Hosts however would have to be joined by an admin?

They also wouldnt be very IPA aware and stable  from what I can see, ie joining 
a non-RH OS to IPA just looks an awful nightmare especially for 10000+ devices 
plus with 3 different OSes at least (IOS, Win, Android, linux and apple and 
windows laptops plus others) and multiple versions and patch levels.....um no, 
insanity beckons, LOL.

I am still trying to figure out what is wanted so I am vague because so are 
criteria and I have never done this before.

All I have is,

free, open source,

The idea is that an employee can have a zero config access / sign in to wifi 
for their device once initially connected.

The solution must be robust and available ie close to 99.999% availability.  
IPA can do this as the backend and yes PF can use LDAP hence my interest.  
Packet fence can be active/passive HA so its possible.  Virtualised across 
multiple ESXi hosts and SANs.

I have a RFE in for a IPA howto section to be added to the PF manual as even 
the openldap section is empty.  Or I might try and write it if I get the go 
ahead myself.

The PF servers would be RHEL6.6 so Im hoping adding a service in IPA will 
"simply" work.



From: freeipa-users-boun...@redhat.com <freeipa-users-boun...@redhat.com> on 
behalf of Dmitri Pal <d...@redhat.com>
Sent: Thursday, 12 March 2015 9:15 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Extending IPA to include multiple (say 5) fields 
for MAC addresses per user

On 03/11/2015 03:43 PM, Steven Jones wrote:


I have been asked to look at packetfence and linking it to IPA for 
authentication but I might need to allow users to login into their IPA info and 
add MAC addresses themselves, this is possible I think?

Since ppl these days can have 3 mobile devices, (ipad, iphone and laptop) I 
would need multiple MAC fields so would have to extend IPA's schema? is this a 
good idea?

I would treat the devices as hosts rather than extend user schema.
But can you explain the use case and what you have in mind.
Based on the PF site they support different LDAP servers for authentication so 
I am not sure any schema change would be needed.



Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to