Hello all,
Is anybody using http://freeipa.org on a CentOS 6 server? Is it working well?
Thanks.
Boris.
Is anybody using http://freeipa.org on a CentOS 6 server? Is it working well?
Yes and yes.... I suggest checking out the FreeIPA mailing list and IRC channel if you have any trouble as you'll find quite a few people there.
As a heads up IPA 2.2 will be coming in CentOS 6.3 which includes SSH key maintenance in IPA and form based authentication for when you don't have a kerberos token to pass to the IPA interface.
2012/6/26 James Hogarth james.hogarth@gmail.com:
Is anybody using http://freeipa.org on a CentOS 6 server? Is it working well?
Yes and yes.... I suggest checking out the FreeIPA mailing list and IRC channel if you have any trouble as you'll find quite a few people there.
As a heads up IPA 2.2 will be coming in CentOS 6.3 which includes SSH key maintenance in IPA and form based authentication for when you don't have a kerberos token to pass to the IPA interface.
Hi,
deployed it at work, two (kvm) instances for HA, with DNS. Named segfaulted here and there, and when the master instance failed, takeover didn't work for whatever reason. A really nice piece of software i'd have liked to continue to use, but not yet prod ready imho. I guess I'll have another look after 6.3. HTH, Laurent.
Named segfaulted here and there, and when the master instance failed, takeover didn't work for whatever reason.
I have four IPAs replicating together across two DCs with full DNS and CA integration plus using it for sudo management as well.... fully stable.
Have never seen the behaviour you describe and there is no 'master' to take over from since it is multi master.... so no take over even exists much less is required....
On 06/27/2012 06:39 PM, James Hogarth wrote:
Named segfaulted here and there, and when the master instance failed, takeover didn't work for whatever reason.
I have four IPAs replicating together across two DCs with full DNS and CA integration plus using it for sudo management as well.... fully stable.
Have never seen the behaviour you describe and there is no 'master' to take over from since it is multi master.... so no take over even exists much less is required.... __________________________
Is there a HOWTO for this somewhere? Sounds like a very useful setup.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Is there a HOWTO for this somewhere? Sounds like a very useful setup
All the docs needed to set up that bit can be found on docs.redhat.com ... the identity management guide in the rhel6 section.
I've written some more advanced guides on the freeipa wiki (look at how tos under documentation) covering Apache auth against IPA and IPA for httpd certificate management... will soon add my kvm/libvirt/vnc authentication against IPA doc as well - just waiting on feedback before adding it to the how to section.
If there are any specific how tos you'd like to see on there feel free to suggest... and always feel free to ping me...
On Wed, Jun 27, 2012 at 8:39 AM, James Hogarth james.hogarth@gmail.comwrote:
Named segfaulted here and there, and when the master instance failed, takeover didn't work for whatever reason.
I have four IPAs replicating together across two DCs with full DNS and CA integration plus using it for sudo management as well.... fully stable.
Have never seen the behaviour you describe and there is no 'master' to take over from since it is multi master.... so no take over even exists much less is required....
+1.
IPA is a very nice addition to the linux environment. And getting better all the time :-)
Finally we can deploy a secure, trusted network without having to hack 20 different software pieces together. TUV has really nailed this one.
On Wed, Jun 27, 2012 at 2:39 AM, James Hogarth james.hogarth@gmail.comwrote:
Named segfaulted here and there, and when the master instance failed, takeover didn't work for whatever reason.
I have four IPAs replicating together across two DCs with full DNS and CA integration plus using it for sudo management as well.... fully stable.
Have never seen the behaviour you describe and there is no 'master' to take over from since it is multi master.... so no take over even exists much less is required.... _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks. What's DC in this context?
Boris.
On Wed, Jun 27, 2012 at 11:15 AM, Boris Epstein borepstein@gmail.comwrote:
On Wed, Jun 27, 2012 at 2:39 AM, James Hogarth <james.hogarth@gmail.com
wrote:
Named segfaulted here and there, and when the master instance failed, takeover didn't work for whatever reason.
I have four IPAs replicating together across two DCs with full DNS and CA integration plus using it for sudo management as well.... fully stable.
Have never seen the behaviour you describe and there is no 'master' to
take
over from since it is multi master.... so no take over even exists much less is required.... _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks. What's DC in this context?
Boris.
datacenters?
-- groeten, natxo
-
Boris Epstein -
James Hogarth -
Laurent Wandrebeck -
Natxo Asenjo -
Rob Kampen