[Freeipa-devel] Mixed environment - MS and NIX
Christoffer Strömblad
chris.stromblad at hush.com
Mon Jan 19 15:12:49 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Dimitri,
Thanks for your reply. I'll definitely try the FreeIPA + winsync
combination, might be a winner. Appreciate the suggestion.
Regards,
Christoffer
On Mon, 19 Jan 2009 16:06:00 +0100 Dmitri Pal <dpal at redhat.com>
wrote:
>Hi Christoffer,
>
>There are different options you have.
>You can use Samba 3 to make the UNIX/Linux machines authenticate
>against AD.
>You can use pure FDS as your Linux IDM but IPA is definitely
>better
>suited for this purpose.
>FreeIPA 1.2.1 has the AD synch functionality. I would suggest you
>evaluating this component.
>If the capabilities it provides meet your needs then FreeIPA +
>winsync
>component will be the first choice.
>If the functionality is not enough you may consider using winsync
>that
>comes with FDS but in this case you would have to use bare bones
>FDS and
>would loose all the advantages of the integration of the
>FDS+Kerberos
>that IPA provides.
>
>Thank you
>Dmitri
>
>
>Christoffer Strömblad wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi list,
>>
>> I'm currently doing a "pre-study" for a project where a company
>is
>> trying to standardize their use of Linux into a coherent,
>centrally
>> managed system. Part of this is to manage and authenticate
>users,
>> again centrally.
>>
>> Now I'm very much in-love with open source software, but as much
>as
>> I'd like to simply provide a separate system for all of this we
>> live in a mixed environment and business requirements. One of
>these
>> dreaded requirements is to use AD for authentication.
>>
>> Now to the questions:
>> 1) Is it possible to somehow replicate data from an AD over to
>> fedora directory service? (I think this is a yes from what I've
>> read)
>>
>> 2) If yes on 1) will it be possible for Linux computers to
>> authenticate against the FDS rather than the AD?
>>
>> 3) If yes on 2), when updates are made to FreeIPA to implement
>more
>> functionality, will it still be possible to replicate the basic
>> user data for authentication without "disturbing" the new
>> functionality?
>>
>> 4) Any alternatives you recommend or suggest me to look into?
>>
>> Kind regards,
>> Christoffer
>>
>> PS: My apologies if these questions are/were not appropriate for
>> the list.
>> -----BEGIN PGP SIGNATURE-----
>> Charset: UTF8
>> Note: This signature can be verified at
>https://www.hushtools.com/verify
>> Version: Hush 3.0
>>
>>
>wpwEAQECAAYFAkl0UXEACgkQoGiwk4tHXN2xBgP/QM6E/yEmg60pOp+jFqXCdZexI7T
>A
>>
>wMfJIxcVJRcXlYK637AzL7uKWTz0QiOVIdMXORLrYsFxl36zUtHsb3h2jfzbcP63uqP
>O
>>
>8TnvMjttTmmP4jjGTdFFPy1PVFLU9gb9KXptzS7mkne8lnFEtRXfHlqQxW17fNgh15m
>5
>> QwiYNOA=
>> =BxKf
>> -----END PGP SIGNATURE-----
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify
wpwEAQECAAYFAkl0mHEACgkQoGiwk4tHXN0NqgP+LluHqF3BzNkQwVJ7IF6TbXWkK518
eM5JuumOEf6SOXkYDf/z04isGemD/RDnvyp6AFqoziora6pGKeKpjZgikf+Ex3gdkpud
t8uVZ0zP6pWasi10l/1PWqihmYoSX4g6fqulwgiAnBW9KSdjdvSfErcs+D/xvmukzPM6
UchAkC0=
=Hawj
-----END PGP SIGNATURE-----
More information about the Freeipa-devel
mailing list