Have none of you heard about FreeIPA? I did a presentation at PLUG about 6 months ago. Here's the OpenWest presentation from last year - https://www.youtube.com/watch?v=Pjh6o6UbQ48. It's what you want!
Cheers, herlo On Wed, May 6, 2015 at 3:18 AM, Dan Egli <[email protected]> wrote: > On Monday, May 4, 2015, Lonnie Olsen wrote: > > > NIS+ has been depreciated for reasons of security. LDAP (and > > > occasionally Kerberos) are the new standard. > > > > *shudder* Maybe I'll just stick with my method. It may be kludgy, but it's > a HELL of a lot easier to implement than any LDAP lookup sequence I ever > saw. Call it a mental block or a paradigm shift, but I've seen some LDAP > queries, and setting them up with all the proper sections just makes me > shudder thinking about it. I've already scripted a multi-machine setup > method. It's ugly and kludgy, I freely admit. But to me it makes a _HELL_ > of a lot more sense than LDAP ever COULD. I'm sure people will disagree > with me, but the idea of setting up OpenLDAP to accept queries looking like > "dn=this,ou=that,ou=other" and having to keep track of this, that, and the > other honestly just SCARES me. LDAP is for people who are absolutely expert > and can understand it. I have a very hard time understanding it. > > > > I'll probably look at freeipa, just out of curiosity, but I don't foresee > implementing that. Especially not on such a small project (six machines > plus a server). That simplistic alternative is basically what I already do, > although not quite that simply (I may have to go that route). As it stands > now, I run a "newuser" script and it calls useradd on the NFS root, then > executes a call to the server and a script on the server handles the tasks > on the server (like calling useradd on the server and setting a quota on > the nfs partition). > > > > Thanks for the tips. > --- Dan > > On Mon, May 4, 2015 at 7:32 AM, Lonnie Olson <[email protected]> wrote: > > > On Mon, May 4, 2015 at 4:50 AM, Dan Egli <[email protected]> wrote: > > > I was thinking I might just go for NIS+ or something, but I have > > absolutely > > > NO idea how to set anything like that up. > > > > NIS+ has been deprecated for reasons of security. LDAP (and > > optionally Kerberos) are the new standard. > > There are a million ways to implement them, but the easiest and > > feature complete I have found is using FreeIPA > > (http://www.freeipa.org). > > > > There is a more simplistic alternative. Automate a process to copy > > files (passwd,shadow,hosts,etc) to all machines involved. This can be > > done via basic scripting, or a config management tool (puppet, chef, > > ansible, cfengine, etc). > > > > /* > > PLUG: http://plug.org, #utah on irc.freenode.net > > Unsubscribe: http://plug.org/mailman/options/plug > > Don't fear the penguin. > > */ > > > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
