On 01/29/2014 09:44 PM, John R Pierce wrote:
On 1/28/2014 4:45 AM, Sorin Srbu wrote:
Use IPA. It combines LDAP with Kerberos, a server-client environment is
easily setup and the documentation (RHEL deployment) is very helpful.
Thank you. I'll look it up.
LDAP and Kerberos though. That does sound a lot like Microsoft Active
Directory.8-)
--
FreeIPA provides an open source Active Directory equivalent. its
pretty easy to setup a simple directory server, and it can expand to be
an enterprise-wide directory. it allows both linux and windows
computers to participate in the authentication domain.
yes, its basically LDAP and Kerberos, with a management suite.
I've been following this with interest, about once every 6 months this
topic is raised.
From my observation there now appear to be two possible solutions:
1. FreeIPA - gives genuine LDAP and Kerberos with some web front end
management
2. Samba4 - gives a windoze interoperable AD implementation, not sure
how "standards" based this is, it is engineered to follow micro$oft's
implementation and work well for windoze clients.
Issues: option 1 will work very well with linux clients, considerable
work to get all the required windoze functions working
option 2 - early days of implementation, CentOS does not yet support the
complete package needed for full windoze integration.
decent documentation in the form of a howto for server, linux client,
windoze (many versions), iOS and Android are not yet out there.
As evidenced by the few that have "been there, done that" they ALL say
it takes A LOT of time and effort, and getting all the bits involved,
just right, is difficult.
My appeal to those that have been there - how do we get all the tiny
details that matter, documented, so that the black art / trial and error
(months of) can be eliminated.
Living in the hope that this will one day be accessible to the rest of
us that cannot afford the many months of trial and error and frustration.
BTW, I have tried openLDAP, 389 implementations, samba3 and a trial of
samba4, all with limited success - there were always a few combinations
that failed to work for me and I do not have the resources (mainly
time/$$) to just keep trying.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos