On Fri, Aug 30, 2013 at 03:54:54PM +0200, Michał Dwużnik wrote: > Ok, I somehow assumed certs are very much needed for ldaps... >
Well, for most operations the SSSD uses GSSAPI authentication. Only when passwords are migrated, we do an LDAP bind with StartTLS. > In the meantime, I set up a debian wheezy machine to try the freeipa-client > from debs. > > I managed to get working ipa-client (with a few quirks...- default nss > database needed to be created) with packages from > deb http://apt.numeezy.fr wheezy main > deb-src http://apt.numeezy.fr wheezy main. > So now I have a ready set of debian-like configs for wheezy, making it work > with squeeze seems easier now (it comes with learning, too...) > > I must admit ipa-client debug option is lovely as a step-by-step guide for > trying by hand :> > > Going back to thinking whether to try getting ipa on squeeze or getting the > legacy software working with squeeze... > (some of the scientists seem to be the happiest if the system is totally > unchanged for some 20 years...). > > > Regards > Michal > > PS:I do see hope for rooting out the last instance of NIS on the campus :> Terminate it with extreme prejudice :-) _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
