Re: [Freeipa-users] winsync msi
On 07/25/2012 08:32 PM, Steven Jones wrote: > Hi, > > I will ask > I am trying to make sure we closed all the loose ends. Steven, is there any update? > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > > From: Rich Megginson [rmegg...@redhat.com] > Sent: Thursday, 26 July 2012 12:28 p.m. > To: Steven Jones > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] winsync msi > > On 07/25/2012 06:11 PM, Steven Jones wrote: >> Hi, >> >> From a RH support case as I dont have access to the RDS channel. > We just updated the RHEL 6.3 downloads to have the RedHat-PassSync .msi > files. > >> No, its doesn't allay my Windows and security ppls concerns > I was speaking specifically about your original concerns: > > "No not specific developers but some sort of statement of ownership from > RedHat I suppose. So they are I assume looking for some sort of > confidence that it wont trash AD and if I install it and it does trash > our AD some liability." > > Does the fact that you are now getting a Red Hat branded binary from an > official Red Hat download site allay these particular fears? > >> http://port389.org/wiki/Download >> >> "This is an Active Directory "plug-in" that intercepts password changes made >> to AD and sends the clear text password to 389 DS to keep the passwords in >> sync (when using the Windows Sync feature of 389 DS). >> >> Tested with Windows 2008 and 2003 Server 32-bit and 64-bit. " > "This is an Active Directory "plug-in" that intercepts password changes > made to AD Domain Controllers and sends the clear text password over an > encrypted connection (SSL/TLS) to 389 DS to keep the passwords in sync. > It works in conjunction with the Windows Sync feature of 389. You must > install this on every Domain Controller. " > > Better? > >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> >> From: Rich Megginson [rmegg...@redhat.com] >> Sent: Thursday, 26 July 2012 11:59 a.m. >> To: Steven Jones >> Cc: freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] winsync msi >> >> On 07/25/2012 02:41 PM, Steven Jones wrote: >>> Hi, >>> >>> Ah ok, I have the "official" one. >>From where did you get it? And does it allay your concerns? >> >>> One thing on the free site, it says the password is transmitted as clear >>> text, no mention of over an encrypted secure channelthe security guys >>> had a fit.so if you update that web page it would help the cause. >> Which page is that? The Howto:WindowsSync? >> >>> regards >>> >>> Steven Jones >>> >>> Technical Specialist - Linux RHCE >>> >>> Victoria University, Wellington, NZ >>> >>> 0064 4 463 6272 >>> >>> >>> From: Rich Megginson [rmegg...@redhat.com] >>> Sent: Thursday, 26 July 2012 1:58 a.m. >>> To: Steven Jones >>> Cc: freeipa-users@redhat.com >>> Subject: Re: [Freeipa-users] winsync msi >>> >>> On 07/24/2012 03:15 PM, Steven Jones wrote: >>>> Hi Rich, >>>> >>>> I can appreciate what you are saying, but >>>> >>>> Not on Windows but specifically AD, the very core of our 21,000+ user >>>> base, that makes such an add on significant and gets focus. What we have >>>> seen with another similar (yes, commercial) MSI was a clash with another >>>> MSI added to AD, the result was not prettyhence the Windows ppl are >>>> very careful when something like this is proposed. >>>> >>>> So actually some sites where this has been installed commercially would be >>>> good, if need be I can raise a call to RH support? or RH NZ rep to get >>>> that info in confidence / NDA. >>>> >>>> IPA like AD is not just another application, its at the very centre of >>>> everything. For us it will be the second or third most important system we >>>> have. It will probably connect us to ppl across the world and them to us >>>> (via federation/shibboleth) let alone our internal user base. >>>> >>>> Lets see if I can show this, so
Re: [Freeipa-users] winsync msi
Hi, I will ask regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Thursday, 26 July 2012 12:28 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync msi On 07/25/2012 06:11 PM, Steven Jones wrote: > Hi, > > From a RH support case as I dont have access to the RDS channel. We just updated the RHEL 6.3 downloads to have the RedHat-PassSync .msi files. > > No, its doesn't allay my Windows and security ppls concerns I was speaking specifically about your original concerns: "No not specific developers but some sort of statement of ownership from RedHat I suppose. So they are I assume looking for some sort of confidence that it wont trash AD and if I install it and it does trash our AD some liability." Does the fact that you are now getting a Red Hat branded binary from an official Red Hat download site allay these particular fears? > > http://port389.org/wiki/Download > > "This is an Active Directory "plug-in" that intercepts password changes made > to AD and sends the clear text password to 389 DS to keep the passwords in > sync (when using the Windows Sync feature of 389 DS). > > Tested with Windows 2008 and 2003 Server 32-bit and 64-bit. " "This is an Active Directory "plug-in" that intercepts password changes made to AD Domain Controllers and sends the clear text password over an encrypted connection (SSL/TLS) to 389 DS to keep the passwords in sync. It works in conjunction with the Windows Sync feature of 389. You must install this on every Domain Controller. " Better? > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > > From: Rich Megginson [rmegg...