[Freeipa-users] Installing on Centos
Hi I was wondering if anyone has had any luck in getting FreeIPA compiled and installed on Centos. I am struggling a bit at the moment. I have downloaded a fedora source package which I have tried to compile but can't even get the package to install at the moment. I get the error: error: unpacking of archive failed on file /usr/src/redhat/SOURCES/Fix-install-with-krb-1.7.patch;4ba0aaed: cpio: MD5 sum mismatch This is the file I downloaded: http://www.mirrorservice.org/sites/download.fedora.redhat.com/pub/fedora/linux/updates/12/SRPMS/ipa-1.2.2-3.fc12.src.rpm Regards In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Installing on Centos
Hi, Follow the below steps provided by Mr.Rob from FreeIPA-Redhat, and I have successfully complied and Installed in my test environment. % cd rpmbuild/SOURCES % wget http://kojipkgs.fedoraproject.org/packages/ipa/1.2.2/2.fc11/src/ipa-1.2.2-2.fc11.src.rpm % rpm2cpio ipa-1.2.2-2.fc11.src.rpm |cpio -idv % apply this patch to ipa.spec --- ipa.spec.orig 2010-02-03 10:22:04.0 -0500 +++ ipa.spec2010-02-03 10:25:23.0 -0500 @@ -16,7 +16,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Patch1: ipa-schema.patch -BuildRequires: fedora-ds-base-devel = 1.1.3 +BuildRequires: redhat-ds-base-devel = 8.1 BuildRequires: mozldap-devel BuildRequires: svrcore-devel BuildRequires: nspr-devel @@ -30,7 +30,7 @@ BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool -BuildRequires: popt-devel +BuildRequires: popt BuildRequires: /usr/share/selinux/devel/Makefile BuildRequires: m4 BuildRequires: policycoreutils = %{POLICYCOREUTILSVER} @@ -49,7 +49,7 @@ Requires: %{name}-client = %{version}-%{release} Requires: %{name}-admintools = %{version}-%{release} Requires(post): %{name}-server-selinux = %{version}-%{release} -Requires: fedora-ds-base = 1.1.3 +Requires: redhat-ds-base = 8.1 Requires: openldap-clients Requires: nss Requires: nss-tools % rpmbuild -ba ipa.spec % su # cd ../RPMS/x86_64 # rpm -Uvh ipa-admintools-1.2.2-2.x86_64.rpm ipa-client-1.2.2-2.x86_64.rpm ipa-python-1.2.2-2.x86_64.rpm ipa-server-1.2.2-2.x86_64.rpm ipa-server-selinux-1.2.2-2.x86_64.rpm # /usr/sbin/ipa-server-install # kinit admin # /usr/sbin/ipa-finduser admin Home Directory: /home/admin Login Shell: /bin/bash Last Name: Administrator Login: admin # cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.2 (Tikanga) The UI works too: # curl -k --negotiate -u : https://ipa.example.com/ipa/ui 21 | grep Logged On Wed, Mar 17, 2010 at 1:22 PM, Gerrard Geldenhuis gerrard.geldenh...@betfair.com wrote: Hi I was wondering if anyone has had any luck in getting FreeIPA compiled and installed on Centos. I am struggling a bit at the moment. I have downloaded a fedora source package which I have tried to compile but can’t even get the package to install at the moment. I get the error: error: unpacking of archive failed on file /usr/src/redhat/SOURCES/Fix-install-with-krb-1.7.patch;4ba0aaed: cpio: MD5 sum mismatch This is the file I downloaded: http://www.mirrorservice.org/sites/download.fedora.redhat.com/pub/fedora/linux/updates/12/SRPMS/ipa-1.2.2-3.fc12.src.rpm Regards In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thanks Regards Shan Kumaraswamy ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Installing on Centos
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/17/2010 11:22 AM, Gerrard Geldenhuis wrote: Hi I was wondering if anyone has had any luck in getting FreeIPA compiled and installed on Centos. I am struggling a bit at the moment. I have downloaded a fedora source package which I have tried to compile but can't even get the package to install at the moment. I get the error: error: unpacking of archive failed on file /usr/src/redhat/SOURCES/Fix-install-with-krb-1.7.patch;4ba0aaed: cpio: MD5 sum mismatch This is the file I downloaded: http://www.mirrorservice.org/sites/download.fedora.redhat.com/pub/fedora/linux/updates/12/SRPMS/ipa-1.2.2-3.fc12.src.rpm Regards Yes, newer Fedora (11 and later) releases are using SHA256 instead of MD5. I would suggest either building the source RPM from Fedora sources on the Centos 5 machine (cvs co freeipa, cd freeipa/F12/; make local), or just install the source RPM with --nomd5 and then rpmbuild the binary packages. Of course, the dependencies (both runtime and build) might be different on Centos vs. Fedora, so you might need to do some tweaking.. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkug0igACgkQHsardTLnvCVkQQCgq3rUgPcXPIa6wbSzkNaUBWuR nCMAnRmEn6V9g+CyY2W1qdRRUMKbCi5V =HoDo -END PGP SIGNATURE- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Installing on Centos
