Re: [Freeipa-users] [freeipa-users] Configuring Automount on Ubuntu Clients
My change was already applied in bind9 (1:9.10.3.dfsg.P2-4) experimental; urgency=medium I don't know if it could be shipped by sssd package as the policy is for usr.bin.named binary. On 2016/02/22 07:11, Timo Aaltonen wrote: > 14.02.2016, 09:14, Filip Pytloun kirjoitti: > > Hello, > > > > we are using Ubuntu 14.04 on FreeIPA clients and Ubuntu 16.04 on FreeIPA > > server for 2 months with no critical issues. > > > > Using newer freeipa-client was not needed, only sssd update from here, > > because trusty version is buggy: > > https://launchpad.net/~sssd/+archive/ubuntu/updates?field.series_filter=trusty > > > > On server side, it was only needed to fix apparmor policy for bind to > > fix FreeIPA DNS zones: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814314 > > /var/lib/sss* bits belong to the apparmor profile shipped by sssd.. > mind removing them from the bind profile and testing this to > /etc/apparmor.d/usr.sbin.sssd instead? > > @@ -33,6 +33,7 @@ > >/var/lib/sss/* rw, >/var/lib/sss/db/* rwk, > + /var/lib/sss/mc/initgroups r, >/var/lib/sss/pipes/* rw, >/var/lib/sss/pipes/private/* rw, >/var/lib/sss/pubconf/* rw, > @@ -42,6 +43,7 @@ >/{,var/}run/sssd.pid rw, > >profile /usr/lib/@{multiarch}/sssd/* { > +/var/lib/sss/pubconf/krb5.include.d/** rw, > /var/lib/sss/pubconf/krb5.include.d/ rw, >} > > > > -- > t signature.asc Description: Digital signature -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] [freeipa-users] Configuring Automount on Ubuntu Clients
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 22.02.2016, 10:00, Filip Pytloun kirjoitti: > My change was already applied in bind9 (1:9.10.3.dfsg.P2-4) > experimental; urgency=medium > > I don't know if it could be shipped by sssd package as the policy > is for usr.bin.named binary. oh right, good point :) I guess these rules should still get added to usr.sbin.sssd so I'll apply them. - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJWysC2AAoJEMtwMWWoiYTcuOMQAJqB2A0xzUyar/AiBR2PEoON EeJEfF6m06vnpU7Vj1f4RfaBv5pcC/OxtHTStfbwc7pV+kgcX7tXe4B7LqaSt+fB bBTdr6Sef2VDzNZTM9kzetYd0vNzpSTTL9uwQ8qvlyigQ+PmFlkAD4sLhuMEGRBc Q+Dr71NtSNYCKlQrQYcK4X2HbIFIK4KlHIfHHbBAgdbOj563QyJSnSXNFtZ2BoGC b3M6hYEFm0Rml4o2Oo+zhbaEl0phLbdhcfwfC9JkZgYNMCtsKBhJce4kZH/s3LQt 4g8Xbz/dr05W02amQJ+Qj0BmM5I6NlXJZPpPojD90el86bP4O8dJGcxiqJIrvfDv RZKvWzyxk/C+IrL8dkjVF0kZFuZ/8plfRAMpqJkvAOZTDLpE27O+E5DMnZL0q9Ok zOQjZvjHup1VBTKF0G59qkDJO/f09oruLx2lspPSEjFOmyaZE8zw1rr458HE9UsC StUC4YlDyp1mFo8H7i0C2Xmr236utccaIplaawq4OhdGKojMJQDVjgAdbt08lbDn VVvf2Z8X2Fu3l5WLQpHOUsZFoNCQ+sG2lGeVdYiPdH3JHPt1WnvreM5kKf01VMj6 gvSwQXP8XloBY7Vx4qEDhk+xXE9+WCIo+lfW7Du20ggJm9pjwLwV9TYb4SoUuHPp QBUu0inQi5TLe0pfEGhQ =s2YH -END PGP SIGNATURE- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] [freeipa-users] Configuring Automount on Ubuntu Clients
14.02.2016, 09:14, Filip Pytloun kirjoitti: > Hello, > > we are using Ubuntu 14.04 on FreeIPA clients and Ubuntu 16.04 on FreeIPA > server for 2 months with no critical issues. > > Using newer freeipa-client was not needed, only sssd update from here, > because trusty version is buggy: > https://launchpad.net/~sssd/+archive/ubuntu/updates?field.series_filter=trusty > > On server side, it was only needed to fix apparmor policy for bind to > fix FreeIPA DNS zones: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814314 /var/lib/sss* bits belong to the apparmor profile shipped by sssd.. mind removing them from the bind profile and testing this to /etc/apparmor.d/usr.sbin.sssd instead? @@ -33,6 +33,7 @@ /var/lib/sss/* rw, /var/lib/sss/db/* rwk, + /var/lib/sss/mc/initgroups r, /var/lib/sss/pipes/* rw, /var/lib/sss/pipes/private/* rw, /var/lib/sss/pubconf/* rw, @@ -42,6 +43,7 @@ /{,var/}run/sssd.pid rw, profile /usr/lib/@{multiarch}/sssd/* { +/var/lib/sss/pubconf/krb5.include.d/** rw, /var/lib/sss/pubconf/krb5.include.d/ rw, } -- t -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] [freeipa-users] Configuring Automount on Ubuntu Clients
