[Freeipa-users] FreeIPA for Linux desktop deployment

Adam Young ayoung at redhat.com
Sun May 1 01:39:13 UTC 2011 

On 04/30/2011 12:10 PM, JR Aquino wrote:
> On Apr 29, 2011, at 11:45 PM, "nasir nasir"<kollathodi at yahoo.com<mailto:kollathodi at yahoo.com>>  wrote:
>
> Hi All,
>
> First of all, many thanks indeed to the developers and community for making some great strides in the open source IPA world !
>
> I am planning for a Linux deployment with the following requirements.
>
>     -- About 50 Linux clients running Kubuntu (can change this to ubuntu if necessary)

No need.  The client side of IPA is completly agnostic of the XWindows 
system or anything running in it.  THe GUI is completely Web 
technologies, and so you can hit from the Mozilla Browser just fine from 
Kubuntu.

>     -- Centralized authentication
Yes

>     -- Centralized storage with iSCSI for /home folder for each user by means of a dedicated storage
IPA manages Automount, which is possibly what you want.  Are you going 
to give each user their own partition that follows them around, or are 
you going to give the a home directory on a a NAS server?  I Have to 
admit, the iSCSI home mount sounds interesting.  You could probably get 
automount to help you out there, but at this point I think that you 
would need a separate key line for each user.

Note that iSCSI won't help you if you want to mount the same partition 
on multiple clients.  For this, you either need a distributed File 
System, or stick to NFS.

>     -- NO Windows or other users
Dare I say Hooray?
>     -- Admin should be able to create and modify the accounts of all the users
Yes
>     -- Admin should be able to set password policies
>     -- Allocate /home folder for each user from the storage through iSCSI
Outside the realm of IPA, but possible to do from a central server...see 
above comments.  But if you mount the home directory on the FreeIPA 
server via NFS, you should be able to create directories upon adding a user.
>     -- Server can be CentOS/RHEL (or even Fedora if absolutely required)

Agree with  JR:  go with Fedora 15 as that is where the most focused 
development is happening.  F15 will ship with the 2.0 version of IPA.  
It is in Beta now, and should be stable enough for you to start setting 
up your environment.  CentOS hasn't release a version compatable with 
RHEL6, and the supported version of IPA is going to ship in the RHEL 6 
series.
>     -- Any other administration of users if possible !
Centralized SUDO, and Host Based Access controls are two features you 
probably want to at least look over.  Plus, IPA comes with good DNS 
integration, and you'll want to make each managed host reachable on your 
network, DNS support is pretty important.  The ability to delegate 
authority for tasks, nesteg groups, and  netgroup/hostgroup support all 
help in centralizing administration.

> I was wondering whether FreeIPA makes sense to me in this scenario ? can it satisfy all these or at least some of these ? if not, can anyone suggest me some alternative solutions which are open source ? I am flexible on the requirements and can make modifications if that is required.
I think FreeIPA  is the perfect starting point for you.

> I would really appreciate any feedback on this.
>
> Thanks in advance and regards,
> Nidal
>
> ______________________________
>
> Yes Nidal, you will find that FreeIPA satisfies almost all of these requirements.  iSCSI managment is not a feature of FreeIPA.
>
> If you are looking to begin now, I would recommend that you start with Fedora as your base server distro.
>
> IPA will be available for RHEL as a Feature preview in 6.1 with plans to be fully supported and integrated by 6.2.
>
> -JR
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list