[Freeipa-users] FreeIPA for Linux desktop deployment
Adam Young
ayoung at redhat.com
Sun May 1 01:39:13 UTC 2011
On 04/30/2011 12:10 PM, JR Aquino wrote:
> On Apr 29, 2011, at 11:45 PM, "nasir nasir"<kollathodi at yahoo.com<mailto:kollathodi at yahoo.com>> wrote:
>
> Hi All,
>
> First of all, many thanks indeed to the developers and community for making some great strides in the open source IPA world !
>
> I am planning for a Linux deployment with the following requirements.
>
> -- About 50 Linux clients running Kubuntu (can change this to ubuntu if necessary)
No need. The client side of IPA is completly agnostic of the XWindows
system or anything running in it. THe GUI is completely Web
technologies, and so you can hit from the Mozilla Browser just fine from
Kubuntu.
> -- Centralized authentication
Yes
> -- Centralized storage with iSCSI for /home folder for each user by means of a dedicated storage
IPA manages Automount, which is possibly what you want. Are you going
to give each user their own partition that follows them around, or are
you going to give the a home directory on a a NAS server? I Have to
admit, the iSCSI home mount sounds interesting. You could probably get
automount to help you out there, but at this point I think that you
would need a separate key line for each user.
Note that iSCSI won't help you if you want to mount the same partition
on multiple clients. For this, you either need a distributed File
System, or stick to NFS.
> -- NO Windows or other users
Dare I say Hooray?
> -- Admin should be able to create and modify the accounts of all the users
Yes
> -- Admin should be able to set password policies
> -- Allocate /home folder for each user from the storage through iSCSI
Outside the realm of IPA, but possible to do from a central server...see
above comments. But if you mount the home directory on the FreeIPA
server via NFS, you should be able to create directories upon adding a user.
> -- Server can be CentOS/RHEL (or even Fedora if absolutely required)
Agree with JR: go with Fedora 15 as that is where the most focused
development is happening. F15 will ship with the 2.0 version of IPA.
It is in Beta now, and should be stable enough for you to start setting
up your environment. CentOS hasn't release a version compatable with
RHEL6, and the supported version of IPA is going to ship in the RHEL 6
series.
> -- Any other administration of users if possible !
Centralized SUDO, and Host Based Access controls are two features you
probably want to at least look over. Plus, IPA comes with good DNS
integration, and you'll want to make each managed host reachable on your
network, DNS support is pretty important. The ability to delegate
authority for tasks, nesteg groups, and netgroup/hostgroup support all
help in centralizing administration.
> I was wondering whether FreeIPA makes sense to me in this scenario ? can it satisfy all these or at least some of these ? if not, can anyone suggest me some alternative solutions which are open source ? I am flexible on the requirements and can make modifications if that is required.
I think FreeIPA is the perfect starting point for you.
> I would really appreciate any feedback on this.
>
> Thanks in advance and regards,
> Nidal
>
> ______________________________
>
> Yes Nidal, you will find that FreeIPA satisfies almost all of these requirements. iSCSI managment is not a feature of FreeIPA.
>
> If you are looking to begin now, I would recommend that you start with Fedora as your base server distro.
>
> IPA will be available for RHEL as a Feature preview in 6.1 with plans to be fully supported and integrated by 6.2.
>
> -JR
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list