No, I don't believe 3.0 on CentOS 6 (sorry I didn't share that detail) has ipa-advise. Isn't it introduced in FreeIPA 4? I'm not necessarily opposed to upgrading, but I'm a bit reticent about switching from a yum package to a git pull (perhaps I'm just a bit gun shy today). Is there anything I can try before that?
On a related note, I've fallen back to pointing nsswitch.conf at my ipa server using ldap. It's working over plain old ldap on 389, but when I try to config it as ldaps, I can do an ldapsearch, but id/getent fail. This works "well enough" for my current needs, but it's still a curious situation. :DS =================================== *Daniel Shown,* Linux Systems Administrator Advanced Technology Group Information Technology Services <http://www.slu.edu/its> at Saint Louis University <http://www.slu.edu/>. 314-977-2583 =================================== "The aim of education is the knowledge, not of facts, but of values." – William S. Burroughs On Thu, Jul 24, 2014 at 3:38 AM, Tomas Babej <tba...@redhat.com> wrote: > > On 07/24/2014 02:30 AM, Fraser Tweedale wrote: > > On Wed, Jul 23, 2014 at 04:37:03PM -0500, Daniel Shown wrote: > >> So, I'm trying to get a FreeBSD (because ZFS is more stable there than > in > >> Linux) file server configured to have access user accounts in FreeIPA > for > >> proper ownership/permissions. It seems like it should be pretty > >> straightforward. I don't even need to update pam.d configs, just > >> nsswitch.conf. I've gone through a couple of guides, and i still get > >> nothing when I do an id or getent for users in FreeIPA, it sees > nothing. I > >> can do an ldapsearch against the FreeIPA ldap, I can get a Kerberos > ticket > >> from my IPA server, and I can even run id/getent on Linux hosts. What > could > >> I be missing that could be throwing a wrench in this? > >> > > Hi Daniel, > > > > Did you follow the steps suggested by:: > > > > % ipa-advise config-freebsd-nss-pam-ldapd > > > > (Note that you will need a Kerberos ticket to run the above > > command). > > Another note: You'll need to run this command on the > server. The client machines do not have ipa-advise tool. > > > > > If you have followed this advice (note that some commands have > > changed and recent versions of FreeBSD - soon I will update the > > advice accordingly), and it still does not work, let me know - I > > will be happy to work with you to get things working. > > > > Regards, > > > > Fraser > > > > > >> Best! > >> =================================== > >> *Daniel Shown,* > >> Linux Systems Administrator > >> Advanced Technology Group > >> Information Technology Services <http://www.slu.edu/its> > >> at Saint Louis University <http://www.slu.edu/>. > >> > >> 314-977-2583 > >> =================================== > >> > >> "The aim of education > >> is the knowledge, > >> not of facts, > >> but of values." > >> – William S. Burroughs > >> -- > >> Manage your subscription for the Freeipa-users mailing list: > >> https://www.redhat.com/mailman/listinfo/freeipa-users > >> Go To http://freeipa.org for more info on the project > > -- > Tomas Babej > Associate Software Engineer | Red Hat | Identity Management > RHCE | Brno Site | IRC: tbabej | freeipa.org > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
