Re: [Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa

2015-04-28 Thread Roderick Johnstone 

Siggi

Thanks for the reminder. I did see these a while ago - I've seen so much 
in so many places and became rapidly confused, because I don't have much 
ldap or ipa experience.


I'll review your instructions and see how they fit with the Solaris 11 
instructions from the mailing list that I found and try to distil a page 
with appropriate attributions when I've implemented something that works.


Roderick

On 28/04/2015 19:24, Sigbjorn Lie wrote:

Hi,

I wrote these bugzilla entries based on my own Solaris 10 configuration
for IPA a while back. Did you try these? They include a working DUA
profile (need to change server names of course) and the steps I did for
configuring Solaris 10 as an IPA client.

Config:
https://bugzilla.redhat.com/show_bug.cgi?id=815533

Dua Profile:
https://bugzilla.redhat.com/show_bug.cgi?id=815515

The attribute mapping I suggested was for auto.master only. The example
dua profile above have this mapping. You may see here for a further
explanation:

https://www.redhat.com/archives/freeipa-users/2015-March/msg00317.html


Regards,
Siggi




On 23 Apr 2015, at 12:59, Roderick Johnstone mailto:r...@ast.cam.ac.uk>> wrote:

On 23/04/15 04:25, Rob Crittenden wrote:

Roderick Johnstone wrote:

On 22/04/15 14:30, Dmitri Pal wrote:

On 04/21/2015 01:13 PM, Roderick Johnstone wrote:

Hi

I also need to integrate Solaris 10 clients with freeipa servers.

I've been round many resources, eg freeipa wiki, Fedora and Red Hat
manuals, various bug trackers and the freeipa-users mailing list

It looks to me as if this:
https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html


might be the best guide available, although I'm not sure what changes
I might need to make because I'm actually on Solaris 10 rather
than 11.

Can anyone advise please?

There is a comment in the above post:
"Make sure that the automount maps in ipaserver is named auto_* and
NOT auto.* so they are compatible with Solaris name standards."

My automount maps are already called eg auto.master, auto.home on my
ipa server and I'm sure I've seen a post somewhere suggesting an
attributeMap can fix this issue, but I can't find it now, so maybe I
am mistaken.

Am I on the right track? Is anyone familiar with that fix.

Thanks

Roderick Johnstone


We are not strong in Solaris so you really need to search user archives
or wait for someone who accomplished Solaris integration to chime in
here on the list.



Dmitri

I had gathered that from previous postings to the list and was indeed
hoping that one of the Solaris experts might comment.

By the way, there are various suggestions on the list of putting the
best Solaris instructions on the wiki. Is that still a possibility? I'd
be happy to help, but I'm not experienced with connecting Solaris to ipa
yet!

Roderick



A few weeks back I added what I thought were the most relevant threads
and pointers. The mailing list thread you refer to was converted into
some documentation bugs and tickets. I referenced those at
http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources

If there is anything I can improve here just let me know.


Rob

This page has expanded since I was searching a few weeks ago. Thanks
for that. I understand that the project has no direct Solaris expertise.

There are some things that could be made easier to follow and others
that seem inconsistent with the mailing list thread that I found.
Maybe some are just different ways of doing the same thing.

I started to point some some differences in this email, but its
probably best if I go through the mailing list link that I found and
the web page you referenced, systematically, and list what the
differences are. I'll be in touch when I have done that.

In the meantime I noticed a few of small html link issues on the web
page you referenced...

1) Under the section Solaris 8/9/10 / Configuring Client Authentication
the link to the reference files in /var/ldap
(http://www.freeipa.com/page/ConfiguringUnixClients#Client_Configuration_Files),
for me,  resolves to the top level "Open Source Community page"
http://community.redhat.com/software/. I do however see the files
correctly linked from the section "Client Configuration Files" at
bottom of the page.

2) There is the same issue for the links to the nsswitch.conf and
pam.conf files linked in items 2 and 4 below the above - sorry, its
hard to describe well where these links are.

And it would be good if the patch ("Patch to update Solaris
documentation") that is referred to in Solaris 8/9/10 / Additional
resources could be applied to the original document and the patched
document made available, or at least the information in it.


