Re: [Freeipa-users] Some feature requests
Hi, The Sun SAN and the Bluecoat have multiple authentication sections, looks like they will query both til they get an answer. ie a specific AD tab and then a generic LDAP tab can also be configured. Bluearc can only do one type per EVS (virtual storage server) it seems so we have to designate either AD or LDAP per EVS but we can have 64 EVS's so its how we split them up. I will do RFE's once RHEL6.2 is GA and ive sucked the Bluearc's architect's brain dry... :D regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com] Sent: Monday, 5 December 2011 1:00 p.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Some feature requests On 12/04/2011 02:35 PM, Steven Jones wrote: > Hi, > > RFE? request for engineering? via RHN support portal? Request for enhancement = RFE > I will also raise these with my RH solution architect. > > I noticed that you have a freeipa nfs howto/engineering proof of concept, > more of those would be good. What I am finding is its very hard (actually > impossible) to figure out how to get 3rd party hardware to talk LDAP into > IPA. It seems the hardware talks one way or multiple ways and IPA answers > differently, the result is they dont communicate. So far I have failed with > Sun's Solar SAN, and Bluecoat's proxy server.the info just seems > lackingor maybe a dictionary from IPA to LDAP or into "steven's speak" is > needed I certainly dont find it simple to understand. We do not know what this hardware wants or expects. We do not even know what kind of lookups it does. Is it nss_ldap? If so and underlying OS is Solaris you need to turn on the IPA compat tree and point the device to that tree. Via compat tree you can expose the information inside FreeIPA tree in any shape you want so if the device wants something special you would be able to satisfy its tastes as long as the data already is some place in the main tree. If it is not then it is a different issue. > ;] > > I will be attempting a new Bluearc this week..which is centos 4.8 > apparently > > ;/ > > I also find that the vendors only speak AD, they are all MS trained.they > are totally clueless when I mention LDAP and especially IPA."Ive never > done a Linux/LDAP connection, I will have to ask engineering" is the common > answer..seems in NZ and even in APAC that is a common, I usually dont get > an answer... If it is AD specific it might not use LDAP. Do you know that these devices actually use LDAP? > Satellite - OTP, it would be per machine.each machine is recorded > individually in RH Sat so you know what is vulnerable and what patches there > are..I kind of envisioned another tab in the kickstart file generator > where you would put in the infomaybe it isnt that easy...but > integrating their products is what many vendors are slick at.or make a > huge mess of, depending on the vendor RFE would be helpful. > ;] > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Dmitri Pal [d...@redhat.com] > Sent: Sunday, 4 December 2011 7:44 a.m. > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Some feature requests > > On 11/28/2011 04:36 PM, Steven Jones wrote: >> I cant see anything in the glster admin guide on connecting it to a IPA >> setup... >> > We will be working with them but it will take some time. > Would be nice to have RFEs for those components filed. > > > As for kickstart any ipa-client invocation requires and authentication. > You either need to do it manually or in some way add OTP to the > kickstart file. > At best OTP should be one per machine but you can reuse it for a group > of machines. > This seems to be a problem that can only be solved by the individual > admin depending on the constraints of his environment. > I do not think this has a generic solution. > >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> >> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on >> behalf of Adam Young [ayo...@redhat.com] >> Sent: Tuesday, 29 November 2011 10:32 a.m. >> To: free
Re: [Freeipa-users] Some feature requests
