[Feature Request] Support IAM FreeIPA

[m50S79sM6SRNp8Jn]

No description provided.

[m50S79sM6SRNp8Jn]

https://www.freeipa.org/

[n3gwg]

I was able to install freeipa-client package ("sudo apt-get install -y freeipa-client"). However, to have it working the "ipa-client-install" command must be executed and there was still some preparation to ostensibly be done in precedence to executing the "ipa-client-install" command.

What is unclear is what directories I need to have in a write accessible state for freeipa-client to function within the BliKVM environment. As such, I then created these directories:

mkdir -p /mnt/persistent/var/lib/ipa-client/{pki,sysrestore}
mkdir -p /mnt/persistent/var/log/sssd
mkdir -p /mnt/persistent/etc/sssd
mkdir -p /mnt/persistent/var/lib/sss

I then added these entries to /etc/fstab:

/mnt/persistent/var/log/sssd /var/log/sssd none bind 0 0
/mnt/persistent/var/lib/ipa-client /var/lib/ipa-client none bind 0 0
/mnt/persistent/var/lib/sss /var/lib/sss none bind 0 0
/mnt/persistent/etc/sssd /etc/sssd none bind 0 0

I then rebooted the BliKVM.

Succeeding a reboot I checked using this command if things looked okay:
mount | awk '($1 !~ /tmp/ && $3 ~ /var|etc/) {print $0;}'

I then executed the ipa-client-install command with the appropriate parameters, which caused the BliKVM instance to join the domain and it showed that the ipa-client-install was indeed successful.

I then rebooted the BliKVM.

After all that the sssd.service would not start as it seemed to stand absent a database of some sort that I am still researching as to why it did not work.

[m50S79sM6SRNp8Jn]

After all that the sssd.service would not start as it seemed to stand absent a database of some sort that I am still researching as to why it did not work.

Confirm if the sss.db files exist after reboot:

ls -lh /var/lib/sss/db/

If the database is missing, manually create it and set proper permissions:

rm -rf /var/lib/sss/db/*
sss_cache -E
systemctl restart sssd

Ensure the right ownership:

chown -R sssd:sssd /var/lib/sss /etc/sssd
chmod 700 /var/lib/sss/db

Remember to check the mount points.

[n3gwg]

I was unable to find the sss_cache command on my BliKVM image even after having uninstalled freeipa-client and reinstalled it (using apt, not the ipa-client-install command) and said binary did not exist.

root@blikvm(rw):/# find / -name 'sss_cache' -print
root@blikvm(rw):/#

That said, perhaps that directory /var/lib/sss/db must also be bound as well within /etc/fstab.

[m50S79sM6SRNp8Jn]

I was unable to find the sss_cache command on my BliKVM image even after having uninstalled freeipa-client and reinstalled it (using apt, not the ipa-client-install command) and said binary did not exist.

root@blikvm(rw):/# find / -name 'sss_cache' -print root@blikvm(rw):/#

That said, perhaps that directory /var/lib/sss/db must also be bound as well within /etc/fstab.

Looks like you need to update /etc/fstab to include:

/mnt/persistent/var/lib/sss/db /var/lib/sss/db none bind 0 0

[n3gwg]

I am trying that as well as updating my instructions to use:
mkdir -p /mnt/persistent/var/lib/sss/db

instead of:
mkdir -p /mnt/persistent/var/lib/sss

[n3gwg]

I ran:
ipa-client-install --uninstall --unattended
rm /var/lib/ipa-client/sysrestore/sysrestore.state
rm /etc/sssd/sssd.conf.deleted
journalctl --vacuum-time=1s --rotate

then I ran the ipa-client-install again, whereupon I noticed that sssd was unsuccessfully starting.

sssd[4318]: Starting up
sssd[4318]: dbus[4318]: arguments to dbus_server_get_address() were incorrect, assertion "server != NULL" failed in file ..>
sssd[4318]: This is normally a bug in some application using the D-Bus library.
sssd[4318]: D-Bus not built with -rdynamic so unable to print a backtrace
systemd[1]: sssd.service: Main process exited, code=killed, status=6/ABRT

This was the first sssd error in the journal after the installation.

[m50S79sM6SRNp8Jn]

I ran: ipa-client-install --uninstall --unattended rm /var/lib/ipa-client/sysrestore/sysrestore.state rm /etc/sssd/sssd.conf.deleted journalctl --vacuum-time=1s --rotate

then I ran the ipa-client-install again, whereupon I noticed that sssd was unsuccessfully starting.

sssd[4318]: Starting up sssd[4318]: dbus[4318]: arguments to dbus_server_get_address() were incorrect, assertion "server != NULL" failed in file ..> sssd[4318]: This is normally a bug in some application using the D-Bus library. sssd[4318]: D-Bus not built with -rdynamic so unable to print a backtrace systemd[1]: sssd.service: Main process exited, code=killed, status=6/ABRT

This was the first sssd error in the journal after the installation.

D-bus is running?

systemctl status dbus

If not active, enable it

systemctl start dbus
systemctl enable dbus

Restart D-Bus and SSSD

systemctl restart dbus
systemctl restart sssd

[n3gwg]

dbus is absolutely runniung, it was the first thing I checked. In fact, I just rebooted and ran a status on dbus and on sssd, whereupon dbus was running but sssd was not.

That said, I need to re-run the ipa-client-install as sssd is currently not configured I realized (since the last reboot).
However, after running the ipa-client-install I still see the start as being unsuccessful, despite dbus being up fully.

[m50S79sM6SRNp8Jn]

That said, I need to re-run the ipa-client-install as sssd is currently not configured I realized (since the last reboot). However, after running the ipa-client-install I still see the start as being unsuccessful, despite dbus being up fully.

You could start SSSD in debug mode

sssd -i -d 10

Are there any clues in the SSSD Logs?