On 09/07/2012 08:38 PM, Dmitri Pal wrote:
On 09/02/2012 12:58 PM, Sigbjorn Lie wrote:
On 09/02/2012 04:37 PM, Natxo Asenjo wrote:
hi,
Recently I have been playing with the zfs for its native nfs4 acl
capabilities. I have used openindiana for this. For those wondering
about openindiana, it is a distribution of the former opensolaris code.
I got the ldap client to work for retrieveing user/group info from
ipa using the ldapclient command:
# ldapclient manual \
-a authenticationMethod=none \
-a defaultSearchBase=*dc=ipa,dc=asenjo,dc=nx* \
-a domainName=*ipa.asenjo.nx* \
-a defaultServerList=kdc.ipa.asenjo.nx \
-a serviceSearchDescriptor='passwd:dc=ipa,dc=asenjo,dc=nx?sub' \
-a serviceSearchDescriptor='group:dc=ipa,dc=asenjo,dc=nx?sub' [enter]
you need to enable the ldap/client service:
# svcadm enable ldap/client:default [enter]
After which, modify /etc/nsswitch.conf to add the ldap provider for
passwd and group:
passwd: files ldap
group: files ldap
That's it, test it:
# id admin
uid=642800000(admin) gid=642800000(admins) groups=642800000(admins)
# getent passwd admin
admin:x:642800000:642800000:Administrator:/home/admin:/bin/bash
So it works. The kerberos stuff will be next ...
One thing I have not yet gotten to work is that these changes are
not persistent accross reboots. The ldapclient config stays, but the
service ldap/client does not start (stays disabled) and
nsswitch.conf missess the ldap entries. So far I am fixing this from
cfengine (gotta love it).
So apparently, for solaris 10 and newer versions, the procedure
outlined in http://freeipa.com/page/ConfiguringSolarisClients is no
longer necessary as far as the ldap client is concerned.
--
Groeten,
natxo
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi,
I'm using Nexenta as an IPA client, another derivative of
OpenSolaris. I use a DUAProfile with ldapclient. This stays
configured and the ldap/client service is enabled across reboots.
There is a DUAProfile included by default with IPA, but it requires
some tweaking to support more than just the basic features. See this
bugzilla for a more comprehensive example:
https://bugzilla.redhat.com/show_bug.cgi?id=815515
There is also some more info about configuring Solaris clients in
this bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=815533
Siggi, can you please review
http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html
and confirm that this is correct and has the latest?
If you find some inconsistency would mind filing a fedora doc bug?
There are some issues in that document.
I have been working with Rob with regards to the previous 2 bugzilla doc
bug's I opened:
https://bugzilla.redhat.com/show_bug.cgi?id=815533
https://bugzilla.redhat.com/show_bug.cgi?id=815515
These BZ covers configuring a DUA profile and configuring Solaris 10 as
an IPA client.
I presume Rob's work will become the new Solaris 10 IPA Client
documentation for both Fedora and RHEL?
Rgds,
Siggi
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
