Discussion:
FreeIPA for Debian Wheezy, Ubuntu 12.04
(too old to reply)
Sina Owolabi
2015-01-15 02:34:12 UTC
Permalink
Hi List

Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway completed and sssd's
configuration file moved to .deleted.
I'm really interested in getting this to work and I'll appreciate any help
I can get. Failing that are there any alternatives?

Thanks!
Petr Spacek
2015-01-15 08:17:56 UTC
Permalink
Post by Sina Owolabi
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway completed and sssd's
configuration file moved to .deleted.
I'm really interested in getting this to work and I'll appreciate any help
I can get. Failing that are there any alternatives?
Please see http://www.freeipa.org/page/Troubleshooting#Client_Installation

If it does not help then please post more information about your problem, namely:
- exact package versions (keep in mind that "Wheezy" is a moving target)
- /var/log/ipaclient-install.log

Have a nice day!
--
Petr^2 Spacek
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Lukas Slebodnik
2015-01-15 08:36:34 UTC
Permalink
Post by Petr Spacek
Post by Sina Owolabi
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway completed and sssd's
configuration file moved to .deleted.
I'm really interested in getting this to work and I'll appreciate any help
I can get. Failing that are there any alternatives?
Please see http://www.freeipa.org/page/Troubleshooting#Client_Installation
- exact package versions (keep in mind that "Wheezy" is a moving target)
What do you mean by moving target?

wheezy is codename for the latest release is Debian 7.8. It is also (currently)
known as stable

The most problematic part is that freeipa-client is not in repositories of
debian stable or debian testing (just debian unstable)
https://packages.debian.org/sid/freeipa-client

The bigger problem with wheezy an Ubuntu 12.04 is that they contain very old
version of sssd.

debian wheezy
1.8.4-2
https://packages.debian.org/search?suite=wheezy&arch=any&searchon=names&keywords=sssd

Ubuntu 12.04
1.8.2-0ubuntu1
http://packages.ubuntu.com/precise/sssd

NOTE: They may work but may contains bugs.

For Ubuntu 12.04, there is the Timo's ppa repo which contains new sssd.
https://launchpad.net/~sssd/+archive/ubuntu/updates

LS
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Petr Spacek
2015-01-15 09:54:27 UTC
Permalink
Post by Lukas Slebodnik
Post by Petr Spacek
Post by Sina Owolabi
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway completed and sssd's
configuration file moved to .deleted.
I'm really interested in getting this to work and I'll appreciate any help
I can get. Failing that are there any alternatives?
Please see http://www.freeipa.org/page/Troubleshooting#Client_Installation
- exact package versions (keep in mind that "Wheezy" is a moving target)
What do you mean by moving target?
wheezy is codename for the latest release is Debian 7.8. It is also (currently)
known as stable
Sure, but Debian allows packages updates after release - or not?

I mean that "Debian Wheezy" does not necessarily identify particular package
version.
--
Petr^2 Spacek
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Lukas Slebodnik
2015-01-15 10:04:09 UTC
Permalink
Post by Petr Spacek
Post by Lukas Slebodnik
Post by Petr Spacek
Post by Sina Owolabi
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway completed and sssd's
configuration file moved to .deleted.
I'm really interested in getting this to work and I'll appreciate any help
I can get. Failing that are there any alternatives?
Please see http://www.freeipa.org/page/Troubleshooting#Client_Installation
- exact package versions (keep in mind that "Wheezy" is a moving target)
What do you mean by moving target?
wheezy is codename for the latest release is Debian 7.8. It is also (currently)
known as stable
Sure, but Debian allows packages updates after release - or not?
Each distributions allows packages updates after release.
Where is a difference?

LS
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Petr Spacek
2015-01-15 10:06:40 UTC
Permalink
Post by Lukas Slebodnik
Post by Petr Spacek
Post by Lukas Slebodnik
Post by Petr Spacek
Post by Sina Owolabi
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway completed and sssd's
configuration file moved to .deleted.
I'm really interested in getting this to work and I'll appreciate any help
I can get. Failing that are there any alternatives?
Please see http://www.freeipa.org/page/Troubleshooting#Client_Installation
- exact package versions (keep in mind that "Wheezy" is a moving target)
What do you mean by moving target?
wheezy is codename for the latest release is Debian 7.8. It is also (currently)
known as stable
Sure, but Debian allows packages updates after release - or not?
Each distributions allows packages updates after release.
Where is a difference?
That is exactly the point - you should always include package version in the
bug report.