@redhat.com] > Sent: Thursday, 26 July 2012 11:59 a.m. > To: Steven Jones > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] winsync msi > > On 07/25/2012 02:41 PM, Steven Jones wrote: >> Hi, >> >> Ah ok, I have the "official" one. >From where did you get it? And does it allay your concerns? > >> One thing on the free site, it says the password is transmitted as clear >> text, no mention of over an encrypted secure channelthe security guys >> had a fit.so if you update that web page it would help the cause. > Which page is that? The Howto:WindowsSync? > >> >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> >> From: Rich Megginson [rmegg...@redhat.com] >> Sent: Thursday, 26 July 2012 1:58 a.m. >> To: Steven Jones >> Cc: freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] winsync msi >> >> On 07/24/2012 03:15 PM, Steven Jones wrote: >>> Hi Rich, >>> >>> I can appreciate what you are saying, but >>> >>> Not on Windows but specifically AD, the very core of our 21,000+ user base, >>> that makes such an add on significant and gets focus. What we have seen >>> with another similar (yes, commercial) MSI was a clash with another MSI >>> added to AD, the result was not prettyhence the Windows ppl are very >>> careful when something like this is proposed. >>> >>> So actually some sites where this has been installed commercially would be >>> good, if need be I can raise a call to RH support? or RH NZ rep to get that >>> info in confidence / NDA. >>> >>> IPA like AD is not just another application, its at the very centre of >>> everything. For us it will be the second or third most important system we >>> have. It will probably connect us to ppl across the world and them to us >>> (via federation/shibboleth) let alone our internal user base. >>> >>> Lets see if I can show this, so 99.9% uptime on an application is 9 hours >>> off line per year.per user.say 100 users? >>> >>> So 1 hour off line in a business day with 21,000+ users.21,000 hours >>> lost plus all the meetings on why and how to make sure it wont happen >>> again. If we were down for say a day or twoit would be in the IT if >>> not National papers(yes OK NZ is small)I think my new occupation >>> and some of the managers would beroad sweeping.this makes them very >>> risk adverse. >>> >>> Cr
Re: [Freeipa-users] winsync msi
On 07/25/2012 06:11 PM, Steven Jones wrote: Hi, From a RH support case as I dont have access to the RDS channel. We just updated the RHEL 6.3 downloads to have the RedHat-PassSync .msi files. No, its doesn't allay my Windows and security ppls concerns I was speaking specifically about your original concerns: "No not specific developers but some sort of statement of ownership from RedHat I suppose. So they are I assume looking for some sort of confidence that it wont trash AD and if I install it and it does trash our AD some liability." Does the fact that you are now getting a Red Hat branded binary from an official Red Hat download site allay these particular fears? http://port389.org/wiki/Download "This is an Active Directory "plug-in" that intercepts password changes made to AD and sends the clear text password to 389 DS to keep the passwords in sync (when using the Windows Sync feature of 389 DS). Tested with Windows 2008 and 2003 Server 32-bit and 64-bit. " "This is an Active Directory "plug-in" that intercepts password changes made to AD Domain Controllers and sends the clear text password over an encrypted connection (SSL/TLS) to 389 DS to keep the passwords in sync. It works in conjunction with the Windows Sync feature of 389. You must install this on every Domain Controller. " Better? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Thursday, 26 July 2012 11:59 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync msi On 07/25/2012 02:41 PM, Steven Jones wrote: Hi, Ah ok, I have the "official" one. From where did you get it? And does it allay your concerns? One thing on the free site, it says the password is transmitted as clear text, no mention of over an encrypted secure channelthe security guys had a fit.so if you update that web page it would help the cause. Which page is that? The Howto:WindowsSync? