Re: [Freeipa-users] freeIPA 3.1.0 for Redhat Enterprise 6.3?
Hello David, FreeIPA 3.1 requires several major dependencies that are not available in RHEL 6.x versions - the most notable ones are PKI-CA of version 10.0 and 389-ds-base of version 1.3.0 which introduced transaction support. I think the easiest way to get version 3.1 would be to wait for next major version of Red Hat Enterprise Linux unless you want to compile and build yourself this dependency chain. Martin On 12/21/2012 02:06 AM, David Copperfield wrote: Hi Rob and all, Can FreeIPA be compiled and installed on Redhat Enterprise 6.3? Or I have to upgrade/install some underlying packages first? Thanks. --David --- *From:* Johan Petersson johan.peters...@sscspace.com *To:* Sigbjorn Lie sigbj...@nixtra.com *Cc:* freeipa-users@redhat.com freeipa-users@redhat.com *Sent:* Thursday, December 20, 2012 10:03 AM *Subject:* Re: [Freeipa-users] Does Solaris 11 work as client to IPA server? Hi, Thank you for the tip about NFSMAPID_DOMAIN It was not set properly. sharectl get nfs nfsmapid_domain= And by using: sharectl set -p nfsmapid_domain=servername nfs It was properly set. I must add that i prefer editing files instead of sharectl,svccfg and so on. :) I also made a auto.home map in IPA Server to set the homedirectory automounts right. And i almost forgot my Solaris version is 11 11/11. Regards, Johan. From: Sigbjorn Lie [sigbj...@nixtra.com mailto:sigbj...@nixtra.com] Sent: Thursday, December 20, 2012 15:20 To: Johan Petersson Cc: freeipa-users@redhat.com mailto:freeipa-users@redhat.com Subject: RE: [Freeipa-users] Does Solaris 11 work as client to IPA server? Thanks. I'm guessing it's taking such a long time because it's looking trough the entire LDAP server for your automount maps. The automountmap rules in the DUA profile will help with that. You'll also run into issues if you attempt to have several automount locations without having specified which one to use with a automountmap rule for auto master. If you are using NFS4 you should add the _nfsv4idmapdomain dns TXT record to your DNS or set NFSMAPID_DOMAIN in /etc/default/nfs to the same value as the domain id used on your NFS server to get rid of the nobody:nobody default mapping and enable mapping between the NFS server and the client. Regards, Siggi On Thu, December 20, 2012 13:40, Johan Petersson wrote: Hi, Here is my pam.conf cleaned up a bit. login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth sufficientpam_krb5.so.1 try_first_pass login auth required pam_unix_cred.so.1 login auth required pam_unix_auth.so.1 login auth required pam_dial_auth.so.1 gdm-autologin auth requiredpam_unix_cred.so.1 gdm-autologin auth sufficient pam_allow.so.1 other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1 other auth sufficient pam_krb5.so.1 other auth required pam_unix_auth.so.1 passwd auth required pam_passwd_auth.so.1 gdm-autologin account sufficient pam_allow.so.1 other account requisite pam_roles.so.1 other account required pam_unix_account.so.1 other account requiredpam_krb5.so.1 other session requiredpam_unix_session.so.1 other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 force_check other password sufficient pam_krb5.so.1 other password required pam_authtok_store.so.1 I am getting one error and it is for autofs. /var/adm/messages: Dec 20 12:56:58 servername automount[1651]: [ID 754625 daemon.error] Object not found /var/svc/log/system.filesystem-autofs:default.log: [ Dec 20 12:24:22 Executing start method (/lib/svc/method/svc-autofs start). ] automount: /net mounted automount: /nfs4 mounted automount: no unmounts [ Dec 20 12:24:22 Method start exited with status 0. ] ldapclient list NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= servername NS_LDAP_SEARCH_BASEDN= dc=home NS_LDAP_AUTH= none NS_LDAP_SEARCH_REF= TRUE NS_LDAP_SEARCH_TIME= 15 NS_LDAP_PROFILE= default NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=home NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=home NS_LDAP_BIND_TIME= 5 NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount Thinking it has to do with missing automountmap in default DUAProfile. Automount still works though but takes time during login and everything is nobody:nobody :) From: Sigbjorn Lie [sigbj...@nixtra.com mailto:sigbj...@nixtra.com] Sent: Thursday, December 20, 2012 10:13 To: Johan Petersson Cc: freeipa-users@redhat.com mailto:freeipa-users@redhat.com Subject: Re:
[Freeipa-users] freeIPA 3.1.0 for Redhat Enterprise 6.3?
