Re: [Freeipa-users] General question about FreeIPA : roaming profiles in a school?

2010-11-01 Thread Stephen Gallagher
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/30/2010 04:13 AM, Niki Kovacs wrote:

> 2) All the user data are stored centrally on the server, preferably with
> quotas (for example max. 1 GB per user). 
> 

Others have commented on your other points, but I'm going to add my two
cents to this one. This will be the trickiest portion to implement
(nearly all of your other needs are built-in to FreeIPA). However,
centrally-managed data requires some manual configuration.

The classic example would be to set up a centralized NFS server
providing the home directories and using automount on each client to
connect to them. There are many HOWTOs and guidelines (and your friendly
neighborhood RHCE would be able to guide you through this as well). For
added security, NFSv4 will also allow authentication via Kerberos
(provided by FreeIPA) to ensure that no one can gain access to anyone
else's NFS file-share.

IPAv2 will have support for centrally-managing autofs settings, but IPA
v1.2 currently does not (you can do it manually with direct LDAP tools,
but it might be just as easy to do with puppet-managed config files)

Having a built-in mechanism for setting up NFSv4 mounted home
directories (along with appropriate kerberos credentials) would be a
definite advantage for FreeIPA, so I'm going to make a recommendation
that we consider that for inclusion in the next version of FreeIPA (be
it 2.1 or 3.0). It's too late for feature creep in 2.0, though.

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzOnvIACgkQeiVVYja6o6NdigCgoeb4NDNH55Np5/2Tt1zW6Qul
k0YAoJjSeGZ6r64UPUE15Drr4qR521uU
=cq0K
-END PGP SIGNATURE-

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] General question about FreeIPA : roaming profiles in a school?

2010-10-30 Thread Dmitri Pal
Niki Kovacs wrote:
> Hi,
>
> I'm an Austrian Linux user living in South France, and I recently
> installed a 100% Linux computer room in a school here. Currently every
> machine only has one "public" user, and then every single user (teacher
> as well as student) has his own directory on a Samba File server. This
> is an intermediary solution, while I try to get a grasp on configuring
> roaming profiles. The server is running CentOS 5.5 (headless, e. g.
> without X), and the desktops are either a personal mix of CentOS and
> Fedora, or openSUSE 11.3.
>
> I've spent some time wading through LDAP, NFS, NIS, Samba and autofs
> documentation and the various mixes of these, but it all seems like a
> mysterious mess.
>
> Someone from the CentOS mailing list suggested I take a peek on FreeIPA.
> So I took a look on the website, and now I thought I'd simply ask on
> this list. 
>
> Here's basically what I need.
>
> 1) One simple server, running CentOS 5.5. All the user accounts
> (teachers, students) should be managed centrally on the server.
>
>   

We do development of IPA on Fedora but you can try CentOS.
FreeIPA is the domain controller  so all the data is centrally managed.
The version in Fedora is 1.2. It is a bit old. We are actively working
on the v2 that will come pretty soon. We have released several alphas in
the past. See the website.
The next alpha is brewing. Here are some latests builds. They are work
in progress so can be bumpy but it now has much more than you ask.

The repository is located at:
http://jdennis.fedorapeople.org/ipa-devel

The Fedora repo config file can be downloaded here:
http://jdennis.fedorapeople.org/ipa-devel/ipa-devel-fedora.repo

Also project trac instance for issues is here:

https://fedorahosted.org/freeipa/

On the client you might want to consider using SSSD.
https://fedorahosted.org/sssd/ it is now a part of many distributions.
But you can start with nss_ldap/pam_ldap or pam_krb5 and move to SSSD later.



> 2) All the user data are stored centrally on the server, preferably with
> quotas (for example max. 1 GB per user). 
>
> 3) Ideally every user should be able to connect to his or her account
> from any client machine in the computer room. 
>
> 4) Ideally, this solution should work for both CentOS 5.5 and openSUSE
> 11.3 client machines. 
>
> 5) Ideally, users can be managed (added / removed) graphically through
> some dedicated tool, so I can leave this to someone who doesn't
> necessarily have system administration skills.
>
> 6) Ideally, the whole setup should not be a nightmare to secure.
>
> So here's my simple question : is FreeIPA the right tool for this ? Can
> it do all these things without me having to jump through burning
> loops ? 
>
>   

I hope it really is. And we will be glad to work with you if you spot
any leaking loops or burning hoops :-).


