Hope this helps to save some of some time digging. And I know, freeipa-server on a non LTS release is daft..
apt-get install freeipa-server-trust-ad #This has been mentioned elsewhere, and it should either be a dependency OR it's absence should not break things as it currently does
sudo mkdir /etc/krb5.conf.d/ #Apparently this is expected by ipa-server to have been generated by one of the kerberos packages but is not..
mkdir -p /usr/libexec/ipa sudo ln -s /usr/lib/ipa/ipa-httpd-kdcproxy /usr/libexec/ipa/ipa-httpd-kdcproxy
#The last two lines are a pretty dirty hack as I couldn't work out where in the ipa-server-install the file /etc/systemd/system/apache2.service.d/ipa.conf is created or updated. This file has a bad path to ipa-httpd-kdcproxy so ideally there should be some logic to check where it is before defining a path to it.
David Harvey via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
sudo mkdir /etc/krb5.conf.d/ #Apparently this is expected by ipa-server to have been generated by one of the kerberos packages but is not..
There's a PR open for this in [1]. Since it hasn't merged, though, it's probably not going to get a backport.
Additionally, after the Stretch release, the Debian maintainers will be adding /etc/krb5.conf.d behavior to their krb5.
Thanks, --Robbie
1:
Robbie Harwood via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
David Harvey via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
sudo mkdir /etc/krb5.conf.d/ #Apparently this is expected by ipa-server to have been generated by one of the kerberos packages but is not..
There's a PR open for this in [1]. Since it hasn't merged, though, it's probably not going to get a backport.
Probably would help if I included the link: https://github.com/freeipa/freeipa/pull/623
On 15.06.2017 15:39, David Harvey via FreeIPA-users wrote:
Hope this helps to save some of some time digging. And I know, freeipa-server on a non LTS release is daft..
did you mean 17.04, since 4.4.4-1 is in 17.10 and fixed all the issues you listed.. ?
doh. Yes, I did mean 17.04. /facepalm
On Tue, Jun 20, 2017 at 9:40 AM, Timo Aaltonen tjaalton@ubuntu.com wrote:
On 15.06.2017 15:39, David Harvey via FreeIPA-users wrote:
Hope this helps to save some of some time digging. And I know, freeipa-server on a non LTS release is daft..
did you mean 17.04, since 4.4.4-1 is in 17.10 and fixed all the issues you listed.. ?
freeipa-users@lists.fedorahosted.org
-
David Harvey -
Robbie Harwood -
Timo Aaltonen