HI Siggi,

thanks for the detailed information.

how can i apply this DUA profile? can you please give me the steps to apply
this.

my current stage is, i can able to login to solaris 10 box with AD user.
only thing from command like without "-" in su

Regards,
Ben

On Thu, Mar 12, 2015 at 4:00 PM, Sigbjorn Lie <sigbj...@nixtra.com> wrote:

> Hi,
>
> Yes the DUA profile needs manually editing and updating as IPA servers are
> added or removed. Ideally this would be managed by ipa-replica-manage,
> however as I was advised in the BZ, Red Hat does not have the knowledge or
> resources to focus on integration with Solaris, which is understandable. :)
>
> The DUA profile I’ve uploaded to the BZ is a copy (with server names
> edited), of the DUA profile I1ve used at several environments when
> configuring Solaris 10 to work with IPA, so unless there are typos I
> haven’t discovered, it would work ok. :)
>
> As for the auto mount, Linux uses “.” between auto and the map name, such
> as auto.master, auto.home, etc. And Solaris uses “_” between the auto and
> the map name, such as auto_master, auto_home.
>
> This can be worked around in the DUA profile by adding a
> searchServiceDescriptor for each auto mounter map, such as
> "serviceSearchDescriptor:
> auto_master:automountMapName=auto.master,cn=defualt,cn=automount,dc=ix,dc=test,dc=com”.
>
> What I found as the best middle ground here, was to keep the master name
> auto.master and have a serviceSearchDescriptor in the DUA profile for
> auto.master, and have the remaining maps in IPA with “_”as the separator.
> This works the best as Linux will look for auto.master by default, and be
> happy with the other maps being referred to with “_”as separator. Solaris
> seem to require that all the maps  use “_”as seperator, unless
> serviceSearchDescriptor entries are added for each map.
>
> I hope this was what you we’re looking for?
>
>
> Regards,
> Siggi
>
>
>
>
> On 11 Mar 2015, at 19:39, Dmitri Pal <d...@redhat.com> wrote:
>
>  Hello,
>
> Is there any chance you can help this guy on the FreeIPA list?
>
> Thanks
> Dmitri
>
>
> -------- Original Message --------  Subject: Re: [Freeipa-users] how can
> i create home directories automatically on solaris while IPA user login  Date:
> Wed, 11 Mar 2015 21:22:02 +0300  From: Ben .T.George
> <bentech4...@gmail.com> <bentech4...@gmail.com>  Reply-To:
> bentech4...@gmail.com  To: dpal <d...@redhat.com> <d...@redhat.com>  CC: 
> freeipa-users
> <freeipa-users@redhat.com> <freeipa-users@redhat.com>
>
>
> from BZ
>
>  "While we value your interest in IPA Solaris support, the implementation
> of the DUA profile is not on our nearest schedule at the moment. We lack
> both knowledge and resources to focus on integration with Solaris. This is
> where we need a help (ideally patches) and contribution from the community
> to help us push these features in.
>
> I checked your example DUAConfigProfile and I think it cannot be just added 
> to FreeIPA right away. E.g. for defaultServerList or preferredServerList, you 
> would need to expand installers and ipa-replica-manage to handle these lists 
> and update them when replica is added or updated to prevent it being 
> outdated. printers or aliases serviceSearchDescriptor refers to objects not 
> being available and so on. It is not as straightforward as it seems.
>
> What I think that we can work on is to work together 
> onhttp://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10
> ... and add all the steps needed to make IPA work on Solaris 10. I could for 
> example prepare an updated page and you could review it. Would that work for 
> you?"
>
>  this what i followed util now. but's not authenticate with AD, IPA user can 
> login on solaris box
>
>
> On Wed, Mar 11, 2015 at 9:11 PM, Dmitri Pal <d...@redhat.com> wrote:
>
>>  On 03/11/2015 01:56 PM, Ben .T.George wrote:
>>
>> HI
>>
>>  yea , i saw that mail thread and he claims that he achieved somehow.
>> but not clear.
>>
>>  and the  steps mentioned is too technical for me. :) as i am very new
>> to IPA it's bit confusing.
>>
>>  later that thread also closed without proper explanation.
>>
>>  i think you guys can contact him to change existing wiki :) as there
>> are many solaris related documents which is pretty old.
>>
>>  anyway still waiting for rply
>>
>>
>> Have you found the BZ? They are very detailed.
>> https://bugzilla.redhat.com/show_bug.cgi?id=815515
>> The DUA profile is attached to the bug.
>>
>>
>>
>>  Regards,
>> Ben
>>
>> On Wed, Mar 11, 2015 at 8:49 PM, Dmitri Pal <d...@redhat.com> wrote:
>>
>>>  On 03/11/2015 01:18 PM, Ben .T.George wrote:
>>>
>>> HI
>>>
>>>  thanks for the rply.
>>>
>>>  even i tried native auto_master file with directory checking script.
>>> if i feed the user manually to the script, the directory is creating and
>>> while login request comes, it didn't.
>>>
>>>  i don't think no one did full solaris integration util now as i asked
>>> many questions related to that.
>>>
>>>  now i am little bit confident up to this level. and if everything is
>>> working fine, i will try to create automated script for IPA join
>>>
>>>
>>>  I really do not know Solaris that well. There are some threads from
>>> this and last week about Solaris. You can find them in the mail archive for
>>> March.
>>> There are pointers to wikis and bugzillas in those threads. The bugzilla
>>> bugs have some extended info on how to configure Solaris clients. They were
>>> pretty detailed. May be they have the automount info you are looking for.
>>>
>>>
>>>
>>>  Regards,
>>> Ben
>>>
>>>
>>>
>>> On Wed, Mar 11, 2015 at 7:32 PM, Dmitri Pal <d...@redhat.com> wrote:
>>>
>>>>  On 03/11/2015 09:50 AM, Ben .T.George wrote:
>>>>
>>>> HI
>>>>
>>>>  i can able to reach upto level that IPA user can able to login on
>>>> solaris box,
>>>>
>>>>  but how can i create home directories automatically on solaris while
>>>> IPA user login.
>>>>
>>>>  even i change the shell in IPA web interface that is getting
>>>> affected. i saw some option in IPA 3.3 web interface like automount and
>>>> that is not in IPA 4.1.2
>>>>
>>>>
>>>>  All the options are still there. The menus got re-arranged a bit.
>>>> Hopefully someone with a Solaris knowledge will help you with the rest.
>>>>
>>>>
>>>>  please anyone tell me where it is and how can i achieve this
>>>>
>>>>  regards,
>>>> Ben
>>>>
>>>>
>>>>
>>>>
>>>>  --
>>>> Thank you,
>>>> Dmitri Pal
>>>>
>>>> Sr. Engineering Manager IdM portfolio
>>>> Red Hat, Inc.
>>>>
>>>>
>>>> --
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project
>>>>
>>>
>>>
>>>
>>> --
>>> Thank you,
>>> Dmitri Pal
>>>
>>> Sr. Engineering Manager IdM portfolio
>>> Red Hat, Inc.
>>>
>>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
>>
>
>
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to