On Mon, 2011-05-09 at 09:38 -0400, Adam Young wrote: > On 05/09/2011 09:12 AM, Dmitri Pal wrote: > > On 05/08/2011 07:39 PM, Adam Young wrote: > > > On 05/08/2011 06:20 AM, nasir nasir wrote: > > > > > > > > Thanks indeed again for the reply. I went through the deployment > > > > guide and installed and configured FreeIPA 2.0 on a RHEL 6.1 > > > > beta machine for testing. I also configured the browsers on this > > > > server and a client Kubuntu machine as per the guide. But I > > > > can't find any doc which explain how to configure a client > > > > (kubuntu in my case) for single sign on or even accessing a > > > > service like nfs using the browser when native ipa-client > > > > package is not available. All the docs are focused on > > > > configuring client machines using ipa-client package. Is this > > > > possible? if so could anyone suggest me some guide lines or docs > > > > for the same ? > > > > > > > Does the client have SSSD? > > If it does making ipa-client work is probably the best path. > > > > If the SSSD is not an option then you are in the realm of PAM_KRB5 > > for the SSO. > > Please see the FreeIPA 1.2.1 documentation. There is no exact > > documentation ofr your case but the closest IMO would be the > > instructions for the Solaris client. > > http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/chap-Client_Configuration_Guide-Configuring_Solaris_as_an_IPA_Client.html > > > > Also see man pages for pam_krb5. > > Hope this helps. > > > > Thanks > > Dmitri > > > According to Stephen, Ubuntu has an older version of sssd available. > Even Debian sid only has 1.2.1 > > http://packages.debian.org/unstable/main/sssd
SSSD 1.2.1 has some caveats with IPA usage. Mostly because the HBAC format changed in the final FreeIPA v2. SSSD 1.2.1 had been released with the older format, so it won't work. However, it should be possible to set up SSSD 1.2.1 for use with FreeIPA if they set 'access_provider = allow' (instead of 'access_provider = ipa') However, it WILL require a few manual steps to set up, notably the acquisition of the host keytab.
Description: This is a digitally signed message part
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users