[Freeipa-users] Desperate help requested.
Steven Jones
Steven.Jones at vuw.ac.nz
Thu Aug 30 20:53:51 UTC 2012
Hi,
The biggest thing is really shear control. With the best will in the world AD is not unix orientated....
You can control who logs in to a server and from where, you can control who gets root remotely (or any other su - *) via IPA's sudo module. You can control what they can do like no-ftp, allow ssh, no login (console), sudo and its all easy to add users to and from via the web ui (once you get the hang of it).
Ive gone through what you have gone through I feel your pain.....the problem is really Windows ppl dont understand and dont want to, I think its fear it certainly isnt logic.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Friday, 31 August 2012 8:41 a.m.
To: David Juran; KodaK
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Desperate help requested.
Hi,
Also if its straight into AD Im not aware you can use AD to control a Linux authentication and authorisation adequately without something like likewise or centrify. I think the best yiu can do is one group?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of David Juran [david at juran.se]
Sent: Thursday, 30 August 2012 7:30 p.m.
To: KodaK
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Desperate help requested.
On lör, 2012-08-25 at 23:05 -0500, KodaK wrote:
> I've just been informed by my boss's boss's boss that, and I quote
> from his ridiculous email:
>
> "we cannot use anything other than MS AD for authentication"
>
> I've spent months of time and much effort rolling out IPA,
> consolidating authentication across our Linux and AIX machines. To
> paraphrase Babbage: I am not able rightly to apprehend the kind of
> confusion of ideas that could provoke such a statement.
>
> Regardless, I need some help. I need some help with comparisons
> between FreeIPA and AD, and the problems and issues one might
> encounter when trying to authenticate Unix machines against AD.
> Anything that can show IPA being superior to AD for *nix
> authentication. Anything at all. We have a similar number of AIX and
> Linux servers. We have a week before we have a meeting to discuss
> this, and I'd like to be armed to the teeth, if at all possible.
Apart from what everyone else already pointed out, I believe that if you
register the Linux host in the AD, you'll need to purchase a CAL for
it...
/David
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list