I'm new to FreeIPA and this list so please forgive me for the n00b
questions. I have what I think is a pretty straight-forward use for
FreeIPA. We have an Active Directory environment with a few hundred
users. We are starting to increase our number of Macs and need a
directory solution. There are some issues with Macs in AD which Apple
doesn't seem interested in addressing. Open Directory would be nice if
we only had Macs but it doesn't allow for syncing accounts to AD, so it
won't work for us.
Based on what I've read about FreeIPA, it seems like it would be a good
fit for us.
The problem I'm having is that I can't seem to even get FreeIPA
installed. I've tried using Fedora 10 with all the latest updates. I've
tried adding different .repo files I've found on the various FreeIPA
pages, but none of them seem to be working for me.
So, my questions are:
1) What is the best distro for running FreeIPA. I'd rather not purchase
RHEL, so it sounds like Fedora is the way to go. I just finished
downloading Fedora 14 and will give that a try unless someone recommends
freeipa v2 really only supports Fedora 15 right now, which hasn't quite
shipped yet. It should be released real soon now.
It works on Fedora 14 but you need to get some packages from our
development repo (you can find the link to it on the Download page on
freeipa.org). You'd end up with some unsupported packages which isn't a
good place to be on the core of your infrastructure.
2) Is version 2 highly recommended over version 1 or does version 1 have
sufficient features to use it in a production environment? Essentially,
we have about 30 current Macs users (and growing) that we want to create
accounts for in FreeIPA and have sync'd to AD (or vice versa). The users
will need the ability to change their passwords.
For new users e only do 1-way user sync right now, just AD -> freeipa.
Existing users in both IPA and AD will be kept in sync, as are passwords
if you install the PassSync service on all your AD PDCs.
3) What is the best way to install FreeIPA? I'm having problems with yum
(see errors below) so I was wondering if there was another way, e.g., RPMs.
# yum install freeipa-server
Loaded plugins: refresh-packagekit
Could not retrieve mirrorlist
error was [Errno 4] IOError: <urlopen error (101, 'Network is
[Errno 4] IOError: <urlopen error (-2, 'Name or service not known')>
Trying other mirror.
fedora | 2.8kB 00:00
updates | 3.4kB 00:00
Setting up Install Process
No package freeipa-server available.
Nothing to do
Fedora 10 is no longer supported by Fedora, though I'm surprised the
archive isn't still up. In any case you want Fedora 15.
Freeipa-users mailing list