I wrote these bugzilla entries based on my own Solaris 10 configuration for IPA 
a while back. Did you try these? They include a working DUA profile (need to 
change server names of course) and the steps I did for configuring Solaris 10 
as an IPA client.


Dua Profile:

The attribute mapping I suggested was for auto.master only. The example dua 
profile above have this mapping. You may see here for a further explanation:



> On 23 Apr 2015, at 12:59, Roderick Johnstone <r...@ast.cam.ac.uk> wrote:
> On 23/04/15 04:25, Rob Crittenden wrote:
>> Roderick Johnstone wrote:
>>> On 22/04/15 14:30, Dmitri Pal wrote:
>>>> On 04/21/2015 01:13 PM, Roderick Johnstone wrote:
>>>>> Hi
>>>>> I also need to integrate Solaris 10 clients with freeipa servers.
>>>>> I've been round many resources, eg freeipa wiki, Fedora and Red Hat
>>>>> manuals, various bug trackers and the freeipa-users mailing list.
>>>>> It looks to me as if this:
>>>>> https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html
>>>>> might be the best guide available, although I'm not sure what changes
>>>>> I might need to make because I'm actually on Solaris 10 rather than 11.
>>>>> Can anyone advise please?
>>>>> There is a comment in the above post:
>>>>> "Make sure that the automount maps in ipaserver is named auto_* and
>>>>> NOT auto.* so they are compatible with Solaris name standards."
>>>>> My automount maps are already called eg auto.master, auto.home on my
>>>>> ipa server and I'm sure I've seen a post somewhere suggesting an
>>>>> attributeMap can fix this issue, but I can't find it now, so maybe I
>>>>> am mistaken.
>>>>> Am I on the right track? Is anyone familiar with that fix.
>>>>> Thanks
>>>>> Roderick Johnstone
>>>> We are not strong in Solaris so you really need to search user archives
>>>> or wait for someone who accomplished Solaris integration to chime in
>>>> here on the list.
>>> Dmitri
>>> I had gathered that from previous postings to the list and was indeed
>>> hoping that one of the Solaris experts might comment.
>>> By the way, there are various suggestions on the list of putting the
>>> best Solaris instructions on the wiki. Is that still a possibility? I'd
>>> be happy to help, but I'm not experienced with connecting Solaris to ipa
>>> yet!
>>> Roderick
>> A few weeks back I added what I thought were the most relevant threads
>> and pointers. The mailing list thread you refer to was converted into
>> some documentation bugs and tickets. I referenced those at
>> http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources
>> If there is anything I can improve here just let me know.
> Rob
> This page has expanded since I was searching a few weeks ago. Thanks for 
> that. I understand that the project has no direct Solaris expertise.
> There are some things that could be made easier to follow and others that 
> seem inconsistent with the mailing list thread that I found. Maybe some are 
> just different ways of doing the same thing.
> I started to point some some differences in this email, but its probably best 
> if I go through the mailing list link that I found and the web page you 
> referenced, systematically, and list what the differences are. I'll be in 
> touch when I have done that.
> In the meantime I noticed a few of small html link issues on the web page you 
> referenced...
> 1) Under the section Solaris 8/9/10 / Configuring Client Authentication
> the link to the reference files in /var/ldap 
> (http://www.freeipa.com/page/ConfiguringUnixClients#Client_Configuration_Files),
>  for me,  resolves to the top level "Open Source Community page" 
> http://community.redhat.com/software/. I do however see the files correctly 
> linked from the section "Client Configuration Files" at bottom of the page.
> 2) There is the same issue for the links to the nsswitch.conf and pam.conf 
> files linked in items 2 and 4 below the above - sorry, its hard to describe 
> well where these links are.
> And it would be good if the patch ("Patch to update Solaris documentation") 
> that is referred to in Solaris 8/9/10 / Additional resources could be applied 
> to the original document and the patched document made available, or at least 
> the information in it.
> Thanks
> Roderick
>> rob
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to