On Fri, 2011-09-16 at 15:19 +0000, Johan Sunnerstig wrote: > Hello. > I'm wondering if anyone has used FreeIPA with Debian clients, and if > so, what client software you opted to use? > Right now I have nss-pam-ldapd > (http://arthurdejong.org/nss-pam-ldapd/) and the MIT-based krb > software that's included in Debian 6 working decently. By that I mean > I can use it to allow logins as expected, but so far I haven't worked > out allowing or disallowing login based on group membership. > > Obviously the best solution would be a "real" IPA client, but has > anyone attempted this? I mucked around a bit with the SSSD included in > the Debian repos(1.2.1) but didn't get it to work. Though in all > fairness I didn't try THAT hard since it seems like SSSD has evolved > quite a bit since 1.2.1. > Is the SSSD route worthwhile?
SSSD is certainly the preferred client as it has many, many useful features others lack including simplified configuration in a ipa-specific backend. But 1.2.1 is too old. > I really just need group based logins, sudo controls I can handle > based on groups with Puppet, but again, if the real client route isn't > too much work that's of course preferable. > > I hope this makes sense, late friday and I have a horrible headache, > so if it doesn't I apologize in advance. :) There is some work being done to make ipa-client -install more cross platforms, and we also have some contrib scripts, but we do not have a complete ipa-client-install script for debian based distributions yet. So you'll have to manually (or script) configure all components for now. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
