Yeah, also I noticed that on Saturday a new version was uploaded to
unstable, I'll have to recheck.

On Fri, Jan 19, 2018 at 7:56 AM, Andrew Radygin <randr...@gmail.com> wrote:

> Hi Alex!
> I've set up on Debian 8 ipa-client recently.
> And here is my notes on this process, maybe it would be helpfull.
>
> 1. Enable sid repo
> 2. Install freeipa-client and python-sss packages
> 3. Update python-six to 1.10+
> 4. Restart dbus service
> 5. ipa-client-install command
>
> In the end - I've got completely working ipa-client for ssh and sudo.
>
> 2018-01-19 0:24 GMT+03:00 Alex Corcoles via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org>:
>
>> Hi,
>>
>> Now that I have my FreeIPA server working in my setup, I'd like to
>> configure my Proxmox server as an IPA client; both for UNIX users and its
>> web/API.
>>
>> As you might be aware, ipa-client-install is only in sid, and it seems to
>> be problematic. I'm posting everything I'm doing to keep this documented.
>>
>> $ apt install sudo
>> $ apt install bind9utils certmonger curl krb5-user libcurl3 libnss3-tools
>> libnss-sss libpam-sss libsasl2-modules-gssapi-mit libsss-sudo
>> libxmlrpc-core-c3 oddjob-mkhomedir python-dnspython python-gssapi
>> python-ldap sssd libbasicobjects0 libcollection4 libcurl3-nss
>> libini-config5 libref-array1 gnupg2 python-cffi python-cryptography
>> python-custodia python-dbus python-jwcrypto python-libipa-hbac python-lxml
>> python-memcache python-netaddr python-netifaces python-nss python-pyasn1
>> python-qrcode python-setuptools python-usb python-yubico dnsutils keyutils
>> python-requests
>>
>> $ wget http://ftp.de.debian.org/debian/pool/main/f/freeipa/freeipa-
>> client_4.4.4-4_amd64.deb http://ftp.de.debian.org/debia
>> n/pool/main/f/freeipa/freeipa-common_4.4.4-4_all.deb
>> http://ftp.de.debian.org/debian/pool/main/f/freeipa/python-
>> ipaclient_4.4.4-4_all.deb http://ftp.de.debian.org/debia
>> n/pool/main/f/freeipa/python-ipalib_4.4.4-4_all.deb
>> $ dpkg -i *.deb
>>
>> $ ipa-client-install -N --mkhomedir
>>
>> This all seems to work successfully, the server appears on the FreeIPA
>> web console and even:
>>
>> $ sss_ssh_authorizedkeys $MY_IPA_USER
>>
>> works! But ssh, sudo don't work. However if I patch /etc/sssd/sssd.conf
>> and add nss and pam to [sssd] services, ssh, console login and sudo work!
>>
>> Questions:
>>
>> 1) Is there anything problematic in my procedure?
>>
>> 2) Whom should I report a bug so /etc/sssd/sssd.conf is generated
>> correctly? I'm guessing Debian...
>>
>> 3) Proxmox supposedly uses PAM for its web/API auth, but it ignores my
>> user. It supports LDAP for authentication, though... Would you recommend
>> using LDAP or trying to coerce PAM into working for IPA?
>>
>> Cheers,
>>
>> Álex
>>
>> --
>>    ___
>>  {~._.~}
>>   ( Y )
>>  ()~*~()  mail: alex at corcoles dot net
>>  (_)-(_)  http://alex.corcoles.net/
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>> rahosted.org
>>
>>
>
>
> --
> Best regards, Andrew.
>



-- 
   ___
 {~._.~}
  ( Y )
 ()~*~()  mail: alex at corcoles dot net
 (_)-(_)  http://alex.corcoles.net/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to