> I'm no lamer for RTFM, so if you simply say "yes, it is", I'll happily
> dive into the documentation. 
>
> Cheers from the storm-swept South of France,
>
> Niki Kovacs
>
> ___
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>   


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] General question about FreeIPA : roaming profiles in a school?

2010-10-30 Thread Miljan Karadzic

Hi Niki,

Apart from having to manually maintain user shared folders and quota, 
FreeIPA covers everything pretty well. Plus it comes with many 
additional nice features you might or might not need.


Dig in the documentation and don't hesitate to ask questions in case of 
problems, people here are always helpful. :-)


Regards,
Miljan

On 10/30/10 10:13 AM, Niki Kovacs wrote:

Hi,

I'm an Austrian Linux user living in South France, and I recently
installed a 100% Linux computer room in a school here. Currently every
machine only has one "public" user, and then every single user (teacher
as well as student) has his own directory on a Samba File server. This
is an intermediary solution, while I try to get a grasp on configuring
roaming profiles. The server is running CentOS 5.5 (headless, e. g.
without X), and the desktops are either a personal mix of CentOS and
Fedora, or openSUSE 11.3.

I've spent some time wading through LDAP, NFS, NIS, Samba and autofs
documentation and the various mixes of these, but it all seems like a
mysterious mess.

Someone from the CentOS mailing list suggested I take a peek on FreeIPA.
So I took a look on the website, and now I thought I'd simply ask on
this list.

Here's basically what I need.

1) One simple server, running CentOS 5.5. All the user accounts
(teachers, students) should be managed centrally on the server.

2) All the user data are stored centrally on the server, preferably with
quotas (for example max. 1 GB per user).

3) Ideally every user should be able to connect to his or her account
from any client machine in the computer room.

4) Ideally, this solution should work for both CentOS 5.5 and openSUSE
11.3 client machines.

5) Ideally, users can be managed (added / removed) graphically through
some dedicated tool, so I can leave this to someone who doesn't
necessarily have system administration skills.

6) Ideally, the whole setup should not be a nightmare to secure.

So here's my simple question : is FreeIPA the right tool for this ? Can
it do all these things without me having to jump through burning
loops ?

I'm no lamer for RTFM, so if you simply say "yes, it is", I'll happily
dive into the documentation.

Cheers from the storm-swept South of France,

Niki Kovacs

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


[Freeipa-users] General question about FreeIPA : roaming profiles in a school?

2010-10-30 Thread Niki Kovacs
Hi,

I'm an Austrian Linux user living in South France, and I recently
installed a 100% Linux computer room in a school here. Currently every
machine only has one "public" user, and then every single user (teacher
as well as student) has his own directory on a Samba File server. This
is an intermediary solution, while I try to get a grasp on configuring
roaming profiles. The server is running CentOS 5.5 (headless, e. g.
without X), and the desktops are either a personal mix of CentOS and
Fedora, or openSUSE 11.3.

I've spent some time wading through LDAP, NFS, NIS, Samba and autofs
documentation and the various mixes of these, but it all seems like a
mysterious mess.

Someone from the CentOS mailing list suggested I take a peek on FreeIPA.
So I took a look on the website, and now I thought I'd simply ask on
this list. 

Here's basically what I need.

1) One simple server, running CentOS 5.5. All the user accounts
(teachers, students) should be managed centrally on the server.

2) All the user data are stored centrally on the server, preferably with
quotas (for example max. 1 GB per user). 

3) Ideally every user should be able to connect to his or her account
from any client machine in the computer room. 

4) Ideally, this solution should work for both CentOS 5.5 and openSUSE
11.3 client machines. 

5) Ideally, users can be managed (added / removed) graphically through
some dedicated tool, so I can leave this to someone who doesn't
necessarily have system administration skills.

6) Ideally, the whole setup should not be a nightmare to secure.

So here's my simple question : is FreeIPA the right tool for this ? Can
it do all these things without me having to jump through burning
loops ? 

I'm no lamer for RTFM, so if you simply say "yes, it is", I'll happily
dive into the documentation. 

Cheers from the storm-swept South of France,

Niki Kovacs

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users