I have to agree with Roland. Linux is lacking a complete solution that acts as 
a "central authentication and identity management platform". I would like to be 
able to use Linux as the IT backbone without having to resort to Microsoft. The 
reality is that Windows clients are too widespread in most enterprises. So far, 
I don't see the benefits in upgrading from FreeIPA 1.2. As for reimplementing 
AD, is there any reason we could not use Samba 4 as a backend? There are other 
interesting projects that build on it, such as openchange which could be a 
viable Exchange replacement.

- Ben

-----Original Message-----
From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Roland Kaeser
Sent: Monday, January 03, 2011 19:38
To: freeipa-de...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] [Freeipa-devel] [Freeipa-interest] Announcing 
FreeIPA v2 Server Beta 1 Release

Strange, even in the v2 outline (http://www.freeipa.org/page/V2Outline) is 
excplicitly written that ad integration and samba 3 support will be one of the 
features of v2. If not its completly unusable to me, and verisimilar also to 
the most other potential users. Its sad, but in the most cases, sysadmins have 
to deal with windows machines in their network. So at the moment they have only 
the choice between a AD and a samba domain (with LDAP). FreeIPA whould have so 
much potential if it acts as a central authentication and identity management 
plaform which connects all the diffrent network systems together Specially in a 
rhev environment with vdi infrastructures could it be the central point for 
authentification, authorization and auditing. But if the current intention will 
not change, freeipa will become just another pice of unusable software which 
will die soon. Its very sad.



----- Ursprüngliche Mail -----
Von: "Dmitri Pal" <d...@redhat.com>
An: "Roland Käser" <roland.kae...@intersoft-networks.ch>
CC: freeipa-de...@redhat.com, freeipa-users@redhat.com
Gesendet: Montag, 3. Januar 2011 14:56:03
Betreff: Re: [Freeipa-devel] [Freeipa-interest] Announcing FreeIPA v2 Server 
Beta 1 Release

Roland Kaeser wrote:
> Hello
> Great, I just tested it on F-13 and it runs fine so far. 
> But I'm missing a very important feature (to me) which is: Samba Support.
> Are there any plans to build samba support into freeipa 2? It would be 
> very great to have on single authentication authority without the need of 
> installing active directory.
> Regards
> Roland Kaeser

There are no plans to integrate Samba in a way you describe. Our next goal on 
this path is to allow cross Kerberos trusts (IPA v3) but supporting Windows 
clients natively is not something we have in mind.
The intent however to pretend that IPA is yet another AD domain. If your main 
domain is going to be Samba 4 instead of AD it might work without installing 
AD. But we do not plan to carry install and configure Samba 4 ourselves at 
least in the near future (read couple years).

Thank you

> ----- Ursprüngliche Mail -----
> Von: "Dmitri Pal" <d...@redhat.com>
> An: "freeipa-devel" <freeipa-de...@redhat.com>, "." 
> <freeipa-users@redhat.com>, freeipa-inter...@redhat.com
> Gesendet: Donnerstag, 23. Dezember 2010 09:06:58
> Betreff: [Freeipa-interest] Announcing FreeIPA v2 Server Beta 1 
> Release
> To all freeipa-interest, freeipa-users and freeipa-devel list members,
> The FreeIPA project team is pleased to announce the availability of 
> the Beta 1 release of freeIPA 2.0 server [1].
> - Binaries are available for F-13 and F-14.
> - With this beta freeIPA is feature complete.
> - Please do not hesitate to share feedback, criticism or bugs with us 
> on our mailing list: freeipa-users@redhat.com
> Main Highlights of the Beta
> - This beta is the first attempt to show all planned capabilities of 
> the upcoming release.
> - For the first time the new UI is mostly operational and can be used 
> to perform management of the system.
> - Some areas are still very rough and we will appreciate your help 
> with those.
> Focus of the Beta Testing
> - Please take a moment and look at the new Web UI. Any feedback about 
> the general approaches, work flows, and usability is appreciated. It 
> is still very rough but one can hopefully get a good understanding of 
> how we plan the final UI to function and look like.
> - Replication management was significantly improved. Testing of multi 
> replica configurations should be easier.
> - We are looking for a feedback about the DNS integration and 
> networking issues you find in your environment configuring and using 
> IPA with the embedded DNS enabled.
> Significant Changes Since Alpha 5
> - FreeIPA has changed its license to GPLv3+
> - Having IPA manage the reverse zone is optional.
> - The access control subsystem was re-written to be more understandable.
> For details see [2]
> - Support for SUDO rules
> - There is now a distinction between replicas and their replication 
> agreements in the ipa-replica-manage command. It is now much easier to 
> manage the replication topology.
> - Renaming entries is easier with the --rename option of the mod commands.
> - Fix special character handling in passwords, ensure that passwords 
> are not logged.
> - Certificates can be saved as PEM files in service-show and host-show 
> commands.
> - All IPA services are now started/stopped using the ipactl command.
> This gives us better control over the start/stop order during 
> reboot/shutdown.
> - Set up ntpd first so the time is sane.
> - Better multi-valued value handle with --setattr and --addattr.
> - Add support for both RFC2307 and RFC2307bis to migration.
> - UID ranges were reduced by default from 1M to 200k.
> - Add ability to add/remove DNS records when adding/removing a host entry.
> - A number of i18n issues have been addressed.
> - Updated a lot of man pages.
> What is not Complete
> - We are still using older version of the Dogtag. New version of the 
> Dogtag Certificate System will be based on tomcat6 and is forthcoming.
> - We plan to take advantage of Kerberos 1.9 that was released today 
> but we have not finished the integration effort yet.
> Known Issues
> - IPV6 works in the installer but not the server itself
> - Make sure you machine can properly resolve its name before 
> installing the server. Edit /etc/hosts to remove host name from the 
> localhost and
> localhost6 lines if needed.
> - The UI is still rough in places<br>Use the following query [3] to 
> see the tickets currently open against UI.
> - Dogtag does not work out-of-the-box on Fedora 14. To fix it for for 
> the time being run:
>   # ln -s /usr/share/java/xalan-j2-serializer.jar
> /usr/share/tomcat5/common/lib/xalan-j2-serializer.jar
> - Instead of Dogtag on F14 you can also try the self-signed CA which 
> is similar to the CA that was provided in IPA v1. This was designed 
> for testing and development and not recommended for deployment.
> - Make sure you enable updates-testing repository on your fedora machine.
> Thank you,
> FreeIPA development team
> [1] http://www.freeipa.org/page/Downloads
> [2] http://freeipa.org/page/Permissions
> [3] https://fedorahosted.org/freeipa/report/12
> _______________________________________________
> Freeipa-interest mailing list
> freeipa-inter...@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-interest

Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?


InterSoft Networks
Roland Käser, Systems Engineer OpenSource Fulachstr. 197, 8200 Schaffhausen
Tel: +41 77 415 79 11
Diejenigen, die ihre Freiheit zugunsten der Sicherheit aufgeben, werden am Ende 
keines von beiden haben - und verdienen es auch nicht. 
(Benjamin Franklin)

Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to