We need authenticate through our IPA server (LDAP). Is there a known method to accomplish this?
I am willing to try a manual configuration but it appears nss-pam-ldapd is required and I am unable to find this in the CL software. There is an enterprise-login bundle that supplies the required krb5 client. Any suggestions on how to continue?
Currently nss-pam-ldapd is in the openstack-common bundle if you want to test this out but that isn’t where you want to get it from going forward. I know very little about LDAP though so if you wouldn’t mind trying out the nss-pam-ldapd from openstack-common and letting me know if it works, I can add it to enterprise-login.
Thank you William, I will give it a try and reply back with what I find/figure out.
My apologies William, I am just now able to get back to this.
It appears a possibly superior route is to bundle the freeipa-client rather than try to pull in the required packages (authconfig, sssd, krb5, etc) and piece it together. Would you know if there has been any work with this software? I would hate to retrace what someone has already worked on… especially if they found that it would not work.
freeipa-client-install is pretty much not going to happen as far as my knowledge goes. The number of dependencies and the integration with SSSD + pam.d on Clear Linux is just too large for my system admin head to wrap around the scope of this. I hope someone better suited comes along to solve this, to make it simple to configure and join a Clear Linux client to an IPA domain.
Okay, you might want to add a package request to the distribution issues and see if somebody can get time to figure this out.