Package Base Details: freeipa

Git Clone URL: (read-only, click to copy)
Keywords: freeipa identity management policy trusts
Submitter: chenxiaolong
Maintainer: DVS9999 (TheGoliath)
Last Packager: TheGoliath
Votes: 15
Popularity: 1.31
First Submitted: 2012-11-15 23:50
Last Updated: 2020-04-01 15:24

Latest Comments

« First ‹ Previous 1 2 3 4 5 Next › Last »

chenxiaolong commented on 2014-03-06 00:59

@t.ask: I spend a bit of time working to port FreeIPA to Arch and the IPA client mostly works (although I haven't had the time to properly test the past few versions). The FreeIPA server is not supported at the moment.

You can set up the client just as you would in Fedora: Arch doesn't have any nice tools to manage the /etc/pam.d/* and /etc/nsswitch.conf configuration files though, so you'll need to run this command to make the necessary changes:

$ sudo sss-auth-setup --enable-nss --enable-pam

t-ask commented on 2014-03-05 20:29

I'm a bit confused that we have an AUR package for FreeIPA, despite Arch isn't officially supported yb FreeIPA. Can I just install it and it guides me through all the setup instructions to configure all FreeIPA services locally without installing the corresponding Arch packages manually?

chenxiaolong commented on 2013-05-13 05:15

New release:

**IMPORTANT**: Run "sudo sss-auth-setup --disable-nss --disable-pam" before updating!

This new release contains a rewritten sss-auth-setup. It is now safe to run it with "--enable-pam" or "--disable-pam" multiple times.

Whenever a new package that uses PAM is installed or updated (anything that requires a login), just run "sudo sss-auth-setup --enable-pam". No need to disable first :)

chenxiaolong commented on 2013-05-12 21:15

More important information:

It's a *good* idea to run "sss-auth-setup --disable-pam" before "pacman -Syu" just in case something in case something in /etc/pam.d/ is added or updated. After the updates, run "sss-auth-setup --enable-pam" again.

I hope to have this fixed for the next release.

chenxiaolong commented on 2013-05-12 21:09

Updated to version 3.2.0. There are a huge amount changes for this release:

Installation is still the same as before:

1. Install freeipa
2. sudo sss-auth-setup --enable-nss --enable-pam
3. sudo ipa-client-install ...

Note: freeipa on Arch Linux is still untested :P

chenxiaolong commented on 2013-05-12 15:50

Hi Gwmngilfen:

My finals for school just finished two days ago, so I should have a lot more time to work on FreeIPA now. I'm guessing the dependencies are really outdated since I last updated the package. I'll fix all of those first :P

Gwmngilfen commented on 2013-05-12 12:53

Hi chenxiaolong,

Just a headsup - FreeIPA 3.2 is out; and presently your 3.1 package doesn't build. Some of the dependencies are now "python2-pylint" and "samba" but even then the patches don't seem to apply to the source properly. Log here:

I might see if I can fix it if I get time, but I'm not familiar with the IPA codebase (only just installed freeipa server on a spare fedora box :P)

psi.neamf commented on 2013-01-09 14:29

Hi chenxiaolong,

I've found for GSSAPI for SSH you need to change these to 'yes' :

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

in either /etc/ssh/ssh_config or ~/.ssh/config

chenxiaolong commented on 2012-12-28 17:05

@demaio (who flagged this package out of date): It may take me a little while (probably after New Year) to update this package. I have yet to upgrade my server to 3.1.0 and I still need to work out a few issues, such as making pam_mkhomedir or oddjob-mkhomedir work :)

chenxiaolong commented on 2012-12-01 21:04

@senorsmile: FreeIPA (the client) is partially working now. I would say it's usable :) Right now, I'm working on the PAM configuration files. There are some issues with the way it works. For example, if you press Control+C when you type the password to sudo, it will say that you typed the password incorrectly 3 times.

Other than that, the only issue I know of is that GSSAPI (single sign on) does not work with ssh. I think that it's a problem with Arch's packages.

I haven't written anything about using FreeIPA with Arch, so here's a basic rundown:

Basically, you'll need to install this freeipa package and run "sudo sss-auth-setup --enable-nss --enable-pam". That will modify /etc/nsswitch.conf and /etc/pam.d/* for freeipa. If pacman ever does anything in /etc/pam.d/, such as updating something or installing a new login manager, you'll need to run:

sudo sss-auth-setup --disable-pam
sudo sss-auth-setup --enable-pam

That's all for the Arch-specific FreeIPA changes. Afterwards, just run the usual "ipa-client-install" commands.

I hope that answered your questions :)