Thanks for the link, about the best comments/info Ive seen yet.  We dont pay 
cals as we get educational pricing, so AD is a few hundred $ for the OS and 
nothing more. Up against free, Freeipa's cost will be a hard sell.

So far Ive spent 4 days so far and been unable to connect to AD.....the lastest 
is when I run authconfig-tui in 6.1 and it segfaults, this is with RH 
support...it certainly isnt straightforward/simple.

Also looking for docs I see no sign of the functionality in AD that Free-ipa 
offers....right now Im trying win2k8R2 to see if that has more than 
Win2k3R2....because the docs for win2k3r2 dont appear to have any functionailty 
in terms of management.....maybe I cant find the right docs.

Looking at your blog it certainly covers stuff I havent been able to find 
googling, but it looks like a lot of manual work?  setting up 300 RH machines 
manually would be no trivial task, unlike "ipa-client-install" which is very 
trivial by comparison and very easy to manage.

I have got likewise express to work but anyone in the AD can connect/login so 
its useless in terms of management, but of course its free. Kind of makes IPA 


From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Ondrej Valousek [ondr...@s3group.cz]
Sent: Thursday, 7 July 2011 6:52 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Alternatives to freeipa

1. You can connect RH guests to AD - it works pretty much the same way as with 
IPA (IPA does many things the same way as AD). The only slight difference you 
might find with Kerberos configuration. Check my blog: 
 for more

2. AD does not come for free. As far as I know the license for AD controller + 
all CALs for guests costs quite some money

3. Yes, with freeIPA and all the installers, the things are quite easy. With AD 
you have to do lot of things manually, but it will work.

In summary I would say it is worth considering if you already have an AD 
controller in place.


On 06.07.2011 22:30, Steven Jones wrote:

Not knowing much about connection to AD directly with RH guests....hopefully 
some ppl do...

Advantages for AD
1) Zero first cost

1) Manual setup
2) managability?
access control?
other things?

>From 3 days of googling I can find few or little info on the usefulness and 
>practicality of connecting and using AD for linux authentication and 
>authorisation in Enterprise situations....is it really used in an Enterprise? 
>it looks like it might be OK for say 5 users where security isnt a concern for 

If anyone has actual experience to share that would be good....


Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to