Hi,

You may download the profile from bugzilla, here’s a direct link to the 
attachement: https://bugzilla.redhat.com/attachment.cgi?id=579657 
<https://bugzilla.redhat.com/attachment.cgi?id=579657>

Modify the server names and baseDN to match your environment.

Use ldapadd to add the dua profile to your IPA LDAP server.

ldapadd -x -D 'cn=Directory Manager' -W 
<paste contents of the modified dua profile>

Please note: We do not use any AD trust, so the users logging into our Solaris 
servers is doing so from an IPA account.


Regards,
Siggi


> On 12 Mar 2015, at 19:30, Ben .T.George <bentech4...@gmail.com> wrote:
> 
> HI Siggi,
> 
> thanks for the detailed information.
> 
> how can i apply this DUA profile? can you please give me the steps to apply 
> this.
> 
> my current stage is, i can able to login to solaris 10 box with AD user. only 
> thing from command like without "-" in su
> 
> Regards,
> Ben
> 
> On Thu, Mar 12, 2015 at 4:00 PM, Sigbjorn Lie <sigbj...@nixtra.com 
> <mailto:sigbj...@nixtra.com>> wrote:
> Hi,
> 
> Yes the DUA profile needs manually editing and updating as IPA servers are 
> added or removed. Ideally this would be managed by ipa-replica-manage, 
> however as I was advised in the BZ, Red Hat does not have the knowledge or 
> resources to focus on integration with Solaris, which is understandable. :)
> 
> The DUA profile I’ve uploaded to the BZ is a copy (with server names edited), 
> of the DUA profile I1ve used at several environments when configuring Solaris 
> 10 to work with IPA, so unless there are typos I haven’t discovered, it would 
> work ok. :)
> 
> As for the auto mount, Linux uses “.” between auto and the map name, such as 
> auto.master, auto.home, etc. And Solaris uses “_” between the auto and the 
> map name, such as auto_master, auto_home.
> 
> This can be worked around in the DUA profile by adding a 
> searchServiceDescriptor for each auto mounter map, such as 
> "serviceSearchDescriptor: 
> auto_master:automountMapName=auto.master,cn=defualt,cn=automount,dc=ix,dc=test,dc=com”.
> 
> What I found as the best middle ground here, was to keep the master name 
> auto.master and have a serviceSearchDescriptor in the DUA profile for 
> auto.master, and have the remaining maps in IPA with “_”as the separator. 
> This works the best as Linux will look for automaster by default, and be 
> happy with the other maps being referred to with “_”as separator. Solaris 
> seem to require that all the maps  use “_”as seperator, unless 
> serviceSearchDescriptor entries are added for each map.
> 
> I hope this was what you we’re looking for?
> 
> 
> Regards,
> Siggi
> 
> 
> 
> 
>> On 11 Mar 2015, at 19:39, Dmitri Pal <d...@redhat.com 
>> <mailto:d...@redhat.com>> wrote:
>> 
>> Hello,
>> 
>> Is there any chance you can help this guy on the FreeIPA list?
>> 
>> Thanks
>> Dmitri
>> 
>> 
>> -------- Original Message --------
>> Subject:     Re: [Freeipa-users] how can i create home directories 
>> automatically on solaris while IPA user login
>> Date:        Wed, 11 Mar 2015 21:22:02 +0300
>> From:        Ben .T.George <bentech4...@gmail.com> 
>> <mailto:bentech4...@gmail.com>
>> Reply-To:    bentech4...@gmail.com <mailto:bentech4...@gmail.com>
>> To:  dpal <d...@redhat.com> <mailto:d...@redhat.com>
>> CC:  freeipa-users <freeipa-users@redhat.com> 
>> <mailto:freeipa-users@redhat.com>
>> 
>> 
>> from BZ
>> 
>> "While
>>             we value your interest in IPA Solaris support, the
>>             implementation of the DUA profile is not on our nearest
>>             schedule at the moment. We lack both knowledge and resources
>>             to focus on integration with Solaris. This is where we need
>>             a help (ideally patches) and contribution from the community
>>             to help us push these features in.
>> I checked your example DUAConfigProfile and I think it cannot be just added 
>> to FreeIPA right away. E.g. for defaultServerList or preferredServerList, 
>> you would need to expand installers and ipa-replica-manage to handle these 
>> lists and update them when replica is added or updated to prevent it being 
>> outdated. printers or aliases serviceSearchDescriptor refers to objects not 