Hello, we are using Ubuntu 14.04 on FreeIPA clients and Ubuntu 16.04 on FreeIPA server for 2 months with no critical issues. Using newer freeipa-client was not needed, only sssd update from here, because trusty version is buggy: https://launchpad.net/~sssd/+archive/ubuntu/updates?field.series_filter=trusty On server side, it was only needed to fix apparmor policy for bind to fix FreeIPA DNS zones: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814314 Maybe someone could be interested in Salt formula we are using to setup Freeipa server/client: https://github.com/tcpcloud/salt-formula-freeipa Filip On 2016/02/13 17:40, Prasun Gera wrote: > Just replying to this thread to express interest in good client support in > Ubuntu. As 16.04 draws close to a release, it would be great if the client > side of things work well out of the box in 16.04 without any 3rd party > ppas. 12.04 was pretty bad, 14.04 was mostly usable with some issues. I'm > hoping that with 16.04, it reaches parity with Fedora based distros. I'll > be happy to do some preliminary testing if needed. > > On Mon, Feb 8, 2016 at 10:56 AM, Timo Aaltonen wrote: > > > 04.02.2016, 19:28, Jon kirjoitti: > > > Is Ubuntu not supported with FreeIPA? Is there an updated install > > > script? I installed the freeipa-client from public repos. > > > > > >>> ii freeipa-client > > > 3.3.4-0ubuntu3.1amd64 > > > FreeIPA centralized identity framework -- client > > >>> ii python-freeipa > > > 3.3.4-0ubuntu3.1amd64 > > > FreeIPA centralized identity framework -- python modules > > > > The stock packages in 14.04 are rather old, you'd probably be happier with > > the 4.0.5-based client available on the PPA: > > > > https://launchpad.net/~freeipa/+archive/ubuntu/4.0 > > > > > > > > -- > > t > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project signature.asc Description: Digital signature -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] [freeipa-users] Configuring Automount on Ubuntu Clients
Just replying to this thread to express interest in good client support in Ubuntu. As 16.04 draws close to a release, it would be great if the client side of things work well out of the box in 16.04 without any 3rd party ppas. 12.04 was pretty bad, 14.04 was mostly usable with some issues. I'm hoping that with 16.04, it reaches parity with Fedora based distros. I'll be happy to do some preliminary testing if needed. On Mon, Feb 8, 2016 at 10:56 AM, Timo Aaltonen wrote: > 04.02.2016, 19:28, Jon kirjoitti: > > Is Ubuntu not supported with FreeIPA? Is there an updated install > > script? I installed the freeipa-client from public repos. > > > >>> ii freeipa-client > > 3.3.4-0ubuntu3.1amd64 > > FreeIPA centralized identity framework -- client > >>> ii python-freeipa > > 3.3.4-0ubuntu3.1amd64 > > FreeIPA centralized identity framework -- python modules > > The stock packages in 14.04 are rather old, you'd probably be happier with > the 4.0.5-based client available on the PPA: > > https://launchpad.net/~freeipa/+archive/ubuntu/4.0 > > > > -- > t > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] [freeipa-users] Configuring Automount on Ubuntu Clients
04.02.2016, 19:28, Jon kirjoitti: > Is Ubuntu not supported with FreeIPA? Is there an updated install > script? I installed the freeipa-client from public repos. > >>> ii freeipa-client > 3.3.4-0ubuntu3.1amd64 > FreeIPA centralized identity framework -- client >>> ii python-freeipa > 3.3.4-0ubuntu3.1amd64 > FreeIPA centralized identity framework -- python modules The stock packages in 14.04 are rather old, you'd probably be happier with the 4.0.5-based client available on the PPA: https://launchpad.net/~freeipa/+archive/ubuntu/4.0 -- t -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] [freeipa-users] Configuring Automount on Ubuntu Clients
