Hi,

The biggest thing is really shear control.  With the best will in the world AD 
is not unix orientated....

You can control who logs in to a server and from where, you can control who 
gets root remotely (or any other su - *) via IPA's sudo module. You can control 
what they can do like no-ftp, allow ssh, no login (console), sudo and its all 
easy to add users to and from via the web ui (once you get the hang of it). 

Ive gone through what you have gone through I feel your pain.....the problem is 
really Windows ppl dont understand and dont want to, I think its fear it 
certainly isnt logic.

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Friday, 31 August 2012 8:41 a.m.
To: David Juran; KodaK
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Desperate help requested.

Hi,

Also if its straight into AD Im not aware you can use AD to control a Linux 
authentication and authorisation adequately without something like likewise or 
centrify.  I think the best yiu can do is one group?


regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of David Juran [da...@juran.se]
Sent: Thursday, 30 August 2012 7:30 p.m.
To: KodaK
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Desperate help requested.

On lör, 2012-08-25 at 23:05 -0500, KodaK wrote:
> I've just been informed by my boss's boss's boss that, and I quote
> from his ridiculous email:
>
> "we cannot use anything other than MS AD for authentication"
>
> I've spent months of time and much effort rolling out IPA,
> consolidating authentication across our Linux and AIX machines.  To
> paraphrase Babbage: I am not able rightly to apprehend the kind of
> confusion of ideas that could provoke such a statement.
>
> Regardless, I need some help.  I need some help with comparisons
> between FreeIPA and AD, and the problems and issues one might
> encounter when trying to authenticate Unix machines against AD.
> Anything that can show IPA being superior to AD for *nix
> authentication.  Anything at all.  We have a similar number of AIX and
> Linux servers.  We have a week before we have a meeting to discuss
> this, and I'd like to be armed to the teeth, if at all possible.

Apart from what everyone else already pointed out, I believe that if you
register the Linux host in the AD, you'll need to purchase a CAL for
it...

/David


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to