Thanks

Roderick




rob



--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project




--
Manage your subscription for the Free

Re: [Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa

2015-04-28 Thread Rob Crittenden 
Roderick Johnstone wrote:
> On 28/04/2015 19:23, Dmitri Pal wrote:
>> On 04/28/2015 02:12 PM, Roderick Johnstone wrote:
>>> On 23/04/15 14:14, Rob Crittenden wrote:
 Roderick Johnstone wrote:
> On 23/04/15 04:25, Rob Crittenden wrote:
>> Roderick Johnstone wrote:
>>> On 22/04/15 14:30, Dmitri Pal wrote:
 On 04/21/2015 01:13 PM, Roderick Johnstone wrote:
> Hi
>
> I also need to integrate Solaris 10 clients with freeipa servers.
>
> I've been round many resources, eg freeipa wiki, Fedora and Red
> Hat
> manuals, various bug trackers and the freeipa-users mailing list.
>
> It looks to me as if this:
> https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html
>
>
>
>
> might be the best guide available, although I'm not sure what
> changes
> I might need to make because I'm actually on Solaris 10 rather
> than
> 11.
>
> Can anyone advise please?
>
> There is a comment in the above post:
> "Make sure that the automount maps in ipaserver is named auto_*
> and
> NOT auto.* so they are compatible with Solaris name standards."
>
> My automount maps are already called eg auto.master, auto.home
> on my
> ipa server and I'm sure I've seen a post somewhere suggesting an
> attributeMap can fix this issue, but I can't find it now, so
> maybe I
> am mistaken.
>
> Am I on the right track? Is anyone familiar with that fix.
>
> Thanks
>
> Roderick Johnstone
>
 We are not strong in Solaris so you really need to search user
 archives
 or wait for someone who accomplished Solaris integration to
 chime in
 here on the list.

>>>
>>> Dmitri
>>>
>>> I had gathered that from previous postings to the list and was
>>> indeed
>>> hoping that one of the Solaris experts might comment.
>>>
>>> By the way, there are various suggestions on the list of putting the
>>> best Solaris instructions on the wiki. Is that still a
>>> possibility? I'd
>>> be happy to help, but I'm not experienced with connecting Solaris
>>> to ipa
>>> yet!
>>>
>>> Roderick
>>>
>>
>> A few weeks back I added what I thought were the most relevant
>> threads
>> and pointers. The mailing list thread you refer to was converted into
>> some documentation bugs and tickets. I referenced those at
>> http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources
>>
>>
>>
>> If there is anything I can improve here just let me know.
>
> Rob
>
> This page has expanded since I was searching a few weeks ago. Thanks
> for
> that. I understand that the project has no direct Solaris expertise.
>
> There are some things that could be made easier to follow and others
> that seem inconsistent with the mailing list thread that I found.
> Maybe
> some are just different ways of doing the same thing.
>
> I started to point some some differences in this email, but its
> probably
> best if I go through the mailing list link that I found and the web
> page
> you referenced, systematically, and list what the differences are.
> I'll
> be in touch when I have done that.
>
> In the meantime I noticed a few of small html link issues on the web
> page you referenced...
>
> 1) Under the section Solaris 8/9/10 / Configuring Client
> Authentication
> the link to the reference files in /var/ldap
> (http://www.freeipa.com/page/ConfiguringUnixClients#Client_Configuration_Files),
>
>
> for me,  resolves to the top level "Open Source Community page"
> http://community.redhat.com/software/. I do however see the files
> correctly linked from the section "Client Configuration Files" at
> bottom
> of the page.

 Fixed.

>
> 2) There is the same issue for the links to the nsswitch.conf and
> pam.conf files linked in items 2 and 4 below the above - sorry, its
> hard
> to describe well where these links are.

 Fixed, and fixed a couple of similar issues in other OS's.

> And it would be good if the patch ("Patch to update Solaris
> documentation") that is referred to in Solaris 8/9/10 / Additional
> resources could be applied to the original document and the patched
> document made available, or at least the information in it.

 Unfortunately the upstream doc project that this is patched against was
 discontinued. The patch is mostly interesting for the two tickets it
 links to.

 rob

>>>
>>> Rob
>>>
>>> Sorry to be slow getting back on this.
>>>
>>> Thanks for fixing those links in

Re: [Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa

2015-04-28 Thread Roderick Johnstone 

On 28/04/2015 19:23, Dmitri Pal wrote:

On 04/28/2015 02:12 PM, Roderick Johnstone wrote:

On 23/04/15 14:14, Rob Crittenden wrote:

Roderick Johnstone wrote:

On 23/04/15 04:25, Rob Crittenden wrote:

Roderick Johnstone wrote:

On 22/04/15 14:30, Dmitri Pal wrote:

On 04/21/2015 01:13 PM, Roderick Johnstone wrote:

Hi

I also need to integrate Solaris 10 clients with freeipa servers.

I've been round many resources, eg freeipa wiki, Fedora and Red Hat
manuals, various bug trackers and the freeipa-users mailing list.

It looks to me as if this:
https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html



might be the best guide available, although I'm not sure what
changes
I might need to make because I'm actually on Solaris 10 rather than
11.

Can anyone advise please?

There is a comment in the above post:
"Make sure that the automount maps in ipaserver is named auto_* and
NOT auto.* so they are compatible with Solaris name standards."