Hi Rob and all, Can FreeIPA be compiled and installed on Redhat Enterprise 6.3? Or I have to upgrade/install some underlying packages first? Thanks. --David From: Johan Petersson johan.peters...@sscspace.com To: Sigbjorn Lie sigbj...@nixtra.com Cc: freeipa-users@redhat.com freeipa-users@redhat.com Sent: Thursday, December 20, 2012 10:03 AM Subject: Re: [Freeipa-users] Does Solaris 11 work as client to IPA server? Hi, Thank you for the tip about NFSMAPID_DOMAIN It was not set properly. sharectl get nfs nfsmapid_domain= And by using: sharectl set -p nfsmapid_domain=servername nfs It was properly set. I must add that i prefer editing files instead of sharectl,svccfg and so on. :) I also made a auto.home map in IPA Server to set the homedirectory automounts right. And i almost forgot my Solaris version is 11 11/11. Regards, Johan. From: Sigbjorn Lie [sigbj...@nixtra.com] Sent: Thursday, December 20, 2012 15:20 To: Johan Petersson Cc: freeipa-users@redhat.com Subject: RE: [Freeipa-users] Does Solaris 11 work as client to IPA server? Thanks. I'm guessing it's taking such a long time because it's looking trough the entire LDAP server for your automount maps. The automountmap rules in the DUA profile will help with that. You'll also run into issues if you attempt to have several automount locations without having specified which one to use with a automountmap rule for auto master. If you are using NFS4 you should add the _nfsv4idmapdomain dns TXT record to your DNS or set NFSMAPID_DOMAIN in /etc/default/nfs to the same value as the domain id used on your NFS server to get rid of the nobody:nobody default mapping and enable mapping between the NFS server and the client. Regards, Siggi On Thu, December 20, 2012 13:40, Johan Petersson wrote: Hi, Here is my pam.conf cleaned up a bit. login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth sufficient pam_krb5.so.1 try_first_pass login auth required pam_unix_cred.so.1 login auth required pam_unix_auth.so.1 login auth required pam_dial_auth.so.1 gdm-autologin auth required pam_unix_cred.so.1 gdm-autologin auth sufficient pam_allow.so.1 other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1 other auth sufficient pam_krb5.so.1 other auth required pam_unix_auth.so.1 passwd auth required pam_passwd_auth.so.1 gdm-autologin account sufficient pam_allow.so.1 other account requisite pam_roles.so.1 other account required pam_unix_account.so.1 other account required pam_krb5.so.1 other session required pam_unix_session.so.1 other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 force_check other password sufficient pam_krb5.so.1 other password required pam_authtok_store.so.1 I am getting one error and it is for autofs. /var/adm/messages: Dec 20 12:56:58 servername automount[1651]: [ID 754625 daemon.error] Object not found /var/svc/log/system.filesystem-autofs:default.log: [ Dec 20 12:24:22 Executing start method (/lib/svc/method/svc-autofs start). ] automount: /net mounted automount: /nfs4 mounted automount: no unmounts [ Dec 20 12:24:22 Method start exited with status 0. ] ldapclient list NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= servername NS_LDAP_SEARCH_BASEDN= dc=home NS_LDAP_AUTH= none NS_LDAP_SEARCH_REF= TRUE NS_LDAP_SEARCH_TIME= 15 NS_LDAP_PROFILE= default NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=home NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=home NS_LDAP_BIND_TIME= 5 NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount Thinking it has to do with missing automountmap in default DUAProfile. Automount still works though but takes time during login and everything is nobody:nobody :) From: Sigbjorn Lie [sigbj...@nixtra.com] Sent: Thursday, December 20, 2012 10:13 To: Johan Petersson Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Does Solaris 11 work as client to IPA server? Hi, This is interesting. When I tested Solaris 11 ssh worked, and su - testuser worked. However console login did not work giving some PAM errors. Could you please share your entire pam.conf file? Is this Solaris 11 or Solaris 11.1? Regards, Siggi On Thu, December 20, 2012 09:40, Johan Petersson wrote: I have now managed to use a Solaris 11 system as a client to IPA Server. su - testuser works ssh works and console login works. I get a delay before getting the prompt through ssh though and maybe from console too, probably something about autofs Going to see if i can