Hi, LOL, your problem is like my problem we have Windows trained and educated managers, project managers and architects....
Well, on the plus side for IPA, Go to Centrify or Likewise as 2 examples and get a quote to authenticate against AD. We got an "educational price "that made my jaw drop. In the region of $600 per server and $60 per user plus 25% support per year was typical across all three products. v IPA which is "free" with one copy of RH. I think you'll find it a lot cheaper. The thing is, the above are hacks, if you want to do much with them you end up with their scripts on your machines all over the place and even writing your own. Have an issue and RH wont know where to turn. With Likewise for instance you may end up getting all your support via them that can add cost and delays as well. Here in NZ at least there is no real local support for these products, you ring an 0800 number (if you are lucky) and get told its 2am US time and ring back in 8 hours....bad joke. The big thing is IPA has depth, and a great road map its not just simple authenticate and authorise....you can control services with detail (like ssh only) and sudo....big pluses. Now the likes of Centrify say they can and that's true, if you code yourself or pay them to do it, or there is an existing script. Also look at the training and deployment costs of IPA v something like Centrify....with IPA and 4 days RH training you will probably be able to do a decent sized rollout....Centrify, well you might find you need a consultant or 2 at $2k a day.... On the minus side, IPA isnt yet mature/stable enough, IHMO. If our/my experiences are anything to go by it needs at least another 6 to 12months to work out the bugs, get the documentation usable and get RH support up to speed, but that will come. NB anyone on 6.2 and thinking of going to 6.3 it seems the chances of serious outages is significant. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Natxo Asenjo [natxo.ase...@gmail.com] Sent: Tuesday, 28 August 2012 12:17 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Desperate help requested. On Sun, Aug 26, 2012 at 6:05 AM, KodaK <sako...@gmail.com<mailto:sako...@gmail.com>> wrote: I've just been informed by my boss's boss's boss that, and I quote from his ridiculous email: "we cannot use anything other than MS AD for authentication" I've spent months of time and much effort rolling out IPA, consolidating authentication across our Linux and AIX machines. To paraphrase Babbage: I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a statement. Regardless, I need some help. I need some help with comparisons between FreeIPA and AD, and the problems and issues one might encounter when trying to authenticate Unix machines against AD. Anything that can show IPA being superior to AD for *nix authentication. Anything at all. We have a similar number of AIX and Linux servers. We have a week before we have a meeting to discuss this, and I'd like to be armed to the teeth, if at all possible. hi, you need to explain to upper management why using IPA your company will save money. They usually understand that sort of talk. Write a business case. In the documentation (both from RHEL and from freeipa.org<http://freeipa.org>) you will get plenty of useful info. Magnify the points where AD comes short for your user case (selinux, sudo, automounts, service credentials management - having used ktpass.exe I was amazed at how nice the keytab capabilities are from ipa-, hostgroups, ssh public key management, ..., the list goes on and on). Explain that *that* will not change and how much money it will cost your business (admin hours, security risks, missed compliance). Explain why the future is in the trust model in ipa v3. Explain that Windows admins are not expected to run a Windows network without AD, so why are Linux/AIX admins expected to run a network without a proper Linux/AIX identity management solution. I feel your pain and can understand why you are upset, but try not to take this all personally. In the end, it is not your network. Regards, Natxo
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
