This is great technical discussion, thanks for keeping it public.
Reminds me my journey where implementing SSO/AD/LDAP - the project scope
kept expanding beyond my initial expectations.
As per your discussion - this, central, management/authentication needs
fully configured, reverse and authorita
I also didn't answer about DHCP...
DHCP and DNS shouldn't have to care about each other, unless IP addresses
are likely to change; If they are, you will need a method of updating the
DNS records. FreeIPA lets the client update their own records; Windows
prefers to deal with it on the server. SO,
Oh... I meant to also mention... If you want to have a service authenticate
both inside and outside your network, that particular service will need to
have the same FQDN on both the inside and the outside of the network...
Since they aren't likely to share the same IP address (Public vs Private),
y
Both "Domain Controllers" are called 'pdc' on their respective subdomain;
So, 'pdc.win.example.com' and 'pdc.lin.example.com.'
Yes, my network has A LOT of infrastructure, for what is essentially a 3
user network... I did it as a learning experience, a "Home Lab," so to
speak (Or, "Home Production
On 06/19/2018 12:33 PM, Tyrell Jentink wrote:>
The second is FreeIPA, lives at 10.42.1.10 and it serves the lin.example.com
subdomain and the 1.42.10.arpa reverse domain. It has a conditional
forwarder to forward requests under win.example.com to 10.42.2.10
Some questions for you:
What is the
On 06/19/2018 12:33 PM, Tyrell Jentink wrote:
Yeah, this was a struggle for me, too... Not just the forward domains, but
the reverse zones, too. It all required some thinking, and I think I'm
about to change some of it... But this is what I did at the get-go:
My domain name, let's use example.co
Yeah, this was a struggle for me, too... Not just the forward domains, but
the reverse zones, too. It all required some thinking, and I think I'm
about to change some of it... But this is what I did at the get-go:
My domain name, let's use example.com, points at my public website, and my
FreeIPA d
Dredging up an old thread here...
On 05/02/2018 08:25 PM, Tyrell Jentink wrote:
I'm using FreeIPA here at home; As a product, it's really just a bunch of
scripts and a web interface for LDAP+Kerberos+Certificate management+Samba;
It aims to be a complete identity management system, a product des
ed to Microsoft.
>>>>
>>>>
>>>> --
>>>> Cathy L. Smith
>>>> IT Engineer
>>>>
>>>> Pacific Northwest National Laboratory
>>>> Operated by Battelle for the
>>>> U.S. Department of Energy
>>>>
&g
On 5/4/18 9:02 AM, Tomas Kuchta wrote:
Free IPA would be excellent topic for talk...
What he said
Michael
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
May 2, 2018, 5:36 PM Smith, Cathy
> > wrote:
> > > >
> > > >> There used to be dns, ldap, kerberos, nis. These are open source
> > > >> protocols and not restricted to Microsoft.
> > > >>
> > > >>
> > > >> --
> &g
; >> --
> > >> Cathy L. Smith
> > >> IT Engineer
> > >>
> > >> Pacific Northwest National Laboratory
> > >> Operated by Battelle for the
> > >> U.S. Department of Energy
> > >>
> > >> Phone: 509.
2018 8:00 PM
To: plug@pdxlinux.org
Subject: Re: [PLUG] Linux centralized authentication
Do you have any book or other resource recommendations for setting these up? I
already do sysadmin work, just never done centralized auth before.
On 05/02/2018 07:53 PM, Tomas Kuchta wrote:
> The easiest is
On Thu, 3 May 2018, Ken Stephens wrote:
What ever happened to the Lake Oswego Linux School System. Wasn't that a
Server/Workstation distribution?
Ken,
Are you thinking of the Riverdale(?) District where we held the clinic at
the elementary and high schools?
Rich
__
d
> > manage.
> > > > IMHO
> > > >
> > > > Tomas
> > > >
> > > > On Wed, May 2, 2018, 5:36 PM Smith, Cathy
> > wrote:
> > > >
> > > >> There used to be dns, ldap, kerberos, nis. These are open source
> > &g
>
> > >> Pacific Northwest National Laboratory