On 09/16/2011 11:19 AM, Johan Sunnerstig wrote:
> I'm wondering if anyone has used FreeIPA with Debian clients, and if
> so, what client software you opted to use?
> Right now I have nss-pam-ldapd
> (http://arthurdejong.org/nss-pam-ldapd/) and the MIT-based krb
> software that's included in Debian 6 working decently. By that I mean
> I can use it to allow logins as expected, but so far I haven't worked
> out allowing or disallowing login based on group membership.
> Obviously the best solution would be a "real" IPA client, but has
> anyone attempted this? I mucked around a bit with the SSSD included in
> the Debian repos(1.2.1) but didn't get it to work. Though in all
> fairness I didn't try THAT hard since it seems like SSSD has evolved
> quite a bit since 1.2.1.
> Is the SSSD route worthwhile?
If you can get SSSD 1.5.x (latest) working that would be best avenue as
it supports natively IPA host based access control features.
If you manage to do so we will help you to setup it manually. If you as
a result of this would be able to share youer experience and create a
wiki page with the steps need to do all this manually would be awesome.
An alternative would be to try and port ipa-client to Debian.
> I really just need group based logins, sudo controls I can handle
> based on groups with Puppet, but again, if the real client route isn't
> too much work that's of course preferable.
If you want something simple there might be some options in the nss ldap
but you need to dig it from man pages or from Nalin...
> I hope this makes sense, late friday and I have a horrible headache,
> so if it doesn't I apologize in advance. :)
> Freeipa-users mailing list
Sr. Engineering Manager IPA project,
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list