Hide Forgot
Description of problem: FreeIPA is looking great in recent versions. Servers add smoothly, Linux clients as well. How about OS-X? Is it reasonable to create a "profile generator" for Macs? http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8%20%22Linsec.ca%20tutorial%20for%20connecting%20Mac%20OS%2010.7%20to%20IPA%20Server demonstrates that it's rather mechanical, but there are a lot of details to cover. http://support.apple.com/kb/PH14274 covers some of the capabilities of configuration profiles. Expected results: Adding a machine in the FreeIPA "hosts" UI could allow a configuration profile to be generated. When installed on the target Mac, the machine would be ready to use on the network. Encapsulating the settings like this also means the Mac user should be able to uninstall the configuration by existing means. This maps well to the "ipa-client-install" paradigm that exists for Linux. Apologies if this is the wrong place to file this kind of thing.
Hi Brian, you are welcome to contribute a plugin to 'ipa-advise' tool. These plugins can easily inspect content of IPA database and generate scripts that could be run on the client side. You can see how we implemented existing plugins in https://git.fedorahosted.org/cgit/freeipa.git/tree/ipaserver/advise/ For example, legacy clients plugin implements a variety of configurations for Linux and FreeBSD systems: https://git.fedorahosted.org/cgit/freeipa.git/tree/ipaserver/advise/plugins/legacy_clients.py
I will create an upstream ticket for this request. Note that we would still like to encourage you (or anyone else from the OS-X community) to contribute the mentioned ipa-advise plugin if you want to speed things up.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/4813
The issue is now tracked in upstream Trac as an RFE. We would like to encourage all OS-X users to help us with this use case as we probably won't be able to tackle it ourselves any time soon. Until then, I am closing this bug.