On 1/4/11 1:04 AM, "Roland Kaeser" <roland.kae...@intersoft-networks.ch> wrote:
>>We return to this discussion once in a while... >>.... >>Samba 4 tries to do it and still struggles after many years >>of development. We definitely would look at Samba 4 again when we see it >>Sufficiently ready but this is not a priority for 2011. > >Maybe this is the reason why freeipa has that less users and nearly no >echo in the linux community. I disagree Roland. The linux community at large, is generally living in the dark ages of authorization management. There are no comparative comprehensive linux solutions in the community thus far which actually address scalable authentication and authorization from linux systems by a linux solution. My observation of the quiet in the community is due to lack of solutions out there. /etc/access.conf, pam_ldap, Certify, hosts.allow are very primitive means to control access with to linux client. Regardless of how complex you make your authentication database, to this day, you are still limited to: pam_ldap, access.conf, Certify, hosts.allow... These are very primitive means to control access with to linux client. With FreeIPA and SSSD, the first means of providing real RBAC/HBAC is available to the Open Source community. We cannot and should not attempt to explain the quiet with answers of disinterest or lack of Microsoft support. The fact is, there has not yet been a competent linux solution and as a result the utilization of pure Linux environments has been stunted with people settling for things like, /etc/passwd, /etc/access.conf, pam_ldap, and NIS... What you are describing is the reinventing of the wheel. Which has previously been answered: If the goal is to provide an alternative linux authentication/authorization method for Microsoft Windows, then there are already existing solutions out there: Samba4, Novell eDirectory + Directory Services for Windows... FreeIPA serves to facilitate some of the most basic authentication/authorization interactions that other OS's have taken for granted for years. > >>Samba 4 is intended to be a duplicate of AD this is how it is designed >>and implemented. >The problem here is that samba 4 is still alpha. > >>I would like to be able to use Linux as the IT backbone without having >>to resort to Microsoft. >This also our most implemented scenario. Only in last year we migrated a >half a dozend companies away from microsoft and AD (on the server side). >This year a lot of companies are already planned for migration. Specially >with the knowledge in mind that (based on the change of microsofts >licensing model for hosters) around 1000 companies only in switzerland >will switch their abacus (www.abacus.ch, large erp for switzerland) >platform to linux so its REALLY, REALLY (I cannot write how much I would >like to accentuate this) important to have a network wide authentication >and identity management software to build up large linux server >environments with windows frontents. >So, having windows clients in the network is the reality we cannot close >our eyes to this only because its challenge to implement it. Microsoft has designed a complete ecosystem to surround its client, server, email, and productivity solutions. It's not just a challenge to implement a successful means of replacing the backend, it is directly opposed to the goals of its creator: Microsoft. The various components within Microsoft's (and most commercial) solutions are designed at their core to be proprietary with the effort of drawing in consumers to more pieces of their puzzle. It is entirely likely that it will be necessary to have both solutions in place and working together, rather than attempting to circumvent Microsoft's solution. > >>Linux is lacking a complete solution that acts as a "central >>authentication and identity >management platform" >I think also this is the only huge area in linux which is really missing. > Just think about the huge potential of users and implementations if >freeipa acts also as authentication instance for windows environments. >Just we only (as small company with 8 persons) whould have the >possibility for around 20 migrations this year. It just wage to dream a >bit but from my point of view the authentication lack is the only >remaining one which prevents the rest of the world (or even europe and >switzerland) to massivly migrate to linux and opensource (at least on the >server side). While I agree that a truly unified solution which answers all clients authentication needs is a worthwhile concept, in practice, throughout my entire career, I've learned that the commercial design of this ecosystem conflicts with this ambitious ideal. I have had a great deal of experience in highly dense and distributed (world wide) native Linux installations which service Windows Clients. All tools are best used by their intended design. If the only tool you have is a Hammer, you may approach all of your problems as if they are nails. ~~~~~~~~~~~~~~~~~~~~~~ Jr Aquino Information Security Specialist Citrix Online GCIH, CCNA _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel