy on the FreeIPA list?<br>
<br>
Thanks<br>
Dmitri<br>
<div><br>
<br>
-------- Original Message --------
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">Subject:
</th>
<td>Re: [Freeipa-users] how can i create home directories
automatically on solaris while IPA user login</td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">Date: </th>
<td>Wed, 11 Mar 2015 21:22:02 +0300</td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">From: </th>
<td>Ben .T.George <a href="mailto:bentech4you@gmail.com" target="_blank"><bentech4you@gmail.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">Reply-To:
</th>
<td><a href="mailto:bentech4you@gmail.com" target="_blank">bentech4you@gmail.com</a></td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">To: </th>
<td>dpal <a href="mailto:dpal@redhat.com" target="_blank"><dpal@redhat.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap valign="BASELINE">CC: </th>
<td>freeipa-users <a href="mailto:freeipa-users@redhat.com" target="_blank"><freeipa-users@redhat.com></a></td>
</tr>
</tbody>
</table><div><div class="h5">
<br>
<br>
<div dir="ltr">from BZ
<div><br>
</div>
<div>"<span style="white-space:pre-wrap">While
we value your interest in IPA Solaris support, the
implementation of the DUA profile is not on our nearest
schedule at the moment. We lack both knowledge and resources
to focus on integration with Solaris. This is where we need
a help (ideally patches) and contribution from the community
to help us push these features in.</span></div>
<pre style="white-space:pre-wrap;word-wrap:break-word;width:50em">I checked your example DUAConfigProfile and I think it cannot be just added to FreeIPA right away. E.g. for defaultServerList or preferredServerList, you would need to expand installers and ipa-replica-manage to handle these lists and update them when replica is added or updated to prevent it being outdated. printers or aliases serviceSearchDescriptor refers to objects not being available and so on. It is not as straightforward as it seems.
What I think that we can work on is to work together on
<a href="http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10" style="color:rgb(0,102,204)" target="_blank">http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10</a>
... and add all the steps needed to make IPA work on Solaris 10. I could for example prepare an updated page and you could review it. Would that work for you?"</pre>
<pre style="white-space:pre-wrap;word-wrap:break-word;width:50em"></pre>
<pre style="white-space:pre-wrap;word-wrap:break-word;width:50em">this what i followed util now. but's not authenticate with AD, IPA user can login on solaris box</pre>
<pre style="white-space:pre-wrap;word-wrap:break-word;width:50em"></pre>
<pre style="white-space:pre-wrap;word-wrap:break-word;width:50em"></pre>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Mar 11, 2015 at 9:11 PM, Dmitri
Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span>
<div>On 03/11/2015 01:56 PM, Ben .T.George wrote:<br>
</div>
</span>
<blockquote type="cite">
<div dir="ltr">HI
<div><br>
</div>
<span>
<div>yea , i saw that mail thread and he claims that
he achieved somehow. but not clear.</div>
<div><br>
</div>
<div>and the steps mentioned is too technical for
me. :) as i am very new to IPA it's bit
confusing. </div>
<div><br>
</div>
<div>later that thread also closed without proper
explanation. </div>
<div><br>
</div>
<div>i think you guys can contact him to change
existing wiki :) as there are many solaris related
documents which is pretty old.</div>
<div><br>
</div>
<div>anyway still waiting for rply</div>
</span></div>
</blockquote>
<br>
Have you found the BZ? They are very detailed.<br>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=815515" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=815515</a><br>
The DUA profile is attached to the bug.
<div>
<div><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Regards,</div>
<div>Ben</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Mar 11, 2015 at
8:49 PM, Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span>
<div>On 03/11/2015 01:18 PM, Ben .T.George
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">HI
<div><br>
</div>
<div>thanks for the rply.</div>
<div><br>
</div>
<div>even i tried native auto_master
file with directory checking script.
if i feed the user manually to the
script, the directory is creating
and while login request comes, it
didn't.</div>
<div><br>
</div>
<div>i don't think no one did full
solaris integration util now as i
asked many questions related to
that.</div>
<div><br>
</div>
<div>now i am little bit confident up
to this level. and if everything is
working fine, i will try to create
automated script for IPA join</div>
</div>
</blockquote>
<br>
</span> I really do not know Solaris that
well. There are some threads from this and
last week about Solaris. You can find them
in the mail archive for March.<br>
There are pointers to wikis and bugzillas in
those threads. The bugzilla bugs have some
extended info on how to configure Solaris
clients. They were pretty detailed. May be
they have the automount info you are looking
for.
<div>
<div><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Regards,</div>
<div>Ben</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Mar
11, 2015 at 7:32 PM, Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span>
<div>On 03/11/2015 09:50 AM,
Ben .T.George wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">HI
<div><br>
</div>
<div>i can able to reach
upto level that IPA
user can able to login
on solaris box,</div>
<div><br>
</div>
<div>but how can i
create home
directories
automatically on
solaris while IPA user
login.</div>
<div><br>
</div>
<div>even i change the
shell in IPA web
interface that is
getting affected. i
saw some option in IPA
3.3 web interface like
automount and that is
not in IPA 4.1.2 <br>
</div>
</div>
</blockquote>
<br>
</span> All the options are
still there. The menus got
re-arranged a bit.<br>
Hopefully someone with a
Solaris knowledge will help
you with the rest.<span><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>please anyone tell
me where it is and how
can i achieve this</div>
<div><br>
</div>
<div>regards,</div>
<div>Ben</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
<br>
<br>
</span><span><font color="#888888">
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</font></span></div>
<br>
--<br>
Manage your subscription for the
Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go to <a href="http://freeipa.org/" target="_blank">http://freeipa.org</a>
for more info on the project<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
</div></div></div>
<br>
</div>
</div></blockquote></div><br></div></div><br>--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go to <a href="http://freeipa.org" target="_blank">http://freeipa.org</a> for more info on the project<br></blockquote></div><br></div>