On 04/30/2011 12:10 PM, JR Aquino wrote:
On Apr 29, 2011, at 11:45 PM, "nasir 
nasir"<kollath...@yahoo.com<mailto:kollath...@yahoo.com>>  wrote:

Hi All,

First of all, many thanks indeed to the developers and community for making 
some great strides in the open source IPA world !

I am planning for a Linux deployment with the following requirements.

    -- About 50 Linux clients running Kubuntu (can change this to ubuntu if 

No need. The client side of IPA is completly agnostic of the XWindows system or anything running in it. THe GUI is completely Web technologies, and so you can hit from the Mozilla Browser just fine from Kubuntu.

    -- Centralized authentication

    -- Centralized storage with iSCSI for /home folder for each user by means 
of a dedicated storage
IPA manages Automount, which is possibly what you want. Are you going to give each user their own partition that follows them around, or are you going to give the a home directory on a a NAS server? I Have to admit, the iSCSI home mount sounds interesting. You could probably get automount to help you out there, but at this point I think that you would need a separate key line for each user.

Note that iSCSI won't help you if you want to mount the same partition on multiple clients. For this, you either need a distributed File System, or stick to NFS.

    -- NO Windows or other users
Dare I say Hooray?
    -- Admin should be able to create and modify the accounts of all the users
    -- Admin should be able to set password policies
    -- Allocate /home folder for each user from the storage through iSCSI
Outside the realm of IPA, but possible to do from a central server...see above comments. But if you mount the home directory on the FreeIPA server via NFS, you should be able to create directories upon adding a user.
    -- Server can be CentOS/RHEL (or even Fedora if absolutely required)

Agree with JR: go with Fedora 15 as that is where the most focused development is happening. F15 will ship with the 2.0 version of IPA. It is in Beta now, and should be stable enough for you to start setting up your environment. CentOS hasn't release a version compatable with RHEL6, and the supported version of IPA is going to ship in the RHEL 6 series.
    -- Any other administration of users if possible !
Centralized SUDO, and Host Based Access controls are two features you probably want to at least look over. Plus, IPA comes with good DNS integration, and you'll want to make each managed host reachable on your network, DNS support is pretty important. The ability to delegate authority for tasks, nesteg groups, and netgroup/hostgroup support all help in centralizing administration.

I was wondering whether FreeIPA makes sense to me in this scenario ? can it 
satisfy all these or at least some of these ? if not, can anyone suggest me 
some alternative solutions which are open source ? I am flexible on the 
requirements and can make modifications if that is required.
I think FreeIPA  is the perfect starting point for you.

I would really appreciate any feedback on this.

Thanks in advance and regards,


Yes Nidal, you will find that FreeIPA satisfies almost all of these 
requirements.  iSCSI managment is not a feature of FreeIPA.

If you are looking to begin now, I would recommend that you start with Fedora 
as your base server distro.

IPA will be available for RHEL as a Feature preview in 6.1 with plans to be 
fully supported and integrated by 6.2.


Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to