Can we please stop bike-shedding now?
--
Petr^2 Spacek
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Timo Aaltonen
2015-01-15 09:58:56 UTC
Permalink
Post by Petr Spacek
Post by Lukas Slebodnik
Post by Petr Spacek
Post by Sina Owolabi
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway completed and sssd's
configuration file moved to .deleted.
I'm really interested in getting this to work and I'll appreciate any help
I can get. Failing that are there any alternatives?
Please see http://www.freeipa.org/page/Troubleshooting#Client_Installation
- exact package versions (keep in mind that "Wheezy" is a moving target)
What do you mean by moving target?
wheezy is codename for the latest release is Debian 7.8. It is also (currently)
known as stable
Sure, but Debian allows packages updates after release - or not?
no new upstream releases, unless via $release-backports
Post by Petr Spacek
I mean that "Debian Wheezy" does not necessarily identify particular package
version.
..so it does, in practise.
--
t
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Tomas Babej
2015-01-15 17:07:03 UTC
Permalink
Post by Sina Owolabi
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always
fail with the IPA client install being halfway completed and sssd's
configuration file moved to .deleted.
I'm really interested in getting this to work and I'll appreciate any
help I can get. Failing that are there any alternatives?
Thanks!
If you're SSSD version is less than 1.9, you could try running
ipa-advise config-generic-linux-sssd-before-1-9 on the IPA server.

This will provide setup instructions to run on the client.

HTH,
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
Sina Owolabi
2015-01-17 08:49:04 UTC
Permalink
Thanks Tomas.

List, please how do I get rid of this error:
ipa-client-install --uninstall
*Disabling client Kerberos and LDAP configurations*
*Failed to remove krb5/LDAP configuration: *
After I've deleted everything I can think of? Uninstalling freeipa doesn't
help, and I can't reinstall the server.
Post by Sina Owolabi
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway completed and sssd's
configuration file moved to .deleted.
I'm really interested in getting this to work and I'll appreciate any help
I can get. Failing that are there any alternatives?
Thanks!
If you're SSSD version is less than 1.9, you could try running ipa-advise
config-generic-linux-sssd-before-1-9 on the IPA server.
This will provide setup instructions to run on the client.
HTH,
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
Brian Topping
2015-01-17 09:59:17 UTC
Permalink
Did you try strace to see what files it is choking on?

Sent from my iPhone
Post by Sina Owolabi
Thanks Tomas.
ipa-client-install --uninstall
Disabling client Kerberos and LDAP configurations
After I've deleted everything I can think of? Uninstalling freeipa doesn't help, and I can't reinstall the server.
Post by Sina Owolabi
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always fail with the IPA client install being halfway completed and sssd's configuration file moved to .deleted.
I'm really interested in getting this to work and I'll appreciate any help I can get. Failing that are there any alternatives?
Thanks!
If you're SSSD version is less than 1.9, you could try running ipa-advise config-generic-linux-sssd-before-1-9 on the IPA server.
This will provide setup instructions to run on the client.
HTH,
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Sina Owolabi
2015-01-17 10:23:00 UTC
Permalink
How do I strace this, please?
Post by Brian Topping
Did you try strace to see what files it is choking on?
Sent from my iPhone
Thanks Tomas.
ipa-client-install --uninstall
*Disabling client Kerberos and LDAP configurations*
*Failed to remove krb5/LDAP configuration: *
After I've deleted everything I can think of? Uninstalling freeipa doesn't
help, and I can't reinstall the server.
Post by Sina Owolabi
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway completed and sssd's
configuration file moved to .deleted.
I'm really interested in getting this to work and I'll appreciate any
help I can get. Failing that are there any alternatives?
Thanks!
If you're SSSD version is less than 1.9, you could try running ipa-advise
config-generic-linux-sssd-before-1-9 on the IPA server.
This will provide setup instructions to run on the client.
HTH,
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Sina Owolabi
2015-01-17 10:31:23 UTC
Permalink
Hi
I cant make head or tail of the output, but here it is attached.
:-) Sorry about the "how do I trace". I RTFM'ed myself.
Post by Sina Owolabi
How do I strace this, please?
Post by Brian Topping
Did you try strace to see what files it is choking on?
Sent from my iPhone
Thanks Tomas.
ipa-client-install --uninstall
*Disabling client Kerberos and LDAP configurations*
*Failed to remove krb5/LDAP configuration: *
After I've deleted everything I can think of? Uninstalling freeipa
doesn't help, and I can't reinstall the server.
Post by Sina Owolabi
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always fail
with the IPA client install being halfway completed and sssd's
configuration file moved to .deleted.
I'm really interested in getting this to work and I'll appreciate any
help I can get. Failing that are there any alternatives?
Thanks!
If you're SSSD version is less than 1.9, you could try running
ipa-advise config-generic-linux-sssd-before-1-9 on the IPA server.
This will provide setup instructions to run on the client.
HTH,
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Sina Owolabi
2015-01-17 10:51:27 UTC
Permalink
I think I've made a go of it!
I was able to uninstall freeipa-client, and it complained about some
leftover files, like so