My automount maps are already called eg auto.master, auto.home
on my
ipa server and I'm sure I've seen a post somewhere suggesting an
attributeMap can fix this issue, but I can't find it now, so
maybe I
am mistaken.

Am I on the right track? Is anyone familiar with that fix.

Thanks

Roderick Johnstone


We are not strong in Solaris so you really need to search user
archives
or wait for someone who accomplished Solaris integration to chime in
here on the list.



Dmitri

I had gathered that from previous postings to the list and was indeed
hoping that one of the Solaris experts might comment.

By the way, there are various suggestions on the list of putting the
best Solaris instructions on the wiki. Is that still a
possibility? I'd
be happy to help, but I'm not experienced with connecting Solaris
to ipa
yet!

Roderick



A few weeks back I added what I thought were the most relevant threads
and pointers. The mailing list thread you refer to was converted into
some documentation bugs and tickets. I referenced those at
http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources


If there is anything I can improve here just let me know.


Rob

This page has expanded since I was searching a few weeks ago. Thanks
for
that. I understand that the project has no direct Solaris expertise.

There are some things that could be made easier to follow and others
that seem inconsistent with the mailing list thread that I found. Maybe
some are just different ways of doing the same thing.

I started to point some some differences in this email, but its
probably
best if I go through the mailing list link that I found and the web
page
you referenced, systematically, and list what the differences are. I'll
be in touch when I have done that.

In the meantime I noticed a few of small html link issues on the web
page you referenced...

1) Under the section Solaris 8/9/10 / Configuring Client Authentication
the link to the reference files in /var/ldap
(http://www.freeipa.com/page/ConfiguringUnixClients#Client_Configuration_Files),

for me,  resolves to the top level "Open Source Community page"
http://community.redhat.com/software/. I do however see the files
correctly linked from the section "Client Configuration Files" at
bottom
of the page.


Fixed.



2) There is the same issue for the links to the nsswitch.conf and
pam.conf files linked in items 2 and 4 below the above - sorry, its
hard
to describe well where these links are.


Fixed, and fixed a couple of similar issues in other OS's.


And it would be good if the patch ("Patch to update Solaris
documentation") that is referred to in Solaris 8/9/10 / Additional
resources could be applied to the original document and the patched
document made available, or at least the information in it.


Unfortunately the upstream doc project that this is patched against was
discontinued. The patch is mostly interesting for the two tickets it
links to.

rob



Rob

Sorry to be slow getting back on this.

Thanks for fixing those links in the existing web page.

It seems that the existing page and the mailing list thread that I
found are doing slightly different things in rather different ways.
The mailing list thread is more focused on using the DUAprofile and
tls encrypted connections to the ldap server as well as filling in
some more details of other parts of the Solaris configuration that are
necessary for other features.

I think it would be good to have the prescription from the mailing
list also in the wiki to help others that come along. I'll not be in a
position to try to join a Solaris host to my ipa server until next
week at the earliest, but it is a priority for me, so when other
things stop getting in the way I'll definitely be doing this.

I'll document what I do following the prescription in the mailing
list, for myself, and maybe this can all be made this into a new wiki
page. I would be happy to lead on writing the page (and giving
references where appropriate) if I had access, but realise that I
might not be ab

Re: [Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa

2015-04-28 Thread Sigbjorn Lie 
Hi,

I wrote these bugzilla entries based on my own Solaris 10 configuration for IPA 
a while back. Did you try these? They include a working DUA profile (need to 
change server names of course) and the steps I did for configuring Solaris 10 
as an IPA client.

Config:
https://bugzilla.redhat.com/show_bug.cgi?id=815533 


Dua Profile:
https://bugzilla.redhat.com/show_bug.cgi?id=815515 


The attribute mapping I suggested was for auto.master only. The example dua 
profile above have this mapping. You may see here for a further explanation:

https://www.redhat.com/archives/freeipa-users/2015-March/msg00317.html 



Regards,
Siggi



> On 23 Apr 2015, at 12:59, Roderick Johnstone  wrote:
> 
> On 23/04/15 04:25, Rob Crittenden wrote:
>> Roderick Johnstone wrote:
>>> On 22/04/15 14:30, Dmitri Pal wrote:
 On 04/21/2015 01:13 PM, Roderick Johnstone wrote:
> Hi
> 
> I also need to integrate Solaris 10 clients with freeipa servers.
> 
> I've been round many resources, eg freeipa wiki, Fedora and Red Hat
> manuals, various bug trackers and the freeipa-users mailing list.
> 
> It looks to me as if this:
> https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html
> 
> might be the best guide available, although I'm not sure what changes
> I might need to make because I'm actually on Solaris 10 rather than 11.
> 
> Can anyone advise please?
> 
> There is a comment in the above post:
> "Make sure that the automount maps in ipaserver is named auto_* and
> NOT auto.* so they are compatible with Solaris name standards."
> 
> My automount maps are already called eg auto.master, auto.home on my
> ipa server and I'm sure I've seen a post somewhere suggesting an
> attributeMap can fix this issue, but I can't find it now, so maybe I
> am mistaken.
> 
> Am I on the right track? Is anyone familiar with that fix.
> 
> Thanks
> 
> Roderick Johnstone
> 
 We are not strong in Solaris so you really need to search user archives
 or wait for someone who accomplished Solaris integration to chime in
 here on the list.
 