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Thursday, 26 July 2012 1:58 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync msi On 07/24/2012 03:15 PM, Steven Jones wrote: Hi Rich, I can appreciate what you are saying, but Not on Windows but specifically AD, the very core of our 21,000+ user base, that makes such an add on significant and gets focus. What we have seen with another similar (yes, commercial) MSI was a clash with another MSI added to AD, the result was not prettyhence the Windows ppl are very careful when something like this is proposed. So actually some sites where this has been installed commercially would be good, if need be I can raise a call to RH support? or RH NZ rep to get that info in confidence / NDA. IPA like AD is not just another application, its at the very centre of everything. For us it will be the second or third most important system we have. It will probably connect us to ppl across the world and them to us (via federation/shibboleth) let alone our internal user base. Lets see if I can show this, so 99.9% uptime on an application is 9 hours off line per year.per user.say 100 users? So 1 hour off line in a business day with 21,000+ users.21,000 hours lost plus all the meetings on why and how to make sure it wont happen again. If we were down for say a day or twoit would be in the IT if not National papers(yes OK NZ is small)I think my new occupation and some of the managers would beroad sweeping.this makes them very risk adverse. Crazy thing of course is, yes IPA is free... ;] I can appreciate things seem very strange in that context. Consider that its taken me 7 years to go from being employed specifically long enough to get rid of Redhat/linux (and Solaris) and be 100% win2000 site to having 100 RHEL servers with most of the mission critical things on them.all down to the quality of open source really..proof is in the eatingits proven very tasty.. Ok. If you are a Red Hat paying customer, you should get the RedHat-PassSync .msi from an official Red Hat channel. We are working on addressing this issue. :) regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Wednesday, 25 July 2012 2:54 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync msi On 07/23/2012 06:32 PM, Steven Jones wrote: Hi, No not specific developers but some sort of statement of ownership from RedHat I suppose.
Re: [Freeipa-users] winsync msi
Hi, >From a RH support case as I dont have access to the RDS channel. No, its doesn't allay my Windows and security ppls concerns http://port389.org/wiki/Download "This is an Active Directory "plug-in" that intercepts password changes made to AD and sends the clear text password to 389 DS to keep the passwords in sync (when using the Windows Sync feature of 389 DS). Tested with Windows 2008 and 2003 Server 32-bit and 64-bit. " regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Thursday, 26 July 2012 11:59 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync msi On 07/25/2012 02:41 PM, Steven Jones wrote: > Hi, > > Ah ok, I have the "official" one. From where did you get it? And does it allay your concerns? > > One thing on the free site, it says the password is transmitted as clear > text, no mention of over an encrypted secure channelthe security guys had > a fit.so if you update that web page it would help the cause. Which page is that? The Howto:WindowsSync? > > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > > From: Rich Megginson [rmegg...@redhat.com] > Sent: Thursday, 26 July 2012 1:58 a.m. > To: Steven Jones > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] winsync msi > > On 07/24/2012 03:15 PM, Steven Jones wrote: >> Hi Rich, >> >> I can appreciate what you are saying, but >> >> Not on Windows but specifically AD, the very core of our 21,000+ user base, >> that makes such an add on significant and gets focus. What we have seen with >> another similar (yes, commercial) MSI was a clash with another MSI added to >> AD, the result was not prettyhence the Windows ppl are very careful when >> something like this is proposed. >> >> So actually some sites where this has been installed commercially would be >> good, if need be I can raise a call to RH support? or RH NZ rep to get that >> info in confidence / NDA. >> >> IPA like AD is not just another application, its at the very centre of >> everything. For us it will be the second or third most important system we >> have. It will probably connect us to ppl across the world and them to us >> (via federation/shibboleth) let alone our internal user base. >> >> Lets see if I can show this, so 99.9% uptime on an application is 9 hours >> off line per year.per user.say 