On Fri, 2011-09-16 at 15:19 +0000, Johan Sunnerstig wrote:
> Hello.
> I'm wondering if anyone has used FreeIPA with Debian clients, and if
> so, what client software you opted to use?
> Right now I have nss-pam-ldapd
> (http://arthurdejong.org/nss-pam-ldapd/) and the MIT-based krb
> software that's included in Debian 6 working decently. By that I mean
> I can use it to allow logins as expected, but so far I haven't worked
> out allowing or disallowing login based on group membership.
> Obviously the best solution would be a "real" IPA client, but has
> anyone attempted this? I mucked around a bit with the SSSD included in
> the Debian repos(1.2.1) but didn't get it to work. Though in all
> fairness I didn't try THAT hard since it seems like SSSD has evolved
> quite a bit since 1.2.1.
> Is the SSSD route worthwhile?

SSSD is certainly the preferred client as it has many, many useful
features others lack including simplified configuration in a
ipa-specific backend.

But 1.2.1 is too old.

> I really just need group based logins, sudo controls I can handle
> based on groups with Puppet, but again, if the real client route isn't
> too much work that's of course preferable.
> I hope this makes sense, late friday and I have a horrible headache,
> so if it doesn't I apologize in advance. :)

There is some work being done to make ipa-client -install more cross
platforms, and we also have some contrib scripts, but we do not have a
complete ipa-client-install script for debian based distributions yet.
So you'll have to manually (or script) configure all components for now.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to