>>> 
>>> Dmitri
>>> 
>>> I had gathered that from previous postings to the list and was indeed
>>> hoping that one of the Solaris experts might comment.
>>> 
>>> By the way, there are various suggestions on the list of putting the
>>> best Solaris instructions on the wiki. Is that still a possibility? I'd
>>> be happy to help, but I'm not experienced with connecting Solaris to ipa
>>> yet!
>>> 
>>> Roderick
>>> 
>> 
>> A few weeks back I added what I thought were the most relevant threads
>> and pointers. The mailing list thread you refer to was converted into
>> some documentation bugs and tickets. I referenced those at
>> http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources
>> 
>> If there is anything I can improve here just let me know.
> 
> Rob
> 
> This page has expanded since I was searching a few weeks ago. Thanks for 
> that. I understand that the project has no direct Solaris expertise.
> 
> There are some things that could be made easier to follow and others that 
> seem inconsistent with the mailing list thread that I found. Maybe some are 
> just different ways of doing the same thing.
> 
> I started to point some some differences in this email, but its probably best 
> if I go through the mailing list link that I found and the web page you 
> referenced, systematically, and list what the differences are. I'll be in 
> touch when I have done that.
> 
> In the meantime I noticed a few of small html link issues on the web page you 
> referenced...
> 
> 1) Under the section Solaris 8/9/10 / Configuring Client Authentication
> the link to the reference files in /var/ldap 
> (http://www.freeipa.com/page/ConfiguringUnixClients#Client_Configuration_Files),
>  for me,  resolves to the top level "Open Source Community page" 
> http://community.redhat.com/software/. I do however see the files correctly 
> linked from the section "Client Configuration Files" at bottom of the page.
> 
> 2) There is the same issue for the links to the nsswitch.conf and pam.conf 
> files linked in items 2 and 4 below the above - sorry, its hard to describe 
> well where these links are.
> 
> And it would be good if the patch ("Patch to update Solaris documentation") 
> that is referred to in Solaris 8/9/10 / Additional resources could be applied 
> to the original document and the patched document made available, or at least 
> the information in it.
> 
> 
> Thanks
> 
> Roderick
> 
> 
>> 
>> rob
>> 
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your s

Re: [Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa

2015-04-28 Thread Dmitri Pal 

On 04/28/2015 02:12 PM, Roderick Johnstone wrote:

On 23/04/15 14:14, Rob Crittenden wrote:

Roderick Johnstone wrote:

On 23/04/15 04:25, Rob Crittenden wrote:

Roderick Johnstone wrote:

On 22/04/15 14:30, Dmitri Pal wrote:

On 04/21/2015 01:13 PM, Roderick Johnstone wrote:

Hi

I also need to integrate Solaris 10 clients with freeipa servers.

I've been round many resources, eg freeipa wiki, Fedora and Red Hat
manuals, various bug trackers and the freeipa-users mailing list.

It looks to me as if this:
https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html 




might be the best guide available, although I'm not sure what 
changes

I might need to make because I'm actually on Solaris 10 rather than
11.

Can anyone advise please?

There is a comment in the above post:
"Make sure that the automount maps in ipaserver is named auto_* and
NOT auto.* so they are compatible with Solaris name standards."

My automount maps are already called eg auto.master, auto.home 
on my

ipa server and I'm sure I've seen a post somewhere suggesting an
attributeMap can fix this issue, but I can't find it now, so 
maybe I

am mistaken.

Am I on the right track? Is anyone familiar with that fix.

Thanks

Roderick Johnstone

We are not strong in Solaris so you really need to search user 
archives

or wait for someone who accomplished Solaris integration to chime in
here on the list.



Dmitri

I had gathered that from previous postings to the list and was indeed
hoping that one of the Solaris experts might comment.

By the way, there are various suggestions on the list of putting the
best Solaris instructions on the wiki. Is that still a 
possibility? I'd
be happy to help, but I'm not experienced with connecting Solaris 
to ipa

yet!

Roderick



A few weeks back I added what I thought were the most relevant threads
and pointers. The mailing list thread you refer to was converted into
some documentation bugs and tickets. I referenced those at
http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources 



If there is anything I can improve here just let me know.


