[Freeipa-users] FreeIPA questions

Mon May 9 21:16:31 UTC 2011

SR wrote:
> I'm new to FreeIPA and this list so please forgive me for the n00b
> questions. I have what I think is a pretty straight-forward use for
> FreeIPA. We have an Active Directory environment with a few hundred
> users. We are starting to increase our number of Macs and need a
> directory solution. There are some issues with Macs in AD which Apple
> doesn't seem interested in addressing. Open Directory would be nice if
> we only had Macs but it doesn't allow for syncing accounts to AD, so it
> won't work for us.
>
> Based on what I've read about FreeIPA, it seems like it would be a good
> fit for us.
>
> The problem I'm having is that I can't seem to even get FreeIPA
> installed. I've tried using Fedora 10 with all the latest updates. I've
> tried adding different .repo files I've found on the various FreeIPA
> pages, but none of them seem to be working for me.
>
> So, my questions are:
>
> 1) What is the best distro for running FreeIPA. I'd rather not purchase
> RHEL, so it sounds like Fedora is the way to go. I just finished
> downloading Fedora 14 and will give that a try unless someone recommends
> something else.

freeipa v2 really only supports Fedora 15 right now, which hasn't quite 
shipped yet. It should be released real soon now.

It works on Fedora 14 but you need to get some packages from our 
development repo (you can find the link to it on the Download page on 
freeipa.org). You'd end up with some unsupported packages which isn't a 
good place to be on the core of your infrastructure.

> 2) Is version 2 highly recommended over version 1 or does version 1 have
> sufficient features to use it in a production environment? Essentially,
> we have about 30 current Macs users (and growing) that we want to create
> accounts for in FreeIPA and have sync'd to AD (or vice versa). The users
> will need the ability to change their passwords.

For new users e only do 1-way user sync right now, just AD -> freeipa. 
Existing users in both IPA and AD will be kept in sync, as are passwords 
if you install the PassSync service on all your AD PDCs.

>
> 3) What is the best way to install FreeIPA? I'm having problems with yum
> (see errors below) so I was wondering if there was another way, e.g., RPMs.
>
> # yum install freeipa-server
> Loaded plugins: refresh-packagekit
> Could not retrieve mirrorlist
> http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-10&arch=x86_64
> error was [Errno 4] IOError: <urlopen error (101, 'Network is
> unreachable')>
> http://archive.fedoraproject.org/pub/archive/fedora/linux/releases/10/Everything/x86_64/os/repodata/repomd.xml:
> [Errno 4] IOError: <urlopen error (-2, 'Name or service not known')>
> Trying other mirror.
> fedora | 2.8kB 00:00
> updates | 3.4kB 00:00
> Setting up Install Process
> No package freeipa-server available.
> Nothing to do

Fedora 10 is no longer supported by Fedora, though I'm surprised the 
archive isn't still up. In any case you want Fedora 15.

rob