Hello David,

FreeIPA 3.1 requires several major dependencies that are not available in RHEL 6.x versions - the most notable ones are PKI-CA of version 10.0 and 389-ds-base of version 1.3.0 which introduced transaction support.


I think the easiest way to get version 3.1 would be to wait for next major version of Red Hat Enterprise Linux unless you want to compile and build yourself this dependency chain.

Martin

On 12/21/2012 02:06 AM, David Copperfield wrote:
Hi Rob and all,

Can FreeIPA be compiled and installed on Redhat Enterprise 6.3?  Or I have to
upgrade/install some underlying packages first? Thanks.

--David

-------------------------------------------------------------------------------
*From:* Johan Petersson <johan.peters...@sscspace.com>
*To:* Sigbjorn Lie <sigbj...@nixtra.com>
*Cc:* "freeipa-users@redhat.com" <freeipa-users@redhat.com>
*Sent:* Thursday, December 20, 2012 10:03 AM
*Subject:* Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?

Hi,

Thank you for the tip about NFSMAPID_DOMAIN

It was not set properly.
sharectl get nfs

nfsmapid_domain=

And by using:
sharectl set -p nfsmapid_domain=servername nfs

It was properly set.
I must add that i prefer editing files instead of sharectl,svccfg and so on. :)

I also made a auto.home map in IPA Server to set the homedirectory automounts
right.

And i almost forgot my Solaris version is 11 11/11.

Regards,
Johan.
________________________________________
From: Sigbjorn Lie [sigbj...@nixtra.com <mailto:sigbj...@nixtra.com>]
Sent: Thursday, December 20, 2012 15:20
To: Johan Petersson
Cc: freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>
Subject: RE: [Freeipa-users] Does Solaris 11 work as client to IPA server?

Thanks.

I'm guessing it's taking such a long time because it's looking trough the
entire LDAP server for
your automount maps. The automountmap rules in the DUA profile will help with
that. You'll also
run into issues if you attempt to have several automount locations without
having specified which
one to use with a automountmap rule for auto master.

If you are using NFS4 you should add the _nfsv4idmapdomain dns TXT record to
your DNS or set
NFSMAPID_DOMAIN in /etc/default/nfs to the same value as the domain id used on
your NFS server to
get rid of the nobody:nobody default mapping and enable mapping between the NFS
server and the
client.



