On Tue, Oct 14, 2014 at 03:13:06PM +0200, Lukas Slebodnik wrote: > On (14/10/14 17:48), Fraser Tweedale wrote: > >On Tue, Oct 14, 2014 at 12:34:09PM +0500, Orkhan Gasimov wrote: > >> With help from Alexander Bokovoy I found correct log destinations: > >> > >> sssd-domain-log: > >> https://cloud.mail.ru/public/1e803a00989e%2Fsssd_eurosel.az.log > >> sssd-nss-log: https://cloud.mail.ru/public/ae41ae3b44b6%2Fsssd_nss.log > >> > >> These files are from my second Fedora - FreeBSD setup, they have different > >> domain name, but everything else is identical. > >> > >> Interestingly enough, there are lines in sssd_nss.log telling that there > >> are > >> no users or groups in the domain. But as I said, I can ssh to the IPA > >> server > >> as an IPA user. > >> > >Hi Orkhan, > > > >Thanks for the logs. What were their actual locations? > > > >I'm going to try and reproduce your setup and see whether I get the > >same outcome. I have been building and installing the ports as > >indicated in the forum post, and one thing I have noticed is that > >there are a lot of configuration options on some of the important > >ports - perhaps there was an important option that the author forgot > >to mention. > > > You needn't build sssd from ports. You can install sssd with pkg utility. > The only necessary step is to build openldap client with SASL support, > because default version of openldap client is build without SASL support. > sssd cannot initialize ipa_provider with openldap libraries without SASL > support. On the other hand, {ldap,krb5,ad} providers can be used without any > problem. > > The steps, how to build openldap client with SASL support, are described > in freebsd forum. > > >It is the end of the day for me, but sssd is now installed so I > >should let you know tomorrow whether I am running into the same > >issues as you, or whether I find success. > > > >(As a side node: once I get to a working setup I will create and > >publish a pkg(8) repo with the needed ports built with the correct > >options and make.conf variables. This should make it easier and > >certainly quicker to use FreeBSD as a FreeIPA client.) > I am not sure what you are trying to do. Everything is described on forum. > If there isn't something clear feel free to send rephrased(updated) version of > howto. I can contact an author of that post. > Since there are non-default options and make variables to be set, is it not desirable that there be a pkg(8) repository people can use to install the packages needed for ipa integration?
I think it is desirable. It is easy to thanks to ports-mgmt/poudriere. Fraser > LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
