On 05/09/2011 09:12 AM, Dmitri Pal wrote:
On 05/08/2011 07:39 PM, Adam Young wrote:
On 05/08/2011 06:20 AM, nasir nasir wrote:
Thanks indeed again for the reply. I went through the deployment
guide and installed and configured FreeIPA 2.0 on a RHEL 6.1 beta
machine for testing. I also configured the browsers on this server
and a client Kubuntu machine as per the guide. But I can't find any
doc which explain how to configure a client (kubuntu in my case) for
single sign on or even accessing a service like nfs using the
browser when native ipa-client package is not available. All the
docs are focused on configuring client machines using ipa-client
package. Is this possible? if so could anyone suggest me some guide
lines or docs for the same ?
Does the client have SSSD?
If it does making ipa-client work is probably the best path.
If the SSSD is not an option then you are in the realm of PAM_KRB5 for
the SSO.
Please see the FreeIPA 1.2.1 documentation. There is no exact
documentation ofr your case but the closest IMO would be the
instructions for the Solaris client.
http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/chap-Client_Configuration_Guide-Configuring_Solaris_as_an_IPA_Client.html
Also see man pages for pam_krb5.
Hope this helps.
Thanks
Dmitri
According to Stephen, Ubuntu has an older version of sssd available.
Even Debian sid only has 1.2.1
http://packages.debian.org/unstable/main/sssd
Did you try installing the ipa-client rpms with Alien?
Thanks and Regards,
Nidal
--- On *Mon, 5/2/11, Adam Young /<[email protected]>/* wrote:
From: Adam Young <[email protected]>
Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment
To: "nasir nasir" <[email protected]>
Cc: [email protected]
Date: Monday, May 2, 2011, 8:03 AM
On 05/01/2011 08:49 AM, nasir nasir wrote:
Thanks for all the replies and great suggestions! I do
appreciate it a lot.
Apologies for being a bit confusing about the cetralized /home
foder in my previous mail. What I want is that all the users
should have their /home folder stored in the storage. This
entire partition (or LUN) can be attached to my Authentication
server(i.e FreeIPA) by using iSCSI. From the Authentication
server, I am NOT looking for iSCSI to get it mounted to the
individual users' machine. I think NFS/automount would do
that(appreciate any suggestion on this !) And whenever a new
user is created, /home should be allocated out of this
partition so that whichever machine the user is using to login
later, she should be able to access the same /home specific to
her regardless of the machine. I hope it is clear to all :-)
Thanks and regards,
Nidal
> -- Centralized storage with iSCSI for /home folder
for each user by means of a dedicated storage
IPA manages Automount, which is possibly what you want.
Are you going to give each user their own partition that
follows them around, or are you going to give the a home
directory on a a NAS server? I Have to admit, the iSCSI
home mount sounds interesting. You could probably get
automount to help you out there, but at this point I think
that you would need a separate key line for each user.
Note that iSCSI won't help you if you want to mount the
same partition on multiple clients. For this, you either
need a distributed File System, or stick to NFS.
Nidal,
OK, I'd probably do something like this: After install IPA, add
one host as an IPA client with the following switch:
--mkhomedir,, something like ipa-client-install --mkhomedir -p
admin. Then, mount the directory that you are going to use a
/home on that machine. Once you create users in IPA, the first
time you log in as that user, do so from that client, and it
will attempt to create the home directory for you. This
should be the only machine that has permissions to create
directories under /home. Now, create an automount location and
map, and create a key for /home
The instructions from our test day should get you started:
https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