Regards,
Siggi




On Thu, December 20, 2012 13:40, Johan Petersson wrote:
 > Hi,
 >
 >
 > Here is my pam.conf cleaned up a bit.
 >
 >
 > login  auth requisite          pam_authtok_get.so.1 login  auth required
 > pam_dhkeys.so.1 login  auth sufficient        pam_krb5.so.1 try_first_pass
login  auth required
 > pam_unix_cred.so.1 login  auth required          pam_unix_auth.so.1 login
auth required
 > pam_dial_auth.so.1
 >
 > gdm-autologin auth  required    pam_unix_cred.so.1 gdm-autologin auth
sufficient  pam_allow.so.1
 >
 > other  auth requisite          pam_authtok_get.so.1 other  auth required
 > pam_dhkeys.so.1 other  auth required          pam_unix_cred.so.1 other  auth
sufficient
 > pam_krb5.so.1 other  auth required          pam_unix_auth.so.1
 >
 > passwd  auth required          pam_passwd_auth.so.1
 >
 > gdm-autologin account  sufficient pam_allow.so.1
 >
 > other  account requisite      pam_roles.so.1 other  account required
 > pam_unix_account.so.1 other  account required        pam_krb5.so.1
 >
 > other  session required        pam_unix_session.so.1
 >
 > other  password required      pam_dhkeys.so.1 other  password requisite
 > pam_authtok_get.so.1
 >
 > other  password requisite      pam_authtok_check.so.1 force_check other
password sufficient
 > pam_krb5.so.1 other  password required      pam_authtok_store.so.1
 >
 > I am getting one error and it is for autofs.
 >
 >
 > /var/adm/messages:
 > Dec 20 12:56:58 servername automount[1651]: [ID 754625 daemon.error] Object
not found
 >
 >
 > /var/svc/log/system.filesystem-autofs:default.log:
 > [ Dec 20 12:24:22 Executing start method ("/lib/svc/method/svc-autofs 
start"). ]
 > automount: /net mounted
 > automount: /nfs4 mounted
 > automount: no unmounts
 > [ Dec 20 12:24:22 Method "start" exited with status 0. ]
 >
 >
 > ldapclient list NS_LDAP_FILE_VERSION= 2.0
 > NS_LDAP_SERVERS= servername
 > NS_LDAP_SEARCH_BASEDN= dc=home
 > NS_LDAP_AUTH= none
 > NS_LDAP_SEARCH_REF= TRUE
 > NS_LDAP_SEARCH_TIME= 15
 > NS_LDAP_PROFILE= default
 > NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=home
 > NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=home
 > NS_LDAP_BIND_TIME= 5
 > NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount
 >
 >
 > Thinking it has to do with missing automountmap in default DUAProfile.
 > Automount still works though but takes time during login and everything is
nobody:nobody :)
 >
 >
 > ________________________________________
 > From: Sigbjorn Lie [sigbj...@nixtra.com <mailto:sigbj...@nixtra.com>]
 > Sent: Thursday, December 20, 2012 10:13
 > To: Johan Petersson
 > Cc: freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>
 > Subject: Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?
 >
 >
 > Hi,
 >
 >
 > This is interesting. When I tested Solaris 11 ssh worked, and su - testuser
worked. However
 > console login did not work giving some PAM errors.
 >
 > Could you please share your entire pam.conf file?
 >
 >
 > Is this Solaris 11 or Solaris 11.1?
 >
 >
 >
 >
 > Regards,
 > Siggi
 >
 >
 >
 >
 > On Thu, December 20, 2012 09:40, Johan Petersson wrote:
 >
 >> I have now managed to use a Solaris 11 system as a client to IPA Server.
 >> su - testuser works ssh works and console login works. I get a delay before
getting the prompt
 >> through ssh though and maybe from console too, probably something about
autofs Going to see if
 >> i can increase loginformation (Solaris newbie). To get it to work i mainly
followed Sigbjorn
 >> Lie's
 >> instructions for Solaris 10 in earlier posts here. I also used the
/etc/pam.conf configuration
 >> example from the Solaris 10 client guide on Free IPA. I stuck with the
default DUAProfile for
 >> now and use a NFS4 Kerberos share for home directories with autofs. Going
to try the other
 >> DUAProfile
 >> too from Bug 815515 and hopefully i can get everything working.
 >>
 >> ________________________________________
 >> From: freeipa-users-boun...@redhat.com
<mailto:freeipa-users-boun...@redhat.com> [freeipa-users-boun...@redhat.com
<mailto:freeipa-users-boun...@redhat.com>] on behalf of Dmitri
 >> Pal
 >> [d...@redhat.com <mailto:d...@redhat.com>]
 >> Sent: Tuesday, December 18, 2012 17:50
 >> To: freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>
 >> Subject: Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?
 >>
 >>
 >>
 >> On 12/18/2012 04:06 AM, Sigbjorn Lie wrote:
 >>
 >>
 >>> On Tue, December 18, 2012 08:28, Johan Petersson wrote:
 >>>
 >>>
 >>>> Hi,
 >>>>
 >>>>
 >>>>
 >>>>
 >>>> We are implementing IPA Server and are gong to need to be able to
authenticate properly
 >>>> with a number of Solaris 11 servers. I have browsed the archives and
found a few threads
 >>>> mentioning some problems with Solaris 11 and IPA Server. Does anyone know
if the issue have
 >>>> been solved?
 >>>>
 >>>>
 >>> I don't think there is any problems with Solaris 11 except of nobody has
yet sat down and
 >>> figured out how to configure it as an IPA client yet.
 >>>
 >>> I had a got at it a while ago (some of the posts you've probably found),
and found that there
 >>>  was enough differences in the LDAP/Kerberos client between Solaris 10 and
Solaris 11 for
 >>> making it work with the setup guide I've created for Solaris 10. And there
was a need for
 >>> further investigation for finding out how to configure Solaris 11 as an
IPA client.
 >>>
 >>> I've not looked into this further as we do not use Solaris 11 yet.
 >>>
 >>>
 >>>
 >>> I don't know if anyone else has had time to sit down and have a crack at 
this?
 >>>
 >>>
 >>
 >> And we would like to hear about this effort.
 >> If it produces instructions we would like to put them on the wiki.
 >> If it produces bugs we would investigate them.
 >>
 >>
 >>
 >>>
 >>>
 >>> Regards,
 >>> Siggi
 >>>
 >>>
 >>>
 >>>
 >>> _______________________________________________
 >>> Freeipa-users mailing list
 >>> Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
 >>>
 >
 >>> https://www.redhat.com/mailman/listinfo/freeipa-users
 >>>
 >>>
 >>
 >>
 >> --
 >> Thank you,
 >> Dmitri Pal
 >>
 >>
 >>
 >> Sr. Engineering Manager for IdM portfolio
 >> Red Hat Inc.
 >>
 >>
 >>
 >>
 >> -------------------------------
 >> Looking to carve out IT costs?
 >> www.redhat.com/carveoutcosts/
 >>
 >>
 >>
 >> _______________________________________________
 >> Freeipa-users mailing list
 >> Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
 >> https://www.redhat.com/mailman/listinfo/freeipa-users
 >>
 >>
 >>
 >> _______________________________________________
 >> Freeipa-users mailing list
 >> Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
 >> https://www.redhat.com/mailman/listinfo/freeipa-users
 >>
 >>
 >>
 >
 >
 >



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to