Rob

This page has expanded since I was searching a few weeks ago. Thanks 
for

that. I understand that the project has no direct Solaris expertise.

There are some things that could be made easier to follow and others
that seem inconsistent with the mailing list thread that I found. Maybe
some are just different ways of doing the same thing.

I started to point some some differences in this email, but its 
probably
best if I go through the mailing list link that I found and the web 
page

you referenced, systematically, and list what the differences are. I'll
be in touch when I have done that.

In the meantime I noticed a few of small html link issues on the web
page you referenced...

1) Under the section Solaris 8/9/10 / Configuring Client Authentication
the link to the reference files in /var/ldap
(http://www.freeipa.com/page/ConfiguringUnixClients#Client_Configuration_Files), 


for me,  resolves to the top level "Open Source Community page"
http://community.redhat.com/software/. I do however see the files
correctly linked from the section "Client Configuration Files" at 
bottom

of the page.


Fixed.



2) There is the same issue for the links to the nsswitch.conf and
pam.conf files linked in items 2 and 4 below the above - sorry, its 
hard

to describe well where these links are.


Fixed, and fixed a couple of similar issues in other OS's.


And it would be good if the patch ("Patch to update Solaris
documentation") that is referred to in Solaris 8/9/10 / Additional
resources could be applied to the original document and the patched
document made available, or at least the information in it.


Unfortunately the upstream doc project that this is patched against was
discontinued. The patch is mostly interesting for the two tickets it
links to.

rob



Rob

Sorry to be slow getting back on this.

Thanks for fixing those links in the existing web page.

It seems that the existing page and the mailing list thread that I 
found are doing slightly different things in rather different ways. 
The mailing list thread is more focused on using the DUAprofile and 
tls encrypted connections to the ldap server as well as filling in 
some more details of other parts of the Solaris configuration that are 
necessary for other features.


I think it would be good to have the prescription from the mailing 
list also in the wiki to help others that come along. I'll not be in a 
position to try to join a Solaris host to my ipa server until next 
week at the earliest, but it is a priority for me, so when other 
things stop getting in the way I'll definitely be doing this.


I'll document what I do following the prescription in the mailing 
list, for myself, and maybe this can all be made this into a new wiki 
page. I would be happy to lead on writing the page (and giving 
references where appropriate) if I had access, but realise that I 
might not be ab

Re: [Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa

2015-04-28 Thread Roderick Johnstone 

On 23/04/15 14:14, Rob Crittenden wrote:

Roderick Johnstone wrote:

On 23/04/15 04:25, Rob Crittenden wrote:

Roderick Johnstone wrote:

On 22/04/15 14:30, Dmitri Pal wrote:

On 04/21/2015 01:13 PM, Roderick Johnstone wrote:

Hi

I also need to integrate Solaris 10 clients with freeipa servers.

I've been round many resources, eg freeipa wiki, Fedora and Red Hat
manuals, various bug trackers and the freeipa-users mailing list.

It looks to me as if this:
https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html


might be the best guide available, although I'm not sure what changes
I might need to make because I'm actually on Solaris 10 rather than
11.

Can anyone advise please?

There is a comment in the above post:
"Make sure that the automount maps in ipaserver is named auto_* and
NOT auto.* so they are compatible with Solaris name standards."

My automount maps are already called eg auto.master, auto.home on my
ipa server and I'm sure I've seen a post somewhere suggesting an
attributeMap can fix this issue, but I can't find it now, so maybe I
am mistaken.

Am I on the right track? Is anyone familiar with that fix.

Thanks

Roderick Johnstone


We are not strong in Solaris so you really need to search user archives
or wait for someone who accomplished Solaris integration to chime in
here on the list.



Dmitri

I had gathered that from previous postings to the list and was indeed
hoping that one of the Solaris experts might comment.

By the way, there are various suggestions on the list of putting the
best Solaris instructions on the wiki. Is that still a possibility? I'd
be happy to help, but I'm not experienced with connecting Solaris to ipa
yet!

Roderick



A few weeks back I added what I thought were the most relevant threads
and pointers. The mailing list thread you refer to was converted into
some documentation bugs and tickets. I referenced those at
http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources

If there is anything I can improve here just let me know.


Rob

This page has expanded since I was searching a few weeks ago. Thanks for
that. I understand that the project has no direct Solaris expertise.

There are some things that could be made easier to follow and others
that seem inconsistent with the mailing list thread that I found. Maybe
some are just different ways of doing the same thing.

I started to point some some differences in this email, but its probably
best if I go through the mailing list link that I found and the web page
you referenced, systematically, and list what the differences are. I'll
be in touch when I have done that.

In the meantime I noticed a few of small html link issues on the web
page you referenced...

1) Under the section Solaris 8/9/10 / Configuring Client Authentication
the link to the reference files in /var/ldap
(http://www.freeipa.com/page/ConfiguringUnixClients#Client_Configuration_Files),
for me,  resolves to the top level "Open Source Community page"
http://community.redhat.com/software/. I do however see the files
correctly linked from the section "Client Configuration Files" at bottom
of the page.


Fixed.



2) There is the same issue for the links to the nsswitch.conf and
pam.conf files linked in items 2 and 4 below the above - sorry, its hard
to describe well where these links are.


Fixed, and fixed a couple of similar issues in other OS's.


And it would be good if the patch ("Patch to update Solaris
documentation") that is referred to in Solaris 8/9/10 / Additional
resources could be applied to the original document and the patched
document made available, or at least the information in it.


Unfortunately the upstream doc project that this is patched against was
discontinued. The patch is mostly interesting for the two tickets it
links to.

rob



Rob

Sorry to be slow getting back on this.

Thanks for fixing those links in the existing web page.

It seems that the existing page and the mailing list thread that I found 
are doing slightly different things in rather different ways. The 
mailing list thread is more focused on using the DUAprofile and tls 
encrypted connections to the ldap server as well as filling in some more 
details of other parts of the Solaris configuration that are necessary 
for other features.


I think it would be good to have the prescription from the mailing list 
also in the wiki to help others that come along. I'll not be in a 
position to try to join a Solaris host to my ipa server until next week 
at the earliest, but it is a priority for me, so when other things stop 
getting in the way I'll definitely be doing this.


I'll document what I do following the prescription in the mailing list, 
for myself, and maybe this can all be made this into a new wiki page. I 
would be happy to lead on writing the page (and giving references where 
appropriate) if I had access, but realise that I might not be able to 
get that access.


Thanks

Roderick


--
Manage your subscription for the

Re: [Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa

2015-04-23 Thread Rob Crittenden 
Roderick Johnstone wrote:
> On 23/04/15 04:25, Rob Crittenden wrote:
>> Roderick Johnstone wrote:
>>> On 22/04/15 14:30, Dmitri Pal wrote:
 On 04/21/2015 01:13 PM, Roderick Johnstone wrote:
> Hi
>
> I also need to integrate Solaris 10 clients with freeipa servers.
>
> I've been round many resources, eg freeipa wiki, Fedora and Red Hat
> manuals, various bug trackers and the freeipa-users mailing list.
>
> It looks to me as if this:
> https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html
>
>
> might be the best guide available, although I'm not sure what changes
> I might need to make because I'm actually on Solaris 10 rather than
> 11.
>
> Can anyone advise please?
>
> There is a comment in the above post:
> "Make sure that the automount maps in ipaserver is named auto_* and
> NOT auto.* so they are compatible with Solaris name standards."
>
> My automount maps are already called eg auto.master, auto.home on my
> ipa server and I'm sure I've seen a post somewhere suggesting an
> attributeMap can fix this issue, but I can't find it now, so maybe I
> am mistaken.
>
> Am I on the right track? Is anyone familiar with that fix.
>
> Thanks
>
> Roderick Johnstone
>
 We are not strong in Solaris so you really need to search user archives
 or wait for someone who accomplished Solaris integration to chime in
 here on the list.

>>>
>>> Dmitri
>>>
>>> I had gathered that from previous postings to the list and was indeed
>>> hoping that one of the Solaris experts might comment.
>>>
>>> By the way, there are various suggestions on the list of putting the
>>> best Solaris instructions on the wiki. Is that still a possibility? I'd
>>> be happy to help, but I'm not experienced with connecting Solaris to ipa
>>> yet!
>>>
>>> Roderick
>>>
>>
>> A few weeks back I added what I thought were the most relevant threads
>> and pointers. The mailing list thread you refer to was converted into
>> some documentation bugs and tickets. I referenced those at
>> http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources
>>
>> If there is anything I can improve here just let me know.
> 
> Rob
> 
> This page has expanded since I was searching a few weeks ago. Thanks for
> that. I understand that the project has no direct Solaris expertise.
> 
> There are some things that could be made easier to follow and others
> that seem inconsistent with the mailing list thread that I found. Maybe
> some are just different ways of doing the same thing.
> 
> I started to point some some differences in this email, but its probably
> best if I go through the mailing list link that I found and the web page
> you referenced, systematically, and list what the differences are. I'll
> be in touch when I have done that.
> 
> In the meantime I noticed a few of small html link issues on the web
> page you referenced...
> 
> 1) Under the section Solaris 8/9/10 / Configuring Client Authentication
> the link to the reference files in /var/ldap
> (http://www.freeipa.com/page/ConfiguringUnixClients#Client_Configuration_Files),
> for me,  resolves to the top level "Open Source Community page"
> http://community.redhat.com/software/. I do however see the files
> correctly linked from the section "Client Configuration Files" at bottom
> of the page.