Jon wrote: Hello, How do I configure automount for Ubuntu 14.04 clients? My procedure on CentOS has been: install free-ipa client, run ipa-client-install (auto configures with dns discovery), run ipa-client-automount. However, when I run this on the ubuntu client, I receive the following errors: >> root@ubuntu-1404-x8664:~# ipa-client-automount -U >> Searching for IPA server... >> IPA server: DNS discovery >> Location: default >> Configured /etc/nsswitch.conf >> Configured /etc/default/nfs-common >> Configured /etc/idmapd.conf >> rpcidmapd failed to restart: Command '/usr/sbin/service rpcidmapd restart ' returned non-zero exit status 1 >> rpcgssd failed to restart: Command '/usr/sbin/service rpcgssd restart ' returned non-zero exit status 1 As these are not the names of these services on Ubuntu, this will never work. >> root@ubuntu-1404-x8664:~# service idmapd restart >> idmapd stop/waiting >> idmapd start/running, process 428 >> root@ubuntu-1404-x8664:~# service gssd restart >> stop: Unknown instance: >> gssd start/running, process 567 Unfortunately, this appears to be hardcoded values in the install script: >> 290 if statestore.has_state('rpcidmapd'): >> 291 enabled = statestore.restore_state('rpcidmapd', 'enabled') >> 292 running = statestore.restore_state('rpcidmapd', 'running') >> 293 rpcidmapd = ipaservices.knownservices.rpcidmapd >> 294 if not enabled: >> 295 rpcidmapd.disable() >> 296 if not running: >> 297 rpcidmapd.stop() >> 298 if statestore.has_state('rpcgssd'): >> 299 enabled = statestore.restore_state('rpcgssd', 'enabled') >> 300 running = statestore.restore_state('rpcgssd', 'running') >> 301 rpcgssd = ipaservices.knownservices.rpcgssd Is Ubuntu not supported with FreeIPA? Is there an updated install script? I installed the freeipa-client from public repos. One guy volunteers his time porting IPA to Ubuntu. He has invested a fair bit of time in generalizing other hardcoded elements in IPA. It's possible he hasn't gotten to ipa-client-automount yet or it hasn't been pushed out in a build yet. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] [freeipa-users] Configuring Automount on Ubuntu Clients
Hello, How do I configure automount for Ubuntu 14.04 clients? My procedure on CentOS has been: install free-ipa client, run ipa-client-install (auto configures with dns discovery), run ipa-client-automount. However, when I run this on the ubuntu client, I receive the following errors: >> root@ubuntu-1404-x8664:~# ipa-client-automount -U >> Searching for IPA server... >> IPA server: DNS discovery >> Location: default >> Configured /etc/nsswitch.conf >> Configured /etc/default/nfs-common >> Configured /etc/idmapd.conf >> rpcidmapd failed to restart: Command '/usr/sbin/service rpcidmapd restart ' returned non-zero exit status 1 >> rpcgssd failed to restart: Command '/usr/sbin/service rpcgssd restart ' returned non-zero exit status 1 As these are not the names of these services on Ubuntu, this will never work. >> root@ubuntu-1404-x8664:~# service idmapd restart >> idmapd stop/waiting >> idmapd start/running, process 428 >> root@ubuntu-1404-x8664:~# service gssd restart >> stop: Unknown instance: >> gssd start/running, process 567 Unfortunately, this appears to be hardcoded values in the install script: >> 290 if statestore.has_state('rpcidmapd'): >> 291 enabled = statestore.restore_state('rpcidmapd', 'enabled') >> 292 running = statestore.restore_state('rpcidmapd', 'running') >> 293 rpcidmapd = ipaservices.knownservices.rpcidmapd >> 294 if not enabled: >> 295 rpcidmapd.disable() >> 296 if not running: >> 297 rpcidmapd.stop() >> 298 if statestore.has_state('rpcgssd'): >> 299 enabled = statestore.restore_state('rpcgssd', 'enabled') >> 300 running = statestore.restore_state('rpcgssd', 'running') >> 301 rpcgssd = ipaservices.knownservices.rpcgssd Is Ubuntu not supported with FreeIPA? Is there an updated install script? I installed the freeipa-client from public repos. >> ii freeipa-client 3.3.4-0ubuntu3.1amd64FreeIPA centralized identity framework -- client >> ii python-freeipa 3.3.4-0ubuntu3.1amd64FreeIPA centralized identity framework -- python modules Thanks, Jon A -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project