>> being available and so on. It is not as straightforward as it seems.
>> 
>> What I think that we can work on is to work together on
>> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10
>>  
>> <http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10>
>> ... and add all the steps needed to make IPA work on Solaris 10. I could for 
>> example prepare an updated page and you could review it. Would that work for 
>> you?"
>> this what i followed util now. but's not authenticate with AD, IPA user can 
>> login on solaris box
>> 
>> On Wed, Mar 11, 2015 at 9:11 PM, Dmitri Pal <d...@redhat.com 
>> <mailto:d...@redhat.com>> wrote:
>> On 03/11/2015 01:56 PM, Ben .T.George wrote:
>>> HI
>>> 
>>> yea , i saw that mail thread and he claims that he achieved somehow. but 
>>> not clear.
>>> 
>>> and the  steps mentioned is too technical for me. :) as i am very new to 
>>> IPA it's bit confusing. 
>>> 
>>> later that thread also closed without proper explanation. 
>>> 
>>> i think you guys can contact him to change existing wiki :) as there are 
>>> many solaris related documents which is pretty old.
>>> 
>>> anyway still waiting for rply
>> 
>> Have you found the BZ? They are very detailed.
>> https://bugzilla.redhat.com/show_bug.cgi?id=815515 
>> <https://bugzilla.redhat.com/show_bug.cgi?id=815515>
>> The DUA profile is attached to the bug.
>> 
>> 
>>> 
>>> Regards,
>>> Ben
>>> 
>>> On Wed, Mar 11, 2015 at 8:49 PM, Dmitri Pal <d...@redhat.com 
>>> <mailto:d...@redhat.com>> wrote:
>>> On 03/11/2015 01:18 PM, Ben .T.George wrote:
>>>> HI 
>>>> 
>>>> thanks for the rply.
>>>> 
>>>> even i tried native auto_master file with directory checking script. if i 
>>>> feed the user manually to the script, the directory is creating and while 
>>>> login request comes, it didn't.
>>>> 
>>>> i don't think no one did full solaris integration util now as i asked many 
>>>> questions related to that.
>>>> 
>>>> now i am little bit confident up to this level. and if everything is 
>>>> working fine, i will try to create automated script for IPA join
>>> 
>>> I really do not know Solaris that well. There are some threads from this 
>>> and last week about Solaris. You can find them in the mail archive for 
>>> March.
>>> There are pointers to wikis and bugzillas in those threads. The bugzilla 
>>> bugs have some extended info on how to configure Solaris clients. They were 
>>> pretty detailed. May be they have the automount info you are looking for.
>>> 
>>> 
>>>> 
>>>> Regards,
>>>> Ben
>>>> 
>>>> 
>>>> 
>>>> On Wed, Mar 11, 2015 at 7:32 PM, Dmitri Pal <d...@redhat.com 
>>>> <mailto:d...@redhat.com>> wrote:
>>>> On 03/11/2015 09:50 AM, Ben .T.George wrote:
>>>>> HI
>>>>> 
>>>>> i can able to reach upto level that IPA user can able to login on solaris 
>>>>> box,
>>>>> 
>>>>> but how can i create home directories automatically on solaris while IPA 
>>>>> user login.
>>>>> 
>>>>> even i change the shell in IPA web interface that is getting affected i 
>>>>> saw some option in IPA 3.3 web interface like automount and that is not 
>>>>> in IPA 4.1.2 
>>>> 
>>>> All the options are still there. The menus got re-arranged a bit.
>>>> Hopefully someone with a Solaris knowledge will help you with the rest.
>>>> 
>>>>> 
>>>>> please anyone tell me where it is and how can i achieve this
>>>>> 
>>>>> regards,
>>>>> Ben
>>>>> 
>>>>> 
>>>> 
>>>> 
>>>>  -- 
>>>> Thank you,
>>>> Dmitri Pal
>>>> 
>>>> Sr. Engineering Manager IdM portfolio
>>>> Red Hat, Inc.
>>>> 
>>>> --
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users 
>>>> <https://www.redhat.com/mailman/listinfo/freeipa-users>
>>>> Go to http://freeipa.org <http://freeipa.org/> for more info on the project
>>>> 
>>> 
>>> 
>>> -- 
>>> Thank you,
>>> Dmitri Pal
>>> 
>>> Sr. Engineering Manager IdM portfolio
>>> Red Hat, Inc.
>>> 
>> 
>> 
>> -- 
>> Thank you,
>> Dmitri Pal
>> 
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>> 
>> 
>> 
> 
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users 
> <https://www.redhatcom/mailman/listinfo/freeipa-users>
> Go to http://freeipa.org <http://freeipa.org/> for more info on the project
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to