On 01/09/2014 06:07 AM, Martin Kosek wrote: > On 01/08/2014 07:16 PM, Orion Poplawski wrote: >> Two questions: >> >> - Any ETA on an updated 3.3.3 Users Guide? > > Our current plan is to release next documentation release along with FreeIPA > 3.4, when more documentation fixes are factored in. > > Just in case you would like to check the most recent status of the > documentation work (or even help us with it), this page describes the details > > http://www.freeipa.org/page/Contribute/Documentation > > including instructions how to build HTMLs out of our git tree. >
Thanks, I'll take a look. >> - Is AD/IPA synchronization still supported in 3.3.3? Will it always? > > The AD/IPA synchronization is supported only in terms in bug fixes. As for the > enhancements, the FreeIPA core team is focusing on the AD trusts: > > http://www.freeipa.org/page/Trusts > > (That does not mean we are not open to contributions from the community) > > Martin > Thanks for the that link - the video was helpful. Although I'm afraid that is making me lean towards implementing the not recommended "split brain" approach. Although one thing that is not clear to me is weather doing this consumes CALs for the linux machines since they authenticate against AD. Currently we have two main office locations (DNS cora.nwra.com and nwra.com) plus some remote users and a 389-ds LDAP server for the Linux boxes and an AD domain (NWRA.LOCAL). We are using the LDAP/AD password/user sync module to sync users and passwords. Essentially, all of our Linux users are Windows users and vice versa, and we have well established UIDs on both sides. We would like to move to using Kerberos on the Linux machines and to be able to have as much SSO capability as possible. Am I correct in assuming that this either requires a single KDC or trusts between KDCs? While trusts are being promoted as the way to go for this, I'm afraid it will require a lot of tweaking to our current setup. Or perhaps not. We currently maintain DNS outside of both AD and would do the same IPA. We're happy to apply custom configurations via puppet, etc. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users