FreeIPA looks interesting, I'm playing with that now as well. Are there good guides for authenticating Ubuntu systems against a FreeIPA server? I have one set up at the moment, currently trying to look at how to fix the web ui / etc to use my wildcard SSL cert instead of the self-signed one it made with ipa-server-install.
AWS DS is a bit too new, a bit too high priced, for me to stick with it atm, I think. I could run an extra Linode for cheaper than the DS service and it doesn't really look to have much in the way of remote management. And I could run a free tier Windows AD box, but if I can stick to a Linux solution and keep it on Linode, so much the better. -- ~*~ StormeRider ~*~ "Every world needs its heroes [...] They inspire us to be better than we are. And they protect from the darkness that's just around the corner." (from Smallville Season 6x1: "Zod") On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSS On Sun, Nov 2, 2014 at 8:43 PM, Matthew Barr <mb...@mbarr.net> wrote: > I'm not sure my other post on this went through, but the FreeIPA > project might be just what you are looking for. Decent GUI, cli for > everything, leap + Kerberos and it works nicely with SSSD... > > Sent from my iPad > > > On Nov 2, 2014, at 11:09 AM, Elijah Wright <elijah.wri...@gmail.com> > wrote: > > > > Fedora's SSSD project does this - local caching - but I haven't had > > opportunity to need it yet. > > > > One very common strategy is to replicate the entries you need from > > LDAP onto the laptop - if you have sufficient management hooks into > > it, you can work out a bunch of different ways to do this. > > > > (I've been around several different re-implementations of > > snarf-the-NIS/YP/Kerberos/LDAP/passwd-data-into-files over the years - > > I'm happy to say that I've seen MOST of them die, by now. :) ) > > > > Laptops are a tough thing. It's pretty common for laptops to creep > > out of the scope of things-that-are-being-managed-tightly-by-staff > > .... which means you shouldn't do things like replicate directory > > services data onto them that isn't strictly required. You know? > > > > --e > > > > > > On Sun, Nov 2, 2014 at 7:33 AM, Edward Ned Harvey (lopser) > > <lop...@nedharvey.com> wrote: > >>> From: Elijah Wright [mailto:elijah.wri...@gmail.com] > >>> > >>> If he doesn't need Windows machines, he doesn't need AD. LDAP is > >>> fundamentally not very difficult to deal with, it's just slightly > >>> alien if you've never dealt with it "in the raw" before. > >> > >> There's only one issue with LDAP that I haven't heard an answer to - As > far as I know, the LDAP server must be up and reachable in order to work. > What do you do for users that have laptops and travel in & out of the LAN? > > _______________________________________________ > > Discuss mailing list > > Discuss@lists.lopsa.org > > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > > This list provided by the League of Professional System Administrators > > http://lopsa.org/ > _______________________________________________ > Discuss mailing list > Discuss@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ >
_______________________________________________ Discuss mailing list Discuss@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
