@t.ask: I spend a bit of time working to port FreeIPA to Arch and the IPA client mostly works (although I haven't had the time to properly test the past few versions). The FreeIPA server is not supported at the moment.
You can set up the client just as you would in Fedora: http://www.freeipa.org/docs/master/html-desktop/index.html#Installing_the_IPA_Client_on_Linux Arch doesn't have any nice tools to manage the /etc/pam.d/* and /etc/nsswitch.conf configuration files though, so you'll need to run this command to make the necessary changes:
$ sudo sss-auth-setup --enable-nss --enable-pam
Search Criteria
Package Details: python-ipaclient 4.12.2-3
Package Actions
| Git Clone URL: | https://aur.archlinux.org/freeipa.git (read-only, click to copy) |
|---|---|
| Package Base: | freeipa |
| Description: | Python libraries used by IPA client |
| Upstream URL: | http://www.freeipa.org/ |
| Keywords: | freeipa identity management policy trusts |
| Licenses: | GPL3 |
| Submitter: | chenxiaolong |
| Maintainer: | patlefort |
| Last Packager: | patlefort |
| Votes: | 24 |
| Popularity: | 0.20 |
| First Submitted: | 2012-11-15 23:50 (UTC) |
| Last Updated: | 2025-01-09 00:05 (UTC) |
Dependencies (22)
- freeipa-client-commonAUR
- freeipa-commonAUR
- python-dnspython (python-dnspython-gitAUR)
- python-ipalibAUR
- python-jinja
- ding-libs (make)
- gettext (gettext-gitAUR) (make)
- krb5 (krb5-gitAUR) (make)
- libsasl (make)
- libxmlrpc (make)
- nspr (nspr-hgAUR) (make)
- nss (nss-hgAUR) (make)
- openldap (openldap-gnutlsAUR) (make)
- openssl (openssl-gitAUR, openssl-staticAUR) (make)
- popt (popt-gitAUR) (make)
- python (python37AUR, python311AUR, python310AUR) (make)
- python-jinja (make)
- python-pyasn1-modules (make)
- python-setuptools (make)
- python-systemd (make)
- sssd (sssd-gitAUR, sssd-nosmbAUR) (make)
- oddjob-selinuxAUR (optional) – mkhomedir support
Required by (1)
Sources (6)
chenxiaolong commented on 2014-03-06 00:59 (UTC)
t-ask commented on 2014-03-05 20:29 (UTC)
I'm a bit confused that we have an AUR package for FreeIPA, despite Arch isn't officially supported yb FreeIPA. Can I just install it and it guides me through all the setup instructions to configure all FreeIPA services locally without installing the corresponding Arch packages manually?
chenxiaolong commented on 2013-05-13 05:15 (UTC)
New release:
**IMPORTANT**: Run "sudo sss-auth-setup --disable-nss --disable-pam" before updating!
This new release contains a rewritten sss-auth-setup. It is now safe to run it with "--enable-pam" or "--disable-pam" multiple times.
Whenever a new package that uses PAM is installed or updated (anything that requires a login), just run "sudo sss-auth-setup --enable-pam". No need to disable first :)
chenxiaolong commented on 2013-05-12 21:09 (UTC)
Updated to version 3.2.0. There are a huge amount changes for this release: https://github.com/chenxiaolong/ArchLinux-Packages/commit/4e0df0c4992ef8d0629586036fdf4f00a4e2c730
Installation is still the same as before:
1. Install freeipa
2. sudo sss-auth-setup --enable-nss --enable-pam
3. sudo ipa-client-install ...
Note: freeipa on Arch Linux is still untested :P
chenxiaolong commented on 2013-05-12 15:50 (UTC)
Hi Gwmngilfen:
My finals for school just finished two days ago, so I should have a lot more time to work on FreeIPA now. I'm guessing the dependencies are really outdated since I last updated the package. I'll fix all of those first :P
Gwmngilfen commented on 2013-05-12 12:53 (UTC)
Hi chenxiaolong,
Just a headsup - FreeIPA 3.2 is out; and presently your 3.1 package doesn't build. Some of the dependencies are now "python2-pylint" and "samba" but even then the patches don't seem to apply to the source properly. Log here: https://gist.github.com/5563461
I might see if I can fix it if I get time, but I'm not familiar with the IPA codebase (only just installed freeipa server on a spare fedora box :P)
psi.neamf commented on 2013-01-09 14:29 (UTC)
Hi chenxiaolong,
I've found for GSSAPI for SSH you need to change these to 'yes' :
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
in either /etc/ssh/ssh_config or ~/.ssh/config
chenxiaolong commented on 2012-12-28 17:05 (UTC)
@demaio (who flagged this package out of date): It may take me a little while (probably after New Year) to update this package. I have yet to upgrade my server to 3.1.0 and I still need to work out a few issues, such as making pam_mkhomedir or oddjob-mkhomedir work :)
chenxiaolong commented on 2012-12-01 21:04 (UTC)
@senorsmile: FreeIPA (the client) is partially working now. I would say it's usable :) Right now, I'm working on the PAM configuration files. There are some issues with the way it works. For example, if you press Control+C when you type the password to sudo, it will say that you typed the password incorrectly 3 times.
Other than that, the only issue I know of is that GSSAPI (single sign on) does not work with ssh. I think that it's a problem with Arch's packages.
I haven't written anything about using FreeIPA with Arch, so here's a basic rundown:
Basically, you'll need to install this freeipa package and run "sudo sss-auth-setup --enable-nss --enable-pam". That will modify /etc/nsswitch.conf and /etc/pam.d/* for freeipa. If pacman ever does anything in /etc/pam.d/, such as updating something or installing a new login manager, you'll need to run:
sudo sss-auth-setup --disable-pam
sudo sss-auth-setup --enable-pam
That's all for the Arch-specific FreeIPA changes. Afterwards, just run the usual "ipa-client-install" commands.
I hope that answered your questions :)
Pinned Comments
patlefort commented on 2024-07-23 11:37 (UTC)
Keys are in
keys/pgpof this package.