100 users? >> >> So 1 hour off line in a business day with 21,000+ users.21,000 hours >> lost plus all the meetings on why and how to make sure it wont happen again. >> If we were down for say a day or twoit would be in the IT if not >> National papers(yes OK NZ is small)I think my new occupation and >> some of the managers would beroad sweeping.this makes them very risk >> adverse. >> >> Crazy thing of course is, yes IPA is free... >> >> ;] >> >> I can appreciate things seem very strange in that context. Consider that >> its taken me 7 years to go from being employed specifically long enough to >> get rid of Redhat/linux (and Solaris) and be 100% win2000 site to having 100 >> RHEL servers with most of the mission critical things on them.all down >> to the quality of open source really..proof is in the eatingits >> proven very tasty.. > Ok. If you are a Red Hat paying customer, you should get the > RedHat-PassSync .msi from an official Red Hat channel. We are working > on addressing this issue. >> :) >> >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> >> From: Rich Megginson [rmegg...@redhat.com] >> Sent: Wednesday, 25 July 2012 2:54 a.m. >> To: Steven Jones >> Cc: freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] winsync msi >> >> On 07/23/2012 06:32 PM, Steven Jones wrote: >>> Hi, >>> >>> No not specific developers but some sort of statement of ownership from >>> RedHat I suppose. So they are I assume looking for some sort of confidence >>> that it wont trash AD and if I install it and it does trash our AD some >>> liability. >> Can you point me at another open source project that provides Wind
Re: [Freeipa-users] winsync msi
On 07/25/2012 02:41 PM, Steven Jones wrote: Hi, Ah ok, I have the "official" one. From where did you get it? And does it allay your concerns? One thing on the free site, it says the password is transmitted as clear text, no mention of over an encrypted secure channelthe security guys had a fit.so if you update that web page it would help the cause. Which page is that? The Howto:WindowsSync? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Thursday, 26 July 2012 1:58 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync msi On 07/24/2012 03:15 PM, Steven Jones wrote: Hi Rich, I can appreciate what you are saying, but Not on Windows but specifically AD, the very core of our 21,000+ user base, that makes such an add on significant and gets focus. What we have seen with another similar (yes, commercial) MSI was a clash with another MSI added to AD, the result was not prettyhence the Windows ppl are very careful when something like this is proposed. So actually some sites where this has been installed commercially would be good, if need be I can raise a call to RH support? or RH NZ rep to get that info in confidence / NDA. IPA like AD is not just another application, its at the very centre of everything. For us it will be the second or third most important system we have. It will probably connect us to ppl across the world and them to us (via federation/shibboleth) let alone our internal user base. Lets see if I can show this, so 99.9% uptime on an application is 9 hours off line per year.per user.say 100 users? So 1 hour off line in a business day with 21,000+ users.21,000 hours lost plus all the meetings on why and how to make sure it wont happen again. If we were down for say a day or twoit would be in the IT if not National papers(yes OK NZ is small)I think my new occupation and some of the managers would beroad sweeping.this makes them very risk adverse. Crazy thing of course is, yes IPA is free... ;] I can appreciate things seem very strange in that context. Consider that its taken me 7 years to go from being employed specifically long enough to get rid of Redhat/linux (and Solaris) and be 100% win2000 site to having 100 RHEL servers with most of the mission critical things on them.all down to the quality of open source really..proof is in the eatingits proven very tasty.. Ok. If you are a Red Hat paying customer, you should get the RedHat-PassSync .msi from an official Red Hat channel. We are working on addressing this issue. :) regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Wednesday, 25 July 2012 2:54 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync msi On 07/23/2012 06:32 PM, Steven Jones wrote: Hi, No not specific developers but some sort of statement of ownership from RedHat I suppose. So they are I assume looking for some sort of confidence that it wont trash AD and if I install it and it does trash our AD some liability. Can you point me at another open source project that provides Windows binaries that provides some sort of guarantee or statement or documentation like this? I'd like to see what other projects do and provide something similar. Or is this the first (and only?) time anyone in your organization has ever installed any open source software on Windows? