Re: [Freeipa-users] ipa-client on aws (amazon linux)

2015-09-02 Thread Lukas Slebodnik 
On (02/09/15 11:22), Prashant Bapat wrote:
>Hi,
>
>Running a freeipa-client on Amazon Linux is a huge challenge. This is
>because the client depends on SSSD which in turn uses Samba libraries which
>Amazon Linux does not support.
sssd >= 1.11 can be compiled without samba libraries.
But result is missing ad and ipa provider.
So you would need to manually configure sssd with ldap provider against
FreeIPA.

>I tried this sometime back and gave up.
>Instead we went with pam-nss-ldap route which works great with compat ldap
>schema. Run the "ipa-advise" command for more details.
>
>I'm running the pam-nss-ldap client on 2000+ servers in AWS with Amazon
>Linux.
>
ipa-client install has option "--no-sssd"
-S, --no-sssd   Do not configure the client to use SSSD for
authentication

LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa-client on aws (amazon linux)

2015-09-02 Thread Prashant Bapat 
Lukas,

ipa-client-install is part of the freeipa-client rpm. On Amazon Linux this
rpm cannot be installed. This is the basic issue.

Thanks.

On 2 September 2015 at 12:43, Lukas Slebodnik  wrote:

> On (02/09/15 11:22), Prashant Bapat wrote:
> >Hi,
> >
> >Running a freeipa-client on Amazon Linux is a huge challenge. This is
> >because the client depends on SSSD which in turn uses Samba libraries
> which
> >Amazon Linux does not support.
> sssd >= 1.11 can be compiled without samba libraries.
> But result is missing ad and ipa provider.
> So you would need to manually configure sssd with ldap provider against
> FreeIPA.
>
> >I tried this sometime back and gave up.
> >Instead we went with pam-nss-ldap route which works great with compat ldap
> >schema. Run the "ipa-advise" command for more details.
> >
> >I'm running the pam-nss-ldap client on 2000+ servers in AWS with Amazon
> >Linux.
> >
> ipa-client install has option "--no-sssd"
> -S, --no-sssd   Do not configure the client to use SSSD for
> authentication
>
> LS
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa-client on aws (amazon linux)

2015-09-02 Thread Lukas Slebodnik 
On (02/09/15 12:58), Prashant Bapat wrote:
>Lukas,
>
>ipa-client-install is part of the freeipa-client rpm. On Amazon Linux this
>rpm cannot be installed. This is the basic issue.
>
Indeed.
there is a strict requires for sssd

Requires: sssd >= 1.12.3  #from fedora spec file

Using ipa-advise might be more comfortable way rather then
patch spec file or create modified rpms.

LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa-client on aws (amazon linux)

2015-09-02 Thread Prashant Bapat 
Hi,

Running a freeipa-client on Amazon Linux is a huge challenge. This is
because the client depends on SSSD which in turn uses Samba libraries which
Amazon Linux does not support. I tried this sometime back and gave up.
Instead we went with pam-nss-ldap route which works great with compat ldap
schema. Run the "ipa-advise" command for more details.

I'm running the pam-nss-ldap client on 2000+ servers in AWS with Amazon
Linux.

HTH.
--Prashant



On 2 September 2015 at 02:25, Gustavo Mateus 
wrote:

> Hi,
>
> Does anyone have an updated list of packages or installation steps to get
> the ipa-client properly installed on an Amazon Linux (2015.03.1 to be more
> precise).
>
> I plan to use Red Hat as my ipa-server but the clients need to be Amazon
> Linux.
>
> Thanks,
>
> Gustavo
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa-client on aws (amazon linux)

2015-09-02 Thread Gustavo Mateus 
I think I'll go with ipa-advise for now since my main goal is to move away
from openldap and allow AD users to ssh into my linux boxes.
And eventually, when AWS decides to finally include ipa-client in amazon
linux, I move to that approach.




On Wed, Sep 2, 2015 at 12:36 AM, Lukas Slebodnik 
wrote:

> On (02/09/15 12:58), Prashant Bapat wrote:
> >Lukas,
> >
> >ipa-client-install is part of the freeipa-client rpm. On Amazon Linux this
> >rpm cannot be installed. This is the basic issue.
> >
> Indeed.
> there is a strict requires for sssd
>
> Requires: sssd >= 1.12.3  #from fedora spec file
>
> Using ipa-advise might be more comfortable way rather then
> patch spec file or create modified rpms.
>
> LS
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project