Re: [Freeipa-users] General question about FreeIPA : roaming profiles in a school?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/30/2010 04:13 AM, Niki Kovacs wrote: > 2) All the user data are stored centrally on the server, preferably with > quotas (for example max. 1 GB per user). > Others have commented on your other points, but I'm going to add my two cents to this one. This will be the trickiest portion to implement (nearly all of your other needs are built-in to FreeIPA). However, centrally-managed data requires some manual configuration. The classic example would be to set up a centralized NFS server providing the home directories and using automount on each client to connect to them. There are many HOWTOs and guidelines (and your friendly neighborhood RHCE would be able to guide you through this as well). For added security, NFSv4 will also allow authentication via Kerberos (provided by FreeIPA) to ensure that no one can gain access to anyone else's NFS file-share. IPAv2 will have support for centrally-managing autofs settings, but IPA v1.2 currently does not (you can do it manually with direct LDAP tools, but it might be just as easy to do with puppet-managed config files) Having a built-in mechanism for setting up NFSv4 mounted home directories (along with appropriate kerberos credentials) would be a definite advantage for FreeIPA, so I'm going to make a recommendation that we consider that for inclusion in the next version of FreeIPA (be it 2.1 or 3.0). It's too late for feature creep in 2.0, though. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzOnvIACgkQeiVVYja6o6NdigCgoeb4NDNH55Np5/2Tt1zW6Qul k0YAoJjSeGZ6r64UPUE15Drr4qR521uU =cq0K -END PGP SIGNATURE- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] General question about FreeIPA : roaming profiles in a school?
Niki Kovacs wrote: > Hi, > > I'm an Austrian Linux user living in South France, and I recently > installed a 100% Linux computer room in a school here. Currently every > machine only has one "public" user, and then every single user (teacher > as well as student) has his own directory on a Samba File server. This > is an intermediary solution, while I try to get a grasp on configuring > roaming profiles. The server is running CentOS 5.5 (headless, e. g. > without X), and the desktops are either a personal mix of CentOS and > Fedora, or openSUSE 11.3. > > I've spent some time wading through LDAP, NFS, NIS, Samba and autofs > documentation and the various mixes of these, but it all seems like a > mysterious mess. > > Someone from the CentOS mailing list suggested I take a peek on FreeIPA. > So I took a look on the website, and now I thought I'd simply ask on > this list. > > Here's basically what I need. > > 1) One simple server, running CentOS 5.5. All the user accounts > (teachers, students) should be managed centrally on the server. > > We do development of IPA on Fedora but you can try CentOS. FreeIPA is the domain controller so all the data is centrally managed. The version in Fedora is 1.2. It is a bit old. We are actively working on the v2 that will come pretty soon. We have released several alphas in the past. See the website. The next alpha is brewing. Here are some latests builds. They are work in progress so can be bumpy but it now has much more than you ask. The repository is located at: http://jdennis.fedorapeople.org/ipa-devel The Fedora repo config file can be downloaded here: http://jdennis.fedorapeople.org/ipa-devel/ipa-devel-fedora.repo Also project trac instance for issues is here: https://fedorahosted.org/freeipa/ On the client you might want to consider using SSSD. https://fedorahosted.org/sssd/ it is now a part of many distributions. But you can start with nss_ldap/pam_ldap or pam_krb5 and move to SSSD later. > 2) All the user data are stored centrally on the server, preferably with > quotas (for example max. 1 GB per user). > > 3) Ideally every user should be able to connect to his or her account > from any client machine in the computer room. > > 4) Ideally, this solution should work for both CentOS 5.5 and openSUSE > 11.3 client machines. > > 5) Ideally, users can be managed (added / removed) graphically through > some dedicated tool, so I can leave this to someone who doesn't > necessarily have system administration skills. > > 6) Ideally, the whole setup should not be a nightmare to secure. > > So here's my simple question : is FreeIPA the right tool for this ? Can > it do all these things without me having to jump through burning > loops ? > > I hope it really is. And we will be glad to work with you if you spot any leaking loops or burning hoops :-). > I'm no lamer for RTFM, so if you simply say "yes, it is", I'll happily > dive into the documentation. > > Cheers from the storm-swept South of France, > > Niki Kovacs > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] General question about FreeIPA : roaming profiles in a school?
