[Freeipa-users] Alternatives to freeipa
Steven Jones
Steven.Jones at vuw.ac.nz
Thu Jul 7 20:10:47 UTC 2011
Hi,
Thanks for the link, about the best comments/info Ive seen yet. We dont pay cals as we get educational pricing, so AD is a few hundred $ for the OS and nothing more. Up against free, Freeipa's cost will be a hard sell.
So far Ive spent 4 days so far and been unable to connect to AD.....the lastest is when I run authconfig-tui in 6.1 and it segfaults, this is with RH support...it certainly isnt straightforward/simple.
Also looking for docs I see no sign of the functionality in AD that Free-ipa offers....right now Im trying win2k8R2 to see if that has more than Win2k3R2....because the docs for win2k3r2 dont appear to have any functionailty in terms of management.....maybe I cant find the right docs.
Looking at your blog it certainly covers stuff I havent been able to find googling, but it looks like a lot of manual work? setting up 300 RH machines manually would be no trivial task, unlike "ipa-client-install" which is very trivial by comparison and very easy to manage.
I have got likewise express to work but anyone in the AD can connect/login so its useless in terms of management, but of course its free. Kind of makes IPA shine.
regards
________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Ondrej Valousek [ondrejv at s3group.cz]
Sent: Thursday, 7 July 2011 6:52 p.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Alternatives to freeipa
1. You can connect RH guests to AD - it works pretty much the same way as with IPA (IPA does many things the same way as AD). The only slight difference you might find with Kerberos configuration. Check my blog: http://<https://webmail.vuw.ac.nz/OWA/UrlBlockedError.aspx>ondarnfs.blogspot.com for more
2. AD does not come for free. As far as I know the license for AD controller + all CALs for guests costs quite some money
3. Yes, with freeIPA and all the installers, the things are quite easy. With AD you have to do lot of things manually, but it will work.
In summary I would say it is worth considering if you already have an AD controller in place.
Ondrej
On 06.07.2011 22:30, Steven Jones wrote:
Not knowing much about connection to AD directly with RH guests....hopefully some ppl do...
Advantages for AD
1) Zero first cost
Disadvantages
1) Manual setup
2) managability?
access control?
other things?
>From 3 days of googling I can find few or little info on the usefulness and practicality of connecting and using AD for linux authentication and authorisation in Enterprise situations....is it really used in an Enterprise? it looks like it might be OK for say 5 users where security isnt a concern for instance....
If anyone has actual experience to share that would be good....
regards
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list