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Tuesday, 24 July 2012 12:11 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync msi On 07/23/2012 05:38 PM, Steven Jones wrote: Hi, For the winsync agreement my Windows and security teams want to know its details, eg who wrote it, Red Hat - do you need to know the names of the developers? it is Microsoft certified etc. Not that I know of - how would one go about doing that? Where will I find such info? All I have is http://port389.org/wiki/Download Which doesn't tell me much. There is more info in the actual .msi file. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/li
Re: [Freeipa-users] winsync msi
Hi, Ah ok, I have the "official" one. One thing on the free site, it says the password is transmitted as clear text, no mention of over an encrypted secure channelthe security guys had a fit.so if you update that web page it would help the cause. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Thursday, 26 July 2012 1:58 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync msi On 07/24/2012 03:15 PM, Steven Jones wrote: > Hi Rich, > > I can appreciate what you are saying, but > > Not on Windows but specifically AD, the very core of our 21,000+ user base, > that makes such an add on significant and gets focus. What we have seen with > another similar (yes, commercial) MSI was a clash with another MSI added to > AD, the result was not prettyhence the Windows ppl are very careful when > something like this is proposed. > > So actually some sites where this has been installed commercially would be > good, if need be I can raise a call to RH support? or RH NZ rep to get that > info in confidence / NDA. > > IPA like AD is not just another application, its at the very centre of > everything. For us it will be the second or third most important system we > have. It will probably connect us to ppl across the world and them to us > (via federation/shibboleth) let alone our internal user base. > > Lets see if I can show this, so 99.9% uptime on an application is 9 hours off > line per year.per user.say 100 users? > > So 1 hour off line in a business day with 21,000+ users.21,000 hours lost > plus all the meetings on why and how to make sure it wont happen again. If > we were down for say a day or twoit would be in the IT if not National > papers(yes OK NZ is small)I think my new occupation and some of the > managers would beroad sweeping.this makes them very risk adverse. > > Crazy thing of course is, yes IPA is free... > > ;] > > I can appreciate things seem very strange in that context. Consider that its > taken me 7 years to go from being employed specifically long enough to get > rid of Redhat/linux (and Solaris) and be 100% win2000 site to having 100 RHEL > servers with most of the mission critical things on them.all down to the > quality of open source really..proof is in the eatingits proven very > tasty.. Ok. If you are a Red Hat paying customer, you should get the RedHat-PassSync .msi from an official Red Hat channel. We are working on addressing this issue. > > :) > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ____________ > From: Rich Megginson [rmegg...@redhat.com] > Sent: Wednesday, 25 July 2012 2:54 a.m. > To: Steven Jones > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] winsync msi > > On 07/23/2012 06:32 PM, Steven Jones wrote: >> Hi, >> >> No not specific developers but some sort of statement of ownership from >> RedHat I suppose. So they are I assume looking for some sort of confidence >> that it wont trash AD and if I install it and it does trash our AD some >> liability. > Can you point me at another open source project that provides Windows > binaries that provides some sort of guarantee or statement or > documentation like this? I'd like to see what other projects do and > provide something similar. > > Or is this the first (and only?) time anyone in your organization has > ever installed any open source software on Windows? > >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> >> From: Rich Megginson [rmegg...@redhat.com] >> Sent: Tuesday, 24 July 2012 12:11 p.m. >> To: Steven Jones >> Cc: freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] winsync msi >> >> On 07/23/2012 05:38 PM, Steven Jones wrote: >>> Hi, >>> >>> For the winsync agreement my Windows and security teams want to know its >>> details, >>> >>> eg who wrote it, >> Red Hat - do you need to know the names of the developers? >> >>> it is Microsoft certified etc. >> Not that I know of - how would one go about doing that? >>> Where will I find such info? >>> >>> All I have is >>> >>> http://port389.org/wiki/Down
