Am 08.04.2009 um 19:30 schrieb Les Mikesell: > Robert Moskowitz wrote: >> >>> I've been watching the discussion and read the RHEL docs about IPA >>> and >>> thought "At Last" something that brings together all the bits for >>> the >>> little guy. Now it appears the RH is going to drop the ball. >>> I have tried OpenLDAP and currently have a CentOS-DS running but am >>> missing the bits that glue it all together. The actual core services >>> (LDAP (either variant) Kerberos PAM samba etc) are simple enough to >>> install on CentOS but the stuff that makes it "just work" is very >>> difficult for me to get my head around and thus I've never actually >>> got a setup working well enough to risk on my clients. >> >> I have started with SME: http://wiki.contribs.org/Main_Page >> >> This is a good NT Domain + equiv on Centos 4.7 and they have Centos >> 5.2 >> (I hope now 5.3) in beta. >> >> I have not looked enough into their roadmap to see what is being done >> with LDAP... >> >> Another effort on Fedora is Amahi.org. This is more a home product >> with >> a WorkGroup orientation. The inclusion of home apps like streaming >> music makes it very attractive. >> >> SME is a well organized effort, originally back? by Mitel. Amahi >> started as a one-man effort (though the one man behind it has >> impressive >> credentials) and has developed a 'plugin' community. >> >> Craig well knows the efforts of a couple of k12 guys to get some >> SAMBA >> integration together (http://majen.net/smbldap/). This seems to have >> stagnated. >> >> I am hoping that SME continues to evolve. Their VoIP version is the >> perfect place to get serious with LDAP. > > Has anyone looked at the version of ClarkConnect now in beta? This is > similar to SME but perhaps a more modern approach (and with separate > free/commercial versions...). The blurb claims that the initial setup > provides LDAP authentication for easy expansion. That's something > I've > thought every Linux distro should have had for years, but I don't know > if it actually works. Maybe I understood that wrong, but the point about Free/RHEL-IPA is/ was that it doesn't use LDAP for authentication. It uses Kerberos for that. There are - as far as I understood - no passwords in LDAP. FreeIPA isn't really intended as a Samba-replacement, but as a NIS- replacement. If you're like me and have possibly hundrets of unix-servers to maintain, being able to provide a sane, centralized login-management for them would be not great, it would be a revolution ;-) It's AD for Unix done right. Or mostly - I've only played briefly with it (lack of time). IMO, if you have Windows-Clients, you need a Windows-Server, earlier or later (and AD, or buy into the Novell-stack...). Stuff like IPA will eventually help you to keep the Unix- and Windows- world synchronized without foisting anything on any of them that they weren't really intended to do. Rainer