Package Base Details: freeipa

Git Clone URL: (read-only, click to copy)
Keywords: freeipa identity management policy trusts
Submitter: chenxiaolong
Maintainer: backerman
Last Packager: backerman
Votes: 19
Popularity: 0.24
First Submitted: 2012-11-15 23:50
Last Updated: 2020-10-22 03:35

Latest Comments

« First ‹ Previous 1 2 3 4 5 Next › Last »

Lompik commented on 2016-09-03 13:38

I tested version 4.4. Overall it seems to work. Thanks for bundling this.

There is still an issue domainname service which doesn't exist on Arch. The error is " Command '/bin/systemctl restart domainname.service' returned non-zero exit status 5". That will fail the ipa-client-install script but most things seems functional after that.

Also, dependency of python-ipalib and python-ipaclient aren't discovered automatically by yaourt when building but I guess this is not your problem.

grubber commented on 2016-06-28 05:24

Lompik, thanks for the report. My plan is to update the package to 4.4 once it's released (should be this week), as there are multiple portability improvements.

Lompik commented on 2016-06-07 14:13

I had two fatal errors testing the WIP ipa-client-install(4.2.3):

- Arch does not have a systemd domainname service (see for feodra's one):
> subprocess.CalledProcessError: Command ''/bin/systemctl' 'restart' 'domainname.service'' returned non-zero exit status

- issue with sshd service definition (get_config_dir() returns none instead of '/etc/sshd'):

> File "/usr/bin/ipa-client-install", line 1202, in configure_sssd_conf
> ssh_dir = services.knownservices.sshd.get_config_dir()

my fix was to replace archlinux_service_class_factory :

#def archlinux_service_class_factory(name):
# return ArchLinuxService(name)
from ipaplatform.redhat import services as redhat_services
def archlinux_service_class_factory(name):
return redhat_services.redhat_service_class_factory(name)

revellion commented on 2016-05-26 13:40

I'll give it a test and see if it works and report back.

grubber commented on 2016-05-19 17:39

I was waiting on some more reviews of the WIP package below before pushing it, but there weren't any. Does the WIP package work for you?

revellion commented on 2016-05-16 14:25

Any update on this package?. Or is it orphaned?

grubber commented on 2016-01-06 19:38

Hi qrkourier, thanks for testing, could you please upload /var/log/ipaclient-install.log for me somewhere?

Anyway, I have update the source package at:

qrkourier commented on 2016-01-05 23:44

After installing package groups "base" and "base-devel" and packages "openssh" and "subversion" I was able to satisfy the dependencies of AUR package "freeipa" by building and installing additional AUR packages "python2-kerberos", "python2-krbv", "python2-nss", "certmonger", "oddjob", and "pam-krb5" in Antergos Linux release 2015.12 (ISO-Rolling).

Still, while executing "$ ipa-client-install" I encountered an error that resulted in automatic rollback of the client's changes:

$ sudo ipa-client-install
Created /etc/ipa/default.conf
New SSSD config will be created
Configured /etc/sssd/sssd.conf
Failed to add CA to the default NSS database.
Installation failed. Rolling back changes.
messagebus failed to start: Command '/usr/bin/systemctl start messagebus.service' returned non-zero exit status 6
Unenrolling client from IPA server
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Failed to remove krb5/LDAP configuration:

# I rebooted at this point in case changing the local hostname to an FQDN matching the realm name had somehow hosed the system

$ sudo ipa-client-install --uninstall
messagebus failed to start: Command '/usr/bin/systemctl start messagebus.service' returned non-zero exit status 6
Unenrolling client from IPA server
Unenrolling host failed: Error obtaining initial credentials: Key table entry not found.

Removing Kerberos service principals from /etc/krb5.keytab
Failed to remove Kerberos service principals: Command '/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r EXAMPLE.COM' returned non-zero exit status 5
Disabling client Kerberos and LDAP configurations
Failed to remove krb5/LDAP configuration:

# It's not clear how to unfuzz this situation.

grubber commented on 2015-12-22 09:16

Hi Dimitrije, thanks for testing!

Yes, there are indeed some AUR-only dependencies. The only dependency that is not available in the required minimal version in AUR is certmonger though. I have already notified the maintainer to update the package some time ago.

dimitrije commented on 2015-12-16 00:17

Hi all,

I tried Grubber's WIP, managed to install it. There were 5 dependencies that had to be installed via yaourt as pacman didn't found them in repos.
Also, dependencies which were needed to be installed via yaourt required changes to BUILD files due to newer versions needed, download URLs needed to be fixed and hashes changed accordingly and had dependencies of their own to tackle. At the end, all dependencies installed and FreeIPA, latest version installed.

Sorry for not giving more details, it's 2AM, and I didn't keep the track of what packages needed changes but the install process takes you through and is clear of what packages/BUILD files need to be installed/reconfigured.

When I get the time to configure IPA and test, will send more comments.