On 04/30/2011 12:10 PM, JR Aquino wrote:
On Apr 29, 2011, at 11:45 PM, "nasir
First of all, many thanks indeed to the developers and community for making
some great strides in the open source IPA world !
I am planning for a Linux deployment with the following requirements.
-- About 50 Linux clients running Kubuntu (can change this to ubuntu if
No need. The client side of IPA is completly agnostic of the XWindows
system or anything running in it. THe GUI is completely Web
technologies, and so you can hit from the Mozilla Browser just fine from
-- Centralized authentication
IPA manages Automount, which is possibly what you want. Are you going
to give each user their own partition that follows them around, or are
you going to give the a home directory on a a NAS server? I Have to
admit, the iSCSI home mount sounds interesting. You could probably get
automount to help you out there, but at this point I think that you
would need a separate key line for each user.
-- Centralized storage with iSCSI for /home folder for each user by means
of a dedicated storage
Note that iSCSI won't help you if you want to mount the same partition
on multiple clients. For this, you either need a distributed File
System, or stick to NFS.
-- NO Windows or other users
Dare I say Hooray?
-- Admin should be able to create and modify the accounts of all the users
Outside the realm of IPA, but possible to do from a central server...see
above comments. But if you mount the home directory on the FreeIPA
server via NFS, you should be able to create directories upon adding a user.
-- Admin should be able to set password policies
-- Allocate /home folder for each user from the storage through iSCSI
-- Server can be CentOS/RHEL (or even Fedora if absolutely required)
Agree with JR: go with Fedora 15 as that is where the most focused
development is happening. F15 will ship with the 2.0 version of IPA.
It is in Beta now, and should be stable enough for you to start setting
up your environment. CentOS hasn't release a version compatable with
RHEL6, and the supported version of IPA is going to ship in the RHEL 6
Centralized SUDO, and Host Based Access controls are two features you
probably want to at least look over. Plus, IPA comes with good DNS
integration, and you'll want to make each managed host reachable on your
network, DNS support is pretty important. The ability to delegate
authority for tasks, nesteg groups, and netgroup/hostgroup support all
help in centralizing administration.
-- Any other administration of users if possible !
I was wondering whether FreeIPA makes sense to me in this scenario ? can it
satisfy all these or at least some of these ? if not, can anyone suggest me
some alternative solutions which are open source ? I am flexible on the
requirements and can make modifications if that is required.
I think FreeIPA is the perfect starting point for you.
I would really appreciate any feedback on this.
Thanks in advance and regards,
Yes Nidal, you will find that FreeIPA satisfies almost all of these
requirements. iSCSI managment is not a feature of FreeIPA.
If you are looking to begin now, I would recommend that you start with Fedora
as your base server distro.
IPA will be available for RHEL as a Feature preview in 6.1 with plans to be
fully supported and integrated by 6.2.
Freeipa-users mailing list
Freeipa-users mailing list