Fixed.

> 
> 2) There is the same issue for the links to the nsswitch.conf and
> pam.conf files linked in items 2 and 4 below the above - sorry, its hard
> to describe well where these links are.

Fixed, and fixed a couple of similar issues in other OS's.

> And it would be good if the patch ("Patch to update Solaris
> documentation") that is referred to in Solaris 8/9/10 / Additional
> resources could be applied to the original document and the patched
> document made available, or at least the information in it.

Unfortunately the upstream doc project that this is patched against was
discontinued. The patch is mostly interesting for the two tickets it
links to.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa

2015-04-23 Thread Roderick Johnstone 

On 23/04/15 04:25, Rob Crittenden wrote:

Roderick Johnstone wrote:

On 22/04/15 14:30, Dmitri Pal wrote:

On 04/21/2015 01:13 PM, Roderick Johnstone wrote:

Hi

I also need to integrate Solaris 10 clients with freeipa servers.

I've been round many resources, eg freeipa wiki, Fedora and Red Hat
manuals, various bug trackers and the freeipa-users mailing list.

It looks to me as if this:
https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html

might be the best guide available, although I'm not sure what changes
I might need to make because I'm actually on Solaris 10 rather than 11.

Can anyone advise please?

There is a comment in the above post:
"Make sure that the automount maps in ipaserver is named auto_* and
NOT auto.* so they are compatible with Solaris name standards."

My automount maps are already called eg auto.master, auto.home on my
ipa server and I'm sure I've seen a post somewhere suggesting an
attributeMap can fix this issue, but I can't find it now, so maybe I
am mistaken.

Am I on the right track? Is anyone familiar with that fix.

Thanks

Roderick Johnstone


We are not strong in Solaris so you really need to search user archives
or wait for someone who accomplished Solaris integration to chime in
here on the list.



Dmitri

I had gathered that from previous postings to the list and was indeed
hoping that one of the Solaris experts might comment.

By the way, there are various suggestions on the list of putting the
best Solaris instructions on the wiki. Is that still a possibility? I'd
be happy to help, but I'm not experienced with connecting Solaris to ipa
yet!

Roderick



A few weeks back I added what I thought were the most relevant threads
and pointers. The mailing list thread you refer to was converted into
some documentation bugs and tickets. I referenced those at
http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources

If there is anything I can improve here just let me know.


Rob

This page has expanded since I was searching a few weeks ago. Thanks for 
that. I understand that the project has no direct Solaris expertise.


There are some things that could be made easier to follow and others 
that seem inconsistent with the mailing list thread that I found. Maybe 
some are just different ways of doing the same thing.


I started to point some some differences in this email, but its probably 
best if I go through the mailing list link that I found and the web page 
you referenced, systematically, and list what the differences are. I'll 
be in touch when I have done that.


In the meantime I noticed a few of small html link issues on the web 
page you referenced...


1) Under the section Solaris 8/9/10 / Configuring Client Authentication
the link to the reference files in /var/ldap 
(http://www.freeipa.com/page/ConfiguringUnixClients#Client_Configuration_Files), 
for me,  resolves to the top level "Open Source Community page" 
http://community.redhat.com/software/. I do however see the files 
correctly linked from the section "Client Configuration Files" at bottom 
of the page.


2) There is the same issue for the links to the nsswitch.conf and 
pam.conf files linked in items 2 and 4 below the above - sorry, its hard 
to describe well where these links are.


And it would be good if the patch ("Patch to update Solaris 
documentation") that is referred to in Solaris 8/9/10 / Additional 
resources could be applied to the original document and the patched 
document made available, or at least the information in it.



Thanks

Roderick




rob



--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa

2015-04-22 Thread Rob Crittenden 
Roderick Johnstone wrote:
> On 22/04/15 14:30, Dmitri Pal wrote:
>> On 04/21/2015 01:13 PM, Roderick Johnstone wrote:
>>> Hi
>>>
>>> I also need to integrate Solaris 10 clients with freeipa servers.
>>>
>>> I've been round many resources, eg freeipa wiki, Fedora and Red Hat
>>> manuals, various bug trackers and the freeipa-users mailing list.
>>>
>>> It looks to me as if this:
>>> https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html
>>>
>>> might be the best guide available, although I'm not sure what changes
>>> I might need to make because I'm actually on Solaris 10 rather than 11.
>>>
>>> Can anyone advise please?
>>>
>>> There is a comment in the above post:
>>> "Make sure that the automount maps in ipaserver is named auto_* and
>>> NOT auto.* so they are compatible with Solaris name standards."
>>>
>>> My automount maps are already called eg auto.master, auto.home on my
>>> ipa server and I'm sure I've seen a post somewhere suggesting an
>>> attributeMap can fix this issue, but I can't find it now, so maybe I
>>> am mistaken.
>>>
>>> Am I on the right track? Is anyone familiar with that fix.
>>>
>>> Thanks
>>>
>>> Roderick Johnstone
>>>
>> We are not strong in Solaris so you really need to search user archives
>> or wait for someone who accomplished Solaris integration to chime in
>> here on the list.
>>
> 
> Dmitri
> 
> I had gathered that from previous postings to the list and was indeed
> hoping that one of the Solaris experts might comment.
> 
> By the way, there are various suggestions on the list of putting the
> best Solaris instructions on the wiki. Is that still a possibility? I'd
> be happy to help, but I'm not experienced with connecting Solaris to ipa
> yet!
> 
> Roderick
> 

