[Freeipa-users] General question about FreeIPA : roaming profiles in a school?
Dmitri Pal
dpal at redhat.com
Sat Oct 30 15:27:09 UTC 2010
Niki Kovacs wrote:
> Hi,
>
> I'm an Austrian Linux user living in South France, and I recently
> installed a 100% Linux computer room in a school here. Currently every
> machine only has one "public" user, and then every single user (teacher
> as well as student) has his own directory on a Samba File server. This
> is an intermediary solution, while I try to get a grasp on configuring
> roaming profiles. The server is running CentOS 5.5 (headless, e. g.
> without X), and the desktops are either a personal mix of CentOS and
> Fedora, or openSUSE 11.3.
>
> I've spent some time wading through LDAP, NFS, NIS, Samba and autofs
> documentation and the various mixes of these, but it all seems like a
> mysterious mess.
>
> Someone from the CentOS mailing list suggested I take a peek on FreeIPA.
> So I took a look on the website, and now I thought I'd simply ask on
> this list.
>
> Here's basically what I need.
>
> 1) One simple server, running CentOS 5.5. All the user accounts
> (teachers, students) should be managed centrally on the server.
>
>
We do development of IPA on Fedora but you can try CentOS.
FreeIPA is the domain controller so all the data is centrally managed.
The version in Fedora is 1.2. It is a bit old. We are actively working
on the v2 that will come pretty soon. We have released several alphas in
the past. See the website.
The next alpha is brewing. Here are some latests builds. They are work
in progress so can be bumpy but it now has much more than you ask.
The repository is located at:
http://jdennis.fedorapeople.org/ipa-devel
The Fedora repo config file can be downloaded here:
http://jdennis.fedorapeople.org/ipa-devel/ipa-devel-fedora.repo
Also project trac instance for issues is here:
https://fedorahosted.org/freeipa/
On the client you might want to consider using SSSD.
https://fedorahosted.org/sssd/ it is now a part of many distributions.
But you can start with nss_ldap/pam_ldap or pam_krb5 and move to SSSD later.
> 2) All the user data are stored centrally on the server, preferably with
> quotas (for example max. 1 GB per user).
>
> 3) Ideally every user should be able to connect to his or her account
> from any client machine in the computer room.
>
> 4) Ideally, this solution should work for both CentOS 5.5 and openSUSE
> 11.3 client machines.
>
> 5) Ideally, users can be managed (added / removed) graphically through
> some dedicated tool, so I can leave this to someone who doesn't
> necessarily have system administration skills.
>
> 6) Ideally, the whole setup should not be a nightmare to secure.
>
> So here's my simple question : is FreeIPA the right tool for this ? Can
> it do all these things without me having to jump through burning
> loops ?
>
>
I hope it really is. And we will be glad to work with you if you spot
any leaking loops or burning hoops :-).
> I'm no lamer for RTFM, so if you simply say "yes, it is", I'll happily
> dive into the documentation.
>
> Cheers from the storm-swept South of France,
>
> Niki Kovacs
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list