On 12/04/2011 02:35 PM, Steven Jones wrote: > Hi, > > RFE? request for engineering? via RHN support portal? Request for enhancement = RFE > I will also raise these with my RH solution architect. > > I noticed that you have a freeipa nfs howto/engineering proof of concept, > more of those would be good. What I am finding is its very hard (actually > impossible) to figure out how to get 3rd party hardware to talk LDAP into > IPA. It seems the hardware talks one way or multiple ways and IPA answers > differently, the result is they dont communicate. So far I have failed with > Sun's Solar SAN, and Bluecoat's proxy server.the info just seems > lackingor maybe a dictionary from IPA to LDAP or into "steven's speak" is > needed I certainly dont find it simple to understand. We do not know what this hardware wants or expects. We do not even know what kind of lookups it does. Is it nss_ldap? If so and underlying OS is Solaris you need to turn on the IPA compat tree and point the device to that tree. Via compat tree you can expose the information inside FreeIPA tree in any shape you want so if the device wants something special you would be able to satisfy its tastes as long as the data already is some place in the main tree. If it is not then it is a different issue. > ;] > > I will be attempting a new Bluearc this week..which is centos 4.8 > apparently > > ;/ > > I also find that the vendors only speak AD, they are all MS trained.they > are totally clueless when I mention LDAP and especially IPA."Ive never > done a Linux/LDAP connection, I will have to ask engineering" is the common > answer..seems in NZ and even in APAC that is a common, I usually dont get > an answer... If it is AD specific it might not use LDAP. Do you know that these devices actually use LDAP? > Satellite - OTP, it would be per machine.each machine is recorded > individually in RH Sat so you know what is vulnerable and what patches there > are..I kind of envisioned another tab in the kickstart file generator > where you would put in the infomaybe it isnt that easy...but > integrating their products is what many vendors are slick at.or make a > huge mess of, depending on the vendor RFE would be helpful. > ;] > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Dmitri Pal [d...@redhat.com] > Sent: Sunday, 4 December 2011 7:44 a.m. > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Some feature requests > > On 11/28/2011 04:36 PM, Steven Jones wrote: >> I cant see anything in the glster admin guide on connecting it to a IPA >> setup... >> > We will be working with them but it will take some time. > Would be nice to have RFEs for those components filed. > > > As for kickstart any ipa-client invocation requires and authentication. > You either need to do it manually or in some way add OTP to the > kickstart file. > At best OTP should be one per machine but you can reuse it for a group > of machines. > This seems to be a problem that can only be solved by the individual > admin depending on the constraints of his environment. > I do not think this has a generic solution. > >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> >> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on >> behalf of Adam Young [ayo...@redhat.com] >> Sent: Tuesday, 29 November 2011 10:32 a.m. >> To: freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] Some feature requests >> >> On 11/28/2011 04:16 PM, Steven Jones wrote: >>> Hi, >>> >>> a) Auto setup in RH satellite to allow auto joining to freeIPA from a >>> baremetal kickstart. >> That is a Satellite, not FreeIPA, request. >> >>> b) Setup/config (info etc) to allow a gluster system to join to IPA. >> What would a gluster system require that we do not already provide? >> >>> Since these are all RH...shouldn't be too hard. >>> >>> ;] >>> >>> regards >>> >>> Steven Jones >>> >>> Technical Specialist - Linux RHCE >>> >>> Victoria University, Wellington, NZ >>> >>> 0064 4 463 6272 >>> >>> _
Re: [Freeipa-users] Some feature requests
Hi, RFE? request for engineering? via RHN support portal? I will also raise these with my RH solution architect. I noticed that you have a freeipa nfs howto/engineering proof of concept, more of those would be good. What I am finding is its very hard (actually impossible) to figure out how to get 3rd party hardware to talk LDAP into IPA. It seems the hardware talks one way or multiple ways and IPA answers differently, the result is they dont communicate. So far I have failed with Sun's Solar SAN, and Bluecoat's proxy server.the info just seems lackingor maybe a dictionary from IPA to LDAP or into "steven's speak" is needed I certainly dont find it simple to understand. ;] I will be attempting a new Bluearc this week..which is centos 4.8 apparently ;/ I also find that the vendors only speak AD, they are all MS trained.they are totally clueless when I mention LDAP and especially IPA."Ive never done a Linux/LDAP connection, I will have to ask engineering" is the common answer..seems in NZ and even in APAC that is a common, I usually dont get an answer... Satellite - OTP, it would be per machine.each machine is recorded individually in RH Sat so you know what is vulnerable and what patches there are..I kind of envisioned another tab in the kickstart file generator where you would put in the infomaybe it isnt that easy...but integrating their products is what many vendors are slick at.or make a huge mess of, depending on the vendor ;] regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com] Sent: Sunday, 4 December 2011 7:44 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Some feature requests On 11/28/2011 04:36 PM, Steven Jones wrote: > I cant see anything in the glster admin guide on connecting it to a IPA > setup... > We will be working with them but it will take some time. Would be nice to have RFEs for those components filed. As for kickstart any ipa-client invocation requires and authentication. You either need to do it manually or in some way add OTP to the kickstart file. At best OTP should be one per machine but you can reuse it for a group of machines. This seems to be a problem that can only be solved by the individual admin depending on the constraints of his environment. I do not think this has a generic solution. > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Adam Young [ayo...@redhat.com] > Sent: Tuesday, 29 November 2011 10:32 a.m. > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Some feature requests > > On 11/28/2011 04:16 PM, Steven Jones wrote: >> Hi, >> >> a) Auto setup in RH satellite to allow auto joining to freeIPA from a >> baremetal kickstart. > That is a Satellite, not FreeIPA, request. > >> b) Setup/config (info etc) to allow a gluster system to join to IPA. > What would a gluster system require that we do not already provide? > >> Since these are all RH...shouldn't be too hard. >> >> ;] >> >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> ___ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Some feature requests
On 11/28/2011 04:36 PM, Steven Jones wrote: > I cant see anything in the glster admin guide on connecting it to a IPA > setup... > We will be working with them but it will take some time. Would be nice to have RFEs for those components filed. As for kickstart any ipa-client invocation requires and authentication. You either need to do it manually or in some way add OTP to the kickstart file. At best OTP should be one per machine but you can reuse it for a group of machines. This seems to be a problem that can only be solved by the individual admin depending on the constraints of his environment. I do not think this has a generic solution. > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Adam Young [ayo...@redhat.com] > Sent: Tuesday, 29 November 2011 10:32 a.m. > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Some feature requests > > On 11/28/2011 04:16 PM, Steven Jones wrote: >> Hi, >> >> a) Auto setup in RH satellite to allow auto joining to freeIPA from a >> baremetal kickstart. > That is a Satellite, not FreeIPA, request. > >> b) Setup/config (info etc) to allow a gluster system to join to IPA. > What would a gluster system require that we do not already provide? > >> Since these are all RH...shouldn't be too hard. >> >> ;] >> >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> ___ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Some feature requests
I cant see anything in the glster admin guide on connecting it to a IPA setup... regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Adam Young [ayo...@redhat.com] Sent: Tuesday, 29 November 2011 10:32 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Some feature requests On 11/28/2011 04:16 PM, Steven Jones wrote: > Hi, > > a) Auto setup in RH satellite to allow auto joining to freeIPA from a > baremetal kickstart. That is a Satellite, not FreeIPA, request. > > b) Setup/config (info etc) to allow a gluster system to join to IPA. What would a gluster system require that we do not already provide? > > Since these are all RH...shouldn't be too hard. > > ;] > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Some feature requests
On 11/28/2011 04:16 PM, Steven Jones wrote: Hi, a) Auto setup in RH satellite to allow auto joining to freeIPA from a baremetal kickstart. That is a Satellite, not FreeIPA, request. b) Setup/config (info etc) to allow a gluster system to join to IPA. What would a gluster system require that we do not already provide? Since these are all RH...shouldn't be too hard. ;] regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Some feature requests
Hi, a) Auto setup in RH satellite to allow auto joining to freeIPA from a baremetal kickstart. b) Setup/config (info etc) to allow a gluster system to join to IPA. Since these are all RH...shouldn't be too hard. ;] regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
