Hi Alex!
I've set up on Debian 8 ipa-client recently.
And here is my notes on this process, maybe it would be helpfull.
1. Enable sid repo
2. Install freeipa-client and python-sss packages
3. Update python-six to 1.10+
4. Restart dbus service
5. ipa-client-install command
In the end - I've got completely working ipa-client for ssh and sudo.
2018-01-19 0:24 GMT+03:00 Alex Corcoles via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org>:
Hi,
Now that I have my FreeIPA server working in my setup, I'd like to
configure my Proxmox server as an IPA client; both for UNIX users and its
web/API.
As you might be aware, ipa-client-install is only in sid, and it seems to
be problematic. I'm posting everything I'm doing to keep this documented.
$ apt install sudo
$ apt install bind9utils certmonger curl krb5-user libcurl3 libnss3-tools
libnss-sss libpam-sss libsasl2-modules-gssapi-mit libsss-sudo
libxmlrpc-core-c3 oddjob-mkhomedir python-dnspython python-gssapi
python-ldap sssd libbasicobjects0 libcollection4 libcurl3-nss
libini-config5 libref-array1 gnupg2 python-cffi python-cryptography
python-custodia python-dbus python-jwcrypto python-libipa-hbac python-lxml
python-memcache python-netaddr python-netifaces python-nss python-pyasn1
python-qrcode python-setuptools python-usb python-yubico dnsutils keyutils
python-requests
$ wget
http://ftp.de.debian.org/debian/pool/main/f/freeipa/
freeipa-client_4.4.4-4_amd64.deb
http://ftp.de.debian.org/
debian/pool/main/f/freeipa/freeipa-common_4.4.4-4_all.deb
http://ftp.de.debian.org/debian/pool/main/f/freeipa/
python-ipaclient_4.4.4-4_all.deb
http://ftp.de.debian.org/
debian/pool/main/f/freeipa/python-ipalib_4.4.4-4_all.deb
$ dpkg -i *.deb
$ ipa-client-install -N --mkhomedir
This all seems to work successfully, the server appears on the FreeIPA web
console and even:
$ sss_ssh_authorizedkeys $MY_IPA_USER
works! But ssh, sudo don't work. However if I patch /etc/sssd/sssd.conf
and add nss and pam to [sssd] services, ssh, console login and sudo work!
Questions:
1) Is there anything problematic in my procedure?
2) Whom should I report a bug so /etc/sssd/sssd.conf is generated
correctly? I'm guessing Debian...
3) Proxmox supposedly uses PAM for its web/API auth, but it ignores my
user. It supports LDAP for authentication, though... Would you recommend
using LDAP or trying to coerce PAM into working for IPA?
Cheers,
Álex
--
___
{~._.~}
( Y )
()~*~() mail: alex at corcoles dot net
(_)-(_)
http://alex.corcoles.net/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org