Roderick Johnstone wrote: > On 28/04/2015 19:23, Dmitri Pal wrote: >> On 04/28/2015 02:12 PM, Roderick Johnstone wrote: >>> On 23/04/15 14:14, Rob Crittenden wrote: >>>> Roderick Johnstone wrote: >>>>> On 23/04/15 04:25, Rob Crittenden wrote: >>>>>> Roderick Johnstone wrote: >>>>>>> On 22/04/15 14:30, Dmitri Pal wrote: >>>>>>>> On 04/21/2015 01:13 PM, Roderick Johnstone wrote: >>>>>>>>> Hi >>>>>>>>> >>>>>>>>> I also need to integrate Solaris 10 clients with freeipa servers. >>>>>>>>> >>>>>>>>> I've been round many resources, eg freeipa wiki, Fedora and Red >>>>>>>>> Hat >>>>>>>>> manuals, various bug trackers and the freeipa-users mailing list. >>>>>>>>> >>>>>>>>> It looks to me as if this: >>>>>>>>> https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> might be the best guide available, although I'm not sure what >>>>>>>>> changes >>>>>>>>> I might need to make because I'm actually on Solaris 10 rather >>>>>>>>> than >>>>>>>>> 11. >>>>>>>>> >>>>>>>>> Can anyone advise please? >>>>>>>>> >>>>>>>>> There is a comment in the above post: >>>>>>>>> "Make sure that the automount maps in ipaserver is named auto_* >>>>>>>>> and >>>>>>>>> NOT auto.* so they are compatible with Solaris name standards." >>>>>>>>> >>>>>>>>> My automount maps are already called eg auto.master, auto.home >>>>>>>>> on my >>>>>>>>> ipa server and I'm sure I've seen a post somewhere suggesting an >>>>>>>>> attributeMap can fix this issue, but I can't find it now, so >>>>>>>>> maybe I >>>>>>>>> am mistaken. >>>>>>>>> >>>>>>>>> Am I on the right track? Is anyone familiar with that fix. >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> >>>>>>>>> Roderick Johnstone >>>>>>>>> >>>>>>>> We are not strong in Solaris so you really need to search user >>>>>>>> archives >>>>>>>> or wait for someone who accomplished Solaris integration to >>>>>>>> chime in >>>>>>>> here on the list. >>>>>>>> >>>>>>> >>>>>>> Dmitri >>>>>>> >>>>>>> I had gathered that from previous postings to the list and was >>>>>>> indeed >>>>>>> hoping that one of the Solaris experts might comment. >>>>>>> >>>>>>> By the way, there are various suggestions on the list of putting the >>>>>>> best Solaris instructions on the wiki. Is that still a >>>>>>> possibility? I'd >>>>>>> be happy to help, but I'm not experienced with connecting Solaris >>>>>>> to ipa >>>>>>> yet! >>>>>>> >>>>>>> Roderick >>>>>>> >>>>>> >>>>>> A few weeks back I added what I thought were the most relevant >>>>>> threads >>>>>> and pointers. The mailing list thread you refer to was converted into >>>>>> some documentation bugs and tickets. I referenced those at >>>>>> http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources >>>>>> >>>>>> >>>>>> >>>>>> If there is anything I can improve here just let me know. >>>>> >>>>> Rob >>>>> >>>>> This page has expanded since I was searching a few weeks ago. Thanks >>>>> for >>>>> that. I understand that the project has no direct Solaris expertise. >>>>> >>>>> There are some things that could be made easier to follow and others >>>>> that seem inconsistent with the mailing list thread that I found. >>>>> Maybe >>>>> some are just different ways of doing the same thing. >>>>> >>>>> I started to point some some differences in this email, but its >>>>> probably >>>>> best if I go through the mailing list link that I found and the web >>>>> page >>>>> you referenced, systematically, and list what the differences are. >>>>> I'll >>>>> be in touch when I have done that. >>>>> >>>>> In the meantime I noticed a few of small html link issues on the web >>>>> page you referenced... >>>>> >>>>> 1) Under the section Solaris 8/9/10 / Configuring Client >>>>> Authentication >>>>> the link to the reference files in /var/ldap >>>>> (http://www.freeipa.com/page/ConfiguringUnixClients#Client_Configuration_Files), >>>>> >>>>> >>>>> for me, resolves to the top level "Open Source Community page" >>>>> http://community.redhat.com/software/. I do however see the files >>>>> correctly linked from the section "Client Configuration Files" at >>>>> bottom >>>>> of the page. >>>> >>>> Fixed. >>>> >>>>> >>>>> 2) There is the same issue for the links to the nsswitch.conf and >>>>> pam.conf files linked in items 2 and 4 below the above - sorry, its >>>>> hard >>>>> to describe well where these links are. >>>> >>>> Fixed, and fixed a couple of similar issues in other OS's. >>>> >>>>> And it would be good if the patch ("Patch to update Solaris >>>>> documentation") that is referred to in Solaris 8/9/10 / Additional >>>>> resources could be applied to the original document and the patched >>>>> document made available, or at least the information in it. >>>> >>>> Unfortunately the upstream doc project that this is patched against was >>>> discontinued. The patch is mostly interesting for the two tickets it >>>> links to. >>>> >>>> rob >>>> >>> >>> Rob >>> >>> Sorry to be slow getting back on this. >>> >>> Thanks for fixing those links in the existing web page. >>> >>> It seems that the existing page and the mailing list thread that I >>> found are doing slightly different things in rather different ways. >>> The mailing list thread is more focused on using the DUAprofile and >>> tls encrypted connections to the ldap server as well as filling in >>> some more details of other parts of the Solaris configuration that are >>> necessary for other features. >>> >>> I think it would be good to have the prescription from the mailing >>> list also in the wiki to help others that come along. I'll not be in a >>> position to try to join a Solaris host to my ipa server until next >>> week at the earliest, but it is a priority for me, so when other >>> things stop getting in the way I'll definitely be doing this. >>> >>> I'll document what I do following the prescription in the mailing >>> list, for myself, and maybe this can all be made this into a new wiki >>> page. I would be happy to lead on writing the page (and giving >>> references where appropriate) if I had access, but realise that I >>> might not be able to get that access. >> >> We can arrange that and give you permissions. Thank you for your desire >> to document this. It is really appreciated. > > Not at all. I can't contribute much on the tech side here, but if I can > at least make it easier for someone later to follow I'm happy to do that. > >> Please send me an email off list to set things up when you are ready. > > Will do.
I think to edit the wiki all you need is a Fedora Account System (FAS) account: https://admin.fedoraproject.org/accounts/ rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project