Now that I have my FreeIPA server working in my setup, I'd like to
configure my Proxmox server as an IPA client; both for UNIX users and its

As you might be aware, ipa-client-install is only in sid, and it seems to
be problematic. I'm posting everything I'm doing to keep this documented.

$ apt install sudo
$ apt install bind9utils certmonger curl krb5-user libcurl3 libnss3-tools
libnss-sss libpam-sss libsasl2-modules-gssapi-mit libsss-sudo
libxmlrpc-core-c3 oddjob-mkhomedir python-dnspython python-gssapi
python-ldap sssd libbasicobjects0 libcollection4 libcurl3-nss
libini-config5 libref-array1 gnupg2 python-cffi python-cryptography
python-custodia python-dbus python-jwcrypto python-libipa-hbac python-lxml
python-memcache python-netaddr python-netifaces python-nss python-pyasn1
python-qrcode python-setuptools python-usb python-yubico dnsutils keyutils

$ wget
$ dpkg -i *.deb

$ ipa-client-install -N --mkhomedir

This all seems to work successfully, the server appears on the FreeIPA web
console and even:

$ sss_ssh_authorizedkeys $MY_IPA_USER

works! But ssh, sudo don't work. However if I patch /etc/sssd/sssd.conf and
add nss and pam to [sssd] services, ssh, console login and sudo work!


1) Is there anything problematic in my procedure?

2) Whom should I report a bug so /etc/sssd/sssd.conf is generated
correctly? I'm guessing Debian...

3) Proxmox supposedly uses PAM for its web/API auth, but it ignores my
user. It supports LDAP for authentication, though... Would you recommend
using LDAP or trying to coerce PAM into working for IPA?



  ( Y )
 ()~*~()  mail: alex at corcoles dot net
 (_)-(_)  http://alex.corcoles.net/
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to