On 01/29/2014 09:44 PM, John R Pierce wrote:
On 1/28/2014 4:45 AM, Sorin Srbu wrote:
Use IPA. It combines LDAP with Kerberos, a server-client environment is
easily setup and the documentation (RHEL deployment) is very helpful.
Thank you. I'll look it up.
LDAP and Kerberos though. That does sound a lot like Microsoft Active Directory.8-)
--
FreeIPA provides an open source Active Directory equivalent. its pretty easy to setup a simple directory server, and it can expand to be an enterprise-wide directory. it allows both linux and windows computers to participate in the authentication domain.
yes, its basically LDAP and Kerberos, with a management suite.
I've been following this with interest, about once every 6 months this topic is raised. From my observation there now appear to be two possible solutions: 1. FreeIPA - gives genuine LDAP and Kerberos with some web front end management 2. Samba4 - gives a windoze interoperable AD implementation, not sure how "standards" based this is, it is engineered to follow micro$oft's implementation and work well for windoze clients.
Issues: option 1 will work very well with linux clients, considerable work to get all the required windoze functions working option 2 - early days of implementation, CentOS does not yet support the complete package needed for full windoze integration. decent documentation in the form of a howto for server, linux client, windoze (many versions), iOS and Android are not yet out there. As evidenced by the few that have "been there, done that" they ALL say it takes A LOT of time and effort, and getting all the bits involved, just right, is difficult.
My appeal to those that have been there - how do we get all the tiny details that matter, documented, so that the black art / trial and error (months of) can be eliminated. Living in the hope that this will one day be accessible to the rest of us that cannot afford the many months of trial and error and frustration. BTW, I have tried openLDAP, 389 implementations, samba3 and a trial of samba4, all with limited success - there were always a few combinations that failed to work for me and I do not have the resources (mainly time/$$) to just keep trying.