Roderick Johnstone wrote:
> On 28/04/2015 19:23, Dmitri Pal wrote:
>> On 04/28/2015 02:12 PM, Roderick Johnstone wrote:
>>> On 23/04/15 14:14, Rob Crittenden wrote:
>>>> Roderick Johnstone wrote:
>>>>> On 23/04/15 04:25, Rob Crittenden wrote:
>>>>>> Roderick Johnstone wrote:
>>>>>>> On 22/04/15 14:30, Dmitri Pal wrote:
>>>>>>>> On 04/21/2015 01:13 PM, Roderick Johnstone wrote:
>>>>>>>>> Hi
>>>>>>>>> I also need to integrate Solaris 10 clients with freeipa servers.
>>>>>>>>> I've been round many resources, eg freeipa wiki, Fedora and Red
>>>>>>>>> Hat
>>>>>>>>> manuals, various bug trackers and the freeipa-users mailing list.
>>>>>>>>> It looks to me as if this:
>>>>>>>>> might be the best guide available, although I'm not sure what
>>>>>>>>> changes
>>>>>>>>> I might need to make because I'm actually on Solaris 10 rather
>>>>>>>>> than
>>>>>>>>> 11.
>>>>>>>>> Can anyone advise please?
>>>>>>>>> There is a comment in the above post:
>>>>>>>>> "Make sure that the automount maps in ipaserver is named auto_*
>>>>>>>>> and
>>>>>>>>> NOT auto.* so they are compatible with Solaris name standards."
>>>>>>>>> My automount maps are already called eg auto.master, auto.home
>>>>>>>>> on my
>>>>>>>>> ipa server and I'm sure I've seen a post somewhere suggesting an
>>>>>>>>> attributeMap can fix this issue, but I can't find it now, so
>>>>>>>>> maybe I
>>>>>>>>> am mistaken.
>>>>>>>>> Am I on the right track? Is anyone familiar with that fix.
>>>>>>>>> Thanks
>>>>>>>>> Roderick Johnstone
>>>>>>>> We are not strong in Solaris so you really need to search user
>>>>>>>> archives
>>>>>>>> or wait for someone who accomplished Solaris integration to
>>>>>>>> chime in
>>>>>>>> here on the list.
>>>>>>> Dmitri
>>>>>>> I had gathered that from previous postings to the list and was
>>>>>>> indeed
>>>>>>> hoping that one of the Solaris experts might comment.
>>>>>>> By the way, there are various suggestions on the list of putting the
>>>>>>> best Solaris instructions on the wiki. Is that still a
>>>>>>> possibility? I'd
>>>>>>> be happy to help, but I'm not experienced with connecting Solaris
>>>>>>> to ipa
>>>>>>> yet!
>>>>>>> Roderick
>>>>>> A few weeks back I added what I thought were the most relevant
>>>>>> threads
>>>>>> and pointers. The mailing list thread you refer to was converted into
>>>>>> some documentation bugs and tickets. I referenced those at
>>>>>> If there is anything I can improve here just let me know.
>>>>> Rob
>>>>> This page has expanded since I was searching a few weeks ago. Thanks
>>>>> for
>>>>> that. I understand that the project has no direct Solaris expertise.
>>>>> There are some things that could be made easier to follow and others
>>>>> that seem inconsistent with the mailing list thread that I found.
>>>>> Maybe
>>>>> some are just different ways of doing the same thing.
>>>>> I started to point some some differences in this email, but its
>>>>> probably
>>>>> best if I go through the mailing list link that I found and the web
>>>>> page
>>>>> you referenced, systematically, and list what the differences are.
>>>>> I'll
>>>>> be in touch when I have done that.
>>>>> In the meantime I noticed a few of small html link issues on the web
>>>>> page you referenced...
>>>>> 1) Under the section Solaris 8/9/10 / Configuring Client
>>>>> Authentication
>>>>> the link to the reference files in /var/ldap
>>>>> (,
>>>>> for me,  resolves to the top level "Open Source Community page"
>>>>> I do however see the files
>>>>> correctly linked from the section "Client Configuration Files" at
>>>>> bottom
>>>>> of the page.
>>>> Fixed.
>>>>> 2) There is the same issue for the links to the nsswitch.conf and
>>>>> pam.conf files linked in items 2 and 4 below the above - sorry, its
>>>>> hard
>>>>> to describe well where these links are.
>>>> Fixed, and fixed a couple of similar issues in other OS's.
>>>>> And it would be good if the patch ("Patch to update Solaris
>>>>> documentation") that is referred to in Solaris 8/9/10 / Additional
>>>>> resources could be applied to the original document and the patched
>>>>> document made available, or at least the information in it.
>>>> Unfortunately the upstream doc project that this is patched against was
>>>> discontinued. The patch is mostly interesting for the two tickets it
>>>> links to.
>>>> rob
>>> Rob
>>> Sorry to be slow getting back on this.
>>> Thanks for fixing those links in the existing web page.
>>> It seems that the existing page and the mailing list thread that I
>>> found are doing slightly different things in rather different ways.
>>> The mailing list thread is more focused on using the DUAprofile and
>>> tls encrypted connections to the ldap server as well as filling in
>>> some more details of other parts of the Solaris configuration that are
>>> necessary for other features.
>>> I think it would be good to have the prescription from the mailing
>>> list also in the wiki to help others that come along. I'll not be in a
>>> position to try to join a Solaris host to my ipa server until next
>>> week at the earliest, but it is a priority for me, so when other
>>> things stop getting in the way I'll definitely be doing this.
>>> I'll document what I do following the prescription in the mailing
>>> list, for myself, and maybe this can all be made this into a new wiki
>>> page. I would be happy to lead on writing the page (and giving
>>> references where appropriate) if I had access, but realise that I
>>> might not be able to get that access.
>> We can arrange that and give you permissions. Thank you for your desire
>> to document this. It is really appreciated.
> Not at all. I can't contribute much on the tech side here, but if I can
> at least make it easier for someone later to follow I'm happy to do that.
>> Please send me an email off list to set things up when you are ready.
> Will do.

I think to edit the wiki all you need is a Fedora Account System (FAS)


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to