Am 08.04.2009 um 19:30 schrieb Les Mikesell:
Robert Moskowitz wrote:
I've been watching the discussion and read the RHEL docs about IPA and thought "At Last" something that brings together all the bits for the little guy. Now it appears the RH is going to drop the ball. I have tried OpenLDAP and currently have a CentOS-DS running but am missing the bits that glue it all together. The actual core services (LDAP (either variant) Kerberos PAM samba etc) are simple enough to install on CentOS but the stuff that makes it "just work" is very difficult for me to get my head around and thus I've never actually got a setup working well enough to risk on my clients.
I have started with SME: http://wiki.contribs.org/Main_Page
This is a good NT Domain + equiv on Centos 4.7 and they have Centos 5.2 (I hope now 5.3) in beta.
I have not looked enough into their roadmap to see what is being done with LDAP...
Another effort on Fedora is Amahi.org. This is more a home product with a WorkGroup orientation. The inclusion of home apps like streaming music makes it very attractive.
SME is a well organized effort, originally back? by Mitel. Amahi started as a one-man effort (though the one man behind it has impressive credentials) and has developed a 'plugin' community.
Craig well knows the efforts of a couple of k12 guys to get some SAMBA integration together (http://majen.net/smbldap/). This seems to have stagnated.
I am hoping that SME continues to evolve. Their VoIP version is the perfect place to get serious with LDAP.
Has anyone looked at the version of ClarkConnect now in beta? This is similar to SME but perhaps a more modern approach (and with separate free/commercial versions...). The blurb claims that the initial setup provides LDAP authentication for easy expansion. That's something I've thought every Linux distro should have had for years, but I don't know if it actually works.
Maybe I understood that wrong, but the point about Free/RHEL-IPA is/ was that it doesn't use LDAP for authentication. It uses Kerberos for that. There are - as far as I understood - no passwords in LDAP.
FreeIPA isn't really intended as a Samba-replacement, but as a NIS- replacement. If you're like me and have possibly hundrets of unix-servers to maintain, being able to provide a sane, centralized login-management for them would be not great, it would be a revolution ;-)
It's AD for Unix done right. Or mostly - I've only played briefly with it (lack of time).
IMO, if you have Windows-Clients, you need a Windows-Server, earlier or later (and AD, or buy into the Novell-stack...). Stuff like IPA will eventually help you to keep the Unix- and Windows- world synchronized without foisting anything on any of them that they weren't really intended to do.
Rainer