Hi, Yes the DUA profile needs manually editing and updating as IPA servers are added or removed. Ideally this would be managed by ipa-replica-manage, however as I was advised in the BZ, Red Hat does not have the knowledge or resources to focus on integration with Solaris, which is understandable. :)
The DUA profile I’ve uploaded to the BZ is a copy (with server names edited), of the DUA profile I1ve used at several environments when configuring Solaris 10 to work with IPA, so unless there are typos I haven’t discovered, it would work ok. :) As for the auto mount, Linux uses “.” between auto and the map name, such as auto.master, auto.home, etc. And Solaris uses “_” between the auto and the map name, such as auto_master, auto_home. This can be worked around in the DUA profile by adding a searchServiceDescriptor for each auto mounter map, such as "serviceSearchDescriptor: auto_master:automountMapName=auto.master,cn=defualt,cn=automount,dc=ix,dc=test,dc=com”. What I found as the best middle ground here, was to keep the master name auto.master and have a serviceSearchDescriptor in the DUA profile for auto.master, and have the remaining maps in IPA with “_”as the separator. This works the best as Linux will look for auto.master by default, and be happy with the other maps being referred to with “_”as separator. Solaris seem to require that all the maps use “_”as seperator, unless serviceSearchDescriptor entries are added for each map. I hope this was what you we’re looking for? Regards, Siggi > On 11 Mar 2015, at 19:39, Dmitri Pal <d...@redhat.com> wrote: > > Hello, > > Is there any chance you can help this guy on the FreeIPA list? > > Thanks > Dmitri > > > -------- Original Message -------- > Subject: Re: [Freeipa-users] how can i create home directories > automatically on solaris while IPA user login > Date: Wed, 11 Mar 2015 21:22:02 +0300 > From: Ben .T.George <bentech4...@gmail.com> <mailto:bentech4...@gmail.com> > Reply-To: bentech4...@gmail.com <mailto:bentech4...@gmail.com> > To: dpal <d...@redhat.com> <mailto:d...@redhat.com> > CC: freeipa-users <freeipa-users@redhat.com> > <mailto:freeipa-users@redhatcom> > > from BZ > > "While > we value your interest in IPA Solaris support, the > implementation of the DUA profile is not on our nearest > schedule at the moment. We lack both knowledge and resources > to focus on integration with Solaris. This is where we need > a help (ideally patches) and contribution from the community > to help us push these features in. > I checked your example DUAConfigProfile and I think it cannot be just added > to FreeIPA right away. E.g. for defaultServerList or preferredServerList, you > would need to expand installers and ipa-replica-manage to handle these lists > and update them when replica is added or updated to prevent it being > outdated. printers or aliases serviceSearchDescriptor refers to objects not > being available and so on. It is not as straightforward as it seems. > > What I think that we can work on is to work together on > http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10 > > <http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10> > ... and add all the steps needed to make IPA work on Solaris 10. I could for > example prepare an updated page and you could review it. Would that work for > you?" > this what i followed util now. but's not authenticate with AD, IPA user can > login on solaris box > > On Wed, Mar 11, 2015 at 9:11 PM, Dmitri Pal <d...@redhat.com > <mailto:d...@redhat.com>> wrote: > On 03/11/2015 01:56 PM, Ben .T.George wrote: >> HI >> >> yea , i saw that mail thread and he claims that he achieved somehow. but not >> clear. >> >> and the steps mentioned is too technical for me. :) as i am very new to IPA >> it's bit confusing. >> >> later that thread also closed without proper explanation. >> >> i think you guys can contact him to change existing wiki :) as there are >> many solaris related documents which is pretty old. >> >> anyway still waiting for rply > > Have you found the BZ? They are very detailed. > https://bugzilla.redhat.com/show_bug.cgi?id=815515 > <https://bugzilla.redhat.com/show_bug.cgi?id=815515> > The DUA profile is attached to the bug. > > >> >> Regards, >> Ben >> >> On Wed, Mar 11, 2015 at 8:49 PM, Dmitri Pal <d...@redhat.com >> <mailto:d...@redhat.com>> wrote: >> On 03/11/2015 01:18 PM, Ben .T.George wrote: >>> HI >>> >>> thanks for the rply. >>> >>> even i tried native auto_master file with directory checking script. if i >>> feed the user manually to the script, the directory is creating and while >>> login request comes, it didn't. >>> >>> i don't think no one did full solaris integration util now as i asked many >>> questions related to that. >>> >>> now i am little bit confident up to this level. and if everything is >>> working fine, i will try to create automated script for IPA join >> >> I really do not know Solaris that well. There are some threads from this and >> last week about Solaris. You can find them in the mail archive for March. >> There are pointers to wikis and bugzillas in those threads. The bugzilla >> bugs have some extended info on how to configure Solaris clients. They were >> pretty detailed. May be they have the automount info you are looking for. >> >> >>> >>> Regards, >>> Ben >>> >>> >>> >>> On Wed, Mar 11, 2015 at 7:32 PM, Dmitri Pal <d...@redhat.com >>> <mailto:d...@redhat.com>> wrote: >>> On 03/11/2015 09:50 AM, Ben .T.George wrote: >>>> HI >>>> >>>> i can able to reach upto level that IPA user can able to login on solaris >>>> box, >>>> >>>> but how can i create home directories automatically on solaris while IPA >>>> user login. >>>> >>>> even i change the shell in IPA web interface that is getting affected. i >>>> saw some option in IPA 3.3 web interface like automount and that is not in >>>> IPA 4.1.2 >>> >>> All the options are still there. The menus got re-arranged a bit. >>> Hopefully someone with a Solaris knowledge will help you with the rest. >>> >>>> >>>> please anyone tell me where it is and how can i achieve this >>>> >>>> regards, >>>> Ben >>>> >>>> >>> >>> >>> -- >>> Thank you, >>> Dmitri Pal >>> >>> Sr. Engineering Manager IdM portfolio >>> Red Hat, Inc. >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> <https://www.redhat.com/mailman/listinfo/freeipa-users> >>> Go to http://freeipa.org <http://freeipa.org/> for more info on the project >>> >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager IdM portfolio >> Red Hat, Inc. >> > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