A few weeks back I added what I thought were the most relevant threads
and pointers. The mailing list thread you refer to was converted into
some documentation bugs and tickets. I referenced those at
http://www.freeipa.org/page/ConfiguringUnixClients#Additional_Resources

If there is anything I can improve here just let me know.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa

2015-04-22 Thread Roderick Johnstone 

On 22/04/15 14:30, Dmitri Pal wrote:

On 04/21/2015 01:13 PM, Roderick Johnstone wrote:

Hi

I also need to integrate Solaris 10 clients with freeipa servers.

I've been round many resources, eg freeipa wiki, Fedora and Red Hat
manuals, various bug trackers and the freeipa-users mailing list.

It looks to me as if this:
https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html

might be the best guide available, although I'm not sure what changes
I might need to make because I'm actually on Solaris 10 rather than 11.

Can anyone advise please?

There is a comment in the above post:
"Make sure that the automount maps in ipaserver is named auto_* and
NOT auto.* so they are compatible with Solaris name standards."

My automount maps are already called eg auto.master, auto.home on my
ipa server and I'm sure I've seen a post somewhere suggesting an
attributeMap can fix this issue, but I can't find it now, so maybe I
am mistaken.

Am I on the right track? Is anyone familiar with that fix.

Thanks

Roderick Johnstone


We are not strong in Solaris so you really need to search user archives
or wait for someone who accomplished Solaris integration to chime in
here on the list.



Dmitri

I had gathered that from previous postings to the list and was indeed 
hoping that one of the Solaris experts might comment.


By the way, there are various suggestions on the list of putting the 
best Solaris instructions on the wiki. Is that still a possibility? I'd 
be happy to help, but I'm not experienced with connecting Solaris to ipa 
yet!


Roderick

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa

2015-04-22 Thread Dmitri Pal 

On 04/21/2015 01:13 PM, Roderick Johnstone wrote:

Hi

I also need to integrate Solaris 10 clients with freeipa servers.

I've been round many resources, eg freeipa wiki, Fedora and Red Hat 
manuals, various bug trackers and the freeipa-users mailing list.


It looks to me as if this:
https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html

might be the best guide available, although I'm not sure what changes 
I might need to make because I'm actually on Solaris 10 rather than 11.


Can anyone advise please?

There is a comment in the above post:
"Make sure that the automount maps in ipaserver is named auto_* and 
NOT auto.* so they are compatible with Solaris name standards."


My automount maps are already called eg auto.master, auto.home on my 
ipa server and I'm sure I've seen a post somewhere suggesting an 
attributeMap can fix this issue, but I can't find it now, so maybe I 
am mistaken.


Am I on the right track? Is anyone familiar with that fix.

Thanks

Roderick Johnstone

We are not strong in Solaris so you really need to search user archives 
or wait for someone who accomplished Solaris integration to chime in 
here on the list.


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Also attempting to integrate Solaris 10 clients with freeipa

2015-04-21 Thread Roderick Johnstone 

Hi

I also need to integrate Solaris 10 clients with freeipa servers.

I've been round many resources, eg freeipa wiki, Fedora and Red Hat 
manuals, various bug trackers and the freeipa-users mailing list.


It looks to me as if this:
https://www.redhat.com/archives/freeipa-users/2013-January/msg00030.html

might be the best guide available, although I'm not sure what changes I 
might need to make because I'm actually on Solaris 10 rather than 11.


Can anyone advise please?

There is a comment in the above post:
"Make sure that the automount maps in ipaserver is named auto_* and NOT 
auto.* so they are compatible with Solaris name standards."


My automount maps are already called eg auto.master, auto.home on my ipa 
server and I'm sure I've seen a post somewhere suggesting an 
attributeMap can fix this issue, but I can't find it now, so maybe I am 
mistaken.


Am I on the right track? Is anyone familiar with that fix.

Thanks

Roderick Johnstone

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project