Removing freeipa-client ...
dpkg: warning: while removing freeipa-client, directory
'/var/lib/ipa-client/sysrestore' not empty so not removed
I deleted and reinstalled, no problem.
I now followed the instructions over at this helpful site:
http://nadirlatif.me/installing-freeipa-client-debian/
And now I'm joined to the domain!
Of course this does not mean all my troubles are over, trying to login as
an IPA user drops a "permission denied" error:

Creating directory '/share/user'.
Unable to create and initialize directory '/user'.

Permission denied

What can I do to fix that? What am I missing?
Post by Sina Owolabi
Hi
I cant make head or tail of the output, but here it is attached.
:-) Sorry about the "how do I trace". I RTFM'ed myself.
Post by Sina Owolabi
How do I strace this, please?
Post by Brian Topping
Did you try strace to see what files it is choking on?
Sent from my iPhone
Thanks Tomas.
ipa-client-install --uninstall
*Disabling client Kerberos and LDAP configurations*
*Failed to remove krb5/LDAP configuration: *
After I've deleted everything I can think of? Uninstalling freeipa
doesn't help, and I can't reinstall the server.
Post by Sina Owolabi
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always
fail with the IPA client install being halfway completed and sssd's
configuration file moved to .deleted.
I'm really interested in getting this to work and I'll appreciate any
help I can get. Failing that are there any alternatives?
Thanks!
If you're SSSD version is less than 1.9, you could try running
ipa-advise config-generic-linux-sssd-before-1-9 on the IPA server.
This will provide setup instructions to run on the client.
HTH,
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Sina Owolabi
2015-01-17 11:08:13 UTC
Permalink
Apparently I had to manually create the nfs4 mountpoint (/share) that
kereberized nfs uses before the user's share would mount. I can login as
the ipa user now.
Thanks everyone.
Post by Sina Owolabi
I think I've made a go of it!
I was able to uninstall freeipa-client, and it complained about some
leftover files, like so
Removing freeipa-client ...
dpkg: warning: while removing freeipa-client, directory
'/var/lib/ipa-client/sysrestore' not empty so not removed
I deleted and reinstalled, no problem.
http://nadirlatif.me/installing-freeipa-client-debian/
And now I'm joined to the domain!
Of course this does not mean all my troubles are over, trying to login as
Creating directory '/share/user'.
Unable to create and initialize directory '/user'.
Permission denied
What can I do to fix that? What am I missing?
Post by Sina Owolabi
Hi
I cant make head or tail of the output, but here it is attached.
:-) Sorry about the "how do I trace". I RTFM'ed myself.
Post by Sina Owolabi
How do I strace this, please?
Post by Brian Topping
Did you try strace to see what files it is choking on?
Sent from my iPhone
Thanks Tomas.
ipa-client-install --uninstall
*Disabling client Kerberos and LDAP configurations*
*Failed to remove krb5/LDAP configuration: *
After I've deleted everything I can think of? Uninstalling freeipa
doesn't help, and I can't reinstall the server.
Post by Sina Owolabi
Hi List
Please is it really possible to have Debian and Ubuntu serve as IPA clients?
I've tried some instructions/guidelines on the list and they always
fail with the IPA client install being halfway completed and sssd's
configuration file moved to .deleted.
I'm really interested in getting this to work and I'll appreciate any
help I can get. Failing that are there any alternatives?
Thanks!
If you're SSSD version is less than 1.9, you could try running
ipa-advise config-generic-linux-sssd-before-1-9 on the IPA server.
This will provide setup instructions to run on the client.
HTH,
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
--
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Lukas Slebodnik
2015-01-17 11:41:16 UTC
Permalink
Post by Sina Owolabi
I think I've made a go of it!
I was able to uninstall freeipa-client, and it complained about some
leftover files, like so
Removing freeipa-client ...
dpkg: warning: while removing freeipa-client, directory
'/var/lib/ipa-client/sysrestore' not empty so not removed
I deleted and reinstalled, no problem.
http://nadirlatif.me/installing-freeipa-client-debian/
And now I'm joined to the domain!
Of course this does not mean all my troubles are over, trying to login as
Creating directory '/share/user'.
Unable to create and initialize directory '/user'.
Following link might help you.
https://wiki.debian.org/LDAP/PAM#Creating_home_directory_on_login

LS
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Continue reading on narkive:
Loading...