Hi Niki, Apart from having to manually maintain user shared folders and quota, FreeIPA covers everything pretty well. Plus it comes with many additional nice features you might or might not need. Dig in the documentation and don't hesitate to ask questions in case of problems, people here are always helpful. :-) Regards, Miljan On 10/30/10 10:13 AM, Niki Kovacs wrote: Hi, I'm an Austrian Linux user living in South France, and I recently installed a 100% Linux computer room in a school here. Currently every machine only has one "public" user, and then every single user (teacher as well as student) has his own directory on a Samba File server. This is an intermediary solution, while I try to get a grasp on configuring roaming profiles. The server is running CentOS 5.5 (headless, e. g. without X), and the desktops are either a personal mix of CentOS and Fedora, or openSUSE 11.3. I've spent some time wading through LDAP, NFS, NIS, Samba and autofs documentation and the various mixes of these, but it all seems like a mysterious mess. Someone from the CentOS mailing list suggested I take a peek on FreeIPA. So I took a look on the website, and now I thought I'd simply ask on this list. Here's basically what I need. 1) One simple server, running CentOS 5.5. All the user accounts (teachers, students) should be managed centrally on the server. 2) All the user data are stored centrally on the server, preferably with quotas (for example max. 1 GB per user). 3) Ideally every user should be able to connect to his or her account from any client machine in the computer room. 4) Ideally, this solution should work for both CentOS 5.5 and openSUSE 11.3 client machines. 5) Ideally, users can be managed (added / removed) graphically through some dedicated tool, so I can leave this to someone who doesn't necessarily have system administration skills. 6) Ideally, the whole setup should not be a nightmare to secure. So here's my simple question : is FreeIPA the right tool for this ? Can it do all these things without me having to jump through burning loops ? I'm no lamer for RTFM, so if you simply say "yes, it is", I'll happily dive into the documentation. Cheers from the storm-swept South of France, Niki Kovacs ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] General question about FreeIPA : roaming profiles in a school?
Hi, I'm an Austrian Linux user living in South France, and I recently installed a 100% Linux computer room in a school here. Currently every machine only has one "public" user, and then every single user (teacher as well as student) has his own directory on a Samba File server. This is an intermediary solution, while I try to get a grasp on configuring roaming profiles. The server is running CentOS 5.5 (headless, e. g. without X), and the desktops are either a personal mix of CentOS and Fedora, or openSUSE 11.3. I've spent some time wading through LDAP, NFS, NIS, Samba and autofs documentation and the various mixes of these, but it all seems like a mysterious mess. Someone from the CentOS mailing list suggested I take a peek on FreeIPA. So I took a look on the website, and now I thought I'd simply ask on this list. Here's basically what I need. 1) One simple server, running CentOS 5.5. All the user accounts (teachers, students) should be managed centrally on the server. 2) All the user data are stored centrally on the server, preferably with quotas (for example max. 1 GB per user). 3) Ideally every user should be able to connect to his or her account from any client machine in the computer room. 4) Ideally, this solution should work for both CentOS 5.5 and openSUSE 11.3 client machines. 5) Ideally, users can be managed (added / removed) graphically through some dedicated tool, so I can leave this to someone who doesn't necessarily have system administration skills. 6) Ideally, the whole setup should not be a nightmare to secure. So here's my simple question : is FreeIPA the right tool for this ? Can it do all these things without me having to jump through burning loops ? I'm no lamer for RTFM, so if you simply say "yes, it is", I'll happily dive into the documentation. Cheers from the storm-swept South of France, Niki Kovacs ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users