[Freeipa-users] New project
Johan Venter
mythtv at vulturest.com
Tue Nov 4 01:05:50 UTC 2008
Hi all,
After my last foray into IPA and authentication on Windows I have a new
project that I would like some ideas on.
Basically my requirements are the normal ones:
- Centralised authentication on:
* Unix/Linux
* Windows
- Directory-based users where I can modify/add objectClasses to
achieve the property schema required
- Group-based access control on Unix (already achievable through
security.conf and sudoers)
Obviously IPA meets all of the above requirements and I'm quite
comfortable setting it up.
However, I need to be able to do group-based access control on Windows
(ie mapping IPA groups to Windows local users instead of * or individuals).
I know this may not be an IPA specific answer, but I am unsure of other
communities where a number of domain experts frequent (if you could name
some I will take my questions there if needed).
I would like to achieve the above without the use of Active Directory -
if Samba 4 was in a usable state it would be perfect for this sort of
project, however I cannot wait for it to stabilise to implement what is
needed.
Given all the technologies involved: Kerberos (MIT), LDAP (doesn't
matter, happy with OpenLDAP, Fedora/RedHat/etc DS), AD (if we have to)
can anyone suggest a way to achieve the above with or without IPA, with
or without AD?
Thank you for all the assistance I have received on this list in the
past, you guys really know your stuff.
Regards,
Johan
More information about the Freeipa-users
mailing list