Gerrard Geldenhuis wrote: Hi I was wondering if anyone has had any luck in getting FreeIPA compiled and installed on Centos. I am struggling a bit at the moment. I have downloaded a fedora source package which I have tried to compile but can’t even get the package to install at the moment. I get the error: error: unpacking of archive failed on file /usr/src/redhat/SOURCES/Fix-install-with-krb-1.7.patch;4ba0aaed: cpio: MD5 sum mismatch This is the file I downloaded: http://www.mirrorservice.org/sites/download.fedora.redhat.com/pub/fedora/linux/updates/12/SRPMS/ipa-1.2.2-3.fc12.src.rpm Regards rpm changed around F10 or 11. IIRC it uses SHA256 instead of MD5, that's why you are getting the error unpacking it. Try this instead: % rpm2cpio ipa-1.2.2-3.fc12.src.rpm | cpio -idv You'd need to do this anyway since you need to make some spec file changes. Replace the BuildRequires: popt-devel with popt If you are going to build against the CentOS RHDS then replace occurrences of fedora-ds with redhat-ds. 389-ds has a Provides for fedora-ds so things will just work if you are using 389-ds. Then: rpmbuild -ba ipa.spec I think that should do it assuming all the other build and install time dependencies we have are available in CentOS. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] MemberOf plugin keeps disabling account
Well, the current 389 memberOf is a bit more advanced than the ipa-memberOf. We did the initial development of the plugin, then it got moved into mainline 389-ds. The ipa plugin should work fine though, I don't know of any reason to switch. rob Any idea why both are being executed? Even when the MemberOf Plugin is disabled? # ipa-memberof, plugins, config dn: cn=ipa-memberof,cn=plugins,cn=config .. nsslapd-pluginEnabled: on # MemberOf Plugin, plugins, config dn: cn=MemberOf Plugin,cn=plugins,cn=config .. nsslapd-pluginEnabled: off Is it possible that the DS upgrade steps on the ipa-memberof libraries in some way, causing both to be executed? I would imagine that having two plugins making the same update to the directory could be problematic. Maybe its the way the audit logging is occurring. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] MemberOf plugin keeps disabling account
To actually disable the plugin you need a restart after you change the config, but please *do not* do that unless you want trouble :) The memberof plugin does not change group memberships it only updates the memberof attribute to keep it in sync with the member ones. Simo. Just to clarify, we never disabled the 389 MemberOf plugin. My original ldif dump after the upgrade to 1.2.5 had the 389 DS memberOf plugin disabled. So it never was enabled. This probably meant little to us from a functional standpoint because we already had the FreeIPA ipa_memberof plugin installed and enabled. Do I need both of them enabled? Or will that cause additional misery? Of the two, ipa-memberof and 389's memberOf plugin, which should I enable? ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] MemberOf plugin keeps disabling account
On Wed, 17 Mar 2010 15:24:18 -0400 James Roman james.ro...@ssaihq.com wrote: To actually disable the plugin you need a restart after you change the config, but please *do not* do that unless you want trouble :) The memberof plugin does not change group memberships it only updates the memberof attribute to keep it in sync with the member ones. Simo. Just to clarify, we never disabled the 389 MemberOf plugin. My original ldif dump after the upgrade to 1.2.5 had the 389 DS memberOf plugin disabled. So it never was enabled. This probably meant little to us from a functional standpoint because we already had the FreeIPA ipa_memberof plugin installed and enabled. Do I need both of them enabled? Or will that cause additional misery? Of the two, ipa-memberof and 389's memberOf plugin, which should I enable? Oh sorry, no I misunderstood. You can't have both enabled they would interfere, only one or the other. The 389 memberof plugin is probably better now, as we merge all the code we developed for ipa in there. But unless you have specific problems you can just leave it as it is. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users