Re: [Freeipa-users] winsync msi
On 07/24/2012 03:15 PM, Steven Jones wrote: Hi Rich, I can appreciate what you are saying, but Not on Windows but specifically AD, the very core of our 21,000+ user base, that makes such an add on significant and gets focus. What we have seen with another similar (yes, commercial) MSI was a clash with another MSI added to AD, the result was not prettyhence the Windows ppl are very careful when something like this is proposed. So actually some sites where this has been installed commercially would be good, if need be I can raise a call to RH support? or RH NZ rep to get that info in confidence / NDA. IPA like AD is not just another application, its at the very centre of everything. For us it will be the second or third most important system we have. It will probably connect us to ppl across the world and them to us (via federation/shibboleth) let alone our internal user base. Lets see if I can show this, so 99.9% uptime on an application is 9 hours off line per year.per user.say 100 users? So 1 hour off line in a business day with 21,000+ users.21,000 hours lost plus all the meetings on why and how to make sure it wont happen again. If we were down for say a day or twoit would be in the IT if not National papers(yes OK NZ is small)I think my new occupation and some of the managers would beroad sweeping.this makes them very risk adverse. Crazy thing of course is, yes IPA is free... ;] I can appreciate things seem very strange in that context. Consider that its taken me 7 years to go from being employed specifically long enough to get rid of Redhat/linux (and Solaris) and be 100% win2000 site to having 100 RHEL servers with most of the mission critical things on them.all down to the quality of open source really..proof is in the eatingits proven very tasty.. Ok. If you are a Red Hat paying customer, you should get the RedHat-PassSync .msi from an official Red Hat channel. We are working on addressing this issue. :) regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Wednesday, 25 July 2012 2:54 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync msi On 07/23/2012 06:32 PM, Steven Jones wrote: Hi, No not specific developers but some sort of statement of ownership from RedHat I suppose. So they are I assume looking for some sort of confidence that it wont trash AD and if I install it and it does trash our AD some liability. Can you point me at another open source project that provides Windows binaries that provides some sort of guarantee or statement or documentation like this? I'd like to see what other projects do and provide something similar. Or is this the first (and only?) time anyone in your organization has ever installed any open source software on Windows? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Tuesday, 24 July 2012 12:11 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync msi On 07/23/2012 05:38 PM, Steven Jones wrote: Hi, For the winsync agreement my Windows and security teams want to know its details, eg who wrote it, Red Hat - do you need to know the names of the developers? it is Microsoft certified etc. Not that I know of - how would one go about doing that? Where will I find such info? All I have is http://port389.org/wiki/Download Which doesn't tell me much. There is more info in the actual .msi file. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] winsync msi
Hi Rich, I can appreciate what you are saying, but Not on Windows but specifically AD, the very core of our 21,000+ user base, that makes such an add on significant and gets focus. What we have seen with another similar (yes, commercial) MSI was a clash with another MSI added to AD, the result was not prettyhence the Windows ppl are very careful when something like this is proposed. So actually some sites where this has been installed commercially would be good, if need be I can raise a call to RH support? or RH NZ rep to get that info in confidence / NDA. IPA like AD is not just another application, its at the very centre of everything. For us it will be the second or third most important system we have. It will probably connect us to ppl across the world and them to us (via federation/shibboleth) let alone our internal user base. Lets see if I can show this, so 99.9% uptime on an application is 9 hours off line per year.per user.say 100 users? So 1 hour off line in a business day with 21,000+ users.21,000 hours lost plus all the meetings on why and how to make sure it wont happen again. If we were down for say a day or twoit would be in the IT if not National papers(yes OK NZ is small)I think my new occupation and some of the managers would beroad sweeping.this makes them very risk adverse. Crazy thing of course is, yes IPA is free... ;] I can appreciate things seem very strange in that context. Consider that its taken me 7 years to go from being employed specifically long enough to get rid of Redhat/linux (and Solaris) and be 100% win2000 site to having 100 RHEL servers with most of the mission critical things on them.all down to the quality of open source really..proof is in the eatingits proven very tasty.. :) regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Wednesday, 25 July 2012 2:54 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync msi On 07/23/2012 06:32 PM, Steven Jones wrote: > Hi, > > No not specific developers but some sort of statement of ownership from > RedHat I suppose. So they are I assume looking for some sort of confidence > that it wont trash AD and if I install it and it does trash our AD some > liability. Can you point me at another open source project that provides Windows binaries that provides some sort of guarantee or statement or documentation like this? I'd like to see what other projects do and provide something similar. Or is this the first (and only?) time anyone in your organization has ever installed any open source software on Windows? > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > > From: Rich Megginson [rmegg...@redhat.com] > Sent: Tuesday, 24 July 2012 12:11 p.m. > To: Steven Jones > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] winsync msi > > On 07/23/2012 05:38 PM, Steven Jones wrote: >> Hi, >> >> For the winsync agreement my Windows and security teams want to know its >> details, >> >> eg who wrote it, > Red Hat - do you need to know the names of the developers? > >> it is Microsoft certified etc. > Not that I know of - how would one go about doing that? >> Where will I find such info? >> >> All I have is >> >> http://port389.org/wiki/Download >> >> Which doesn't tell me much. > There is more info in the actual .msi file. >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> ___ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] winsync msi
On 07/23/2012 06:32 PM, Steven Jones wrote: Hi, No not specific developers but some sort of statement of ownership from RedHat I suppose. So they are I assume looking for some sort of confidence that it wont trash AD and if I install it and it does trash our AD some liability. Can you point me at another open source project that provides Windows binaries that provides some sort of guarantee or statement or documentation like this? I'd like to see what other projects do and provide something similar. Or is this the first (and only?) time anyone in your organization has ever installed any open source software on Windows? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Tuesday, 24 July 2012 12:11 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync msi On 07/23/2012 05:38 PM, Steven Jones wrote: Hi, For the winsync agreement my Windows and security teams want to know its details, eg who wrote it, Red Hat - do you need to know the names of the developers? it is Microsoft certified etc. Not that I know of - how would one go about doing that? Where will I find such info? All I have is http://port389.org/wiki/Download Which doesn't tell me much. There is more info in the actual .msi file. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] winsync msi
Hi, No not specific developers but some sort of statement of ownership from RedHat I suppose. So they are I assume looking for some sort of confidence that it wont trash AD and if I install it and it does trash our AD some liability. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Rich Megginson [rmegg...@redhat.com] Sent: Tuesday, 24 July 2012 12:11 p.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] winsync msi On 07/23/2012 05:38 PM, Steven Jones wrote: > Hi, > > For the winsync agreement my Windows and security teams want to know its > details, > > eg who wrote it, Red Hat - do you need to know the names of the developers? > it is Microsoft certified etc. Not that I know of - how would one go about doing that? > > Where will I find such info? > > All I have is > > http://port389.org/wiki/Download > > Which doesn't tell me much. There is more info in the actual .msi file. > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] winsync msi
On 07/23/2012 05:38 PM, Steven Jones wrote: Hi, For the winsync agreement my Windows and security teams want to know its details, eg who wrote it, Red Hat - do you need to know the names of the developers? it is Microsoft certified etc. Not that I know of - how would one go about doing that? Where will I find such info? All I have is http://port389.org/wiki/Download Which doesn't tell me much. There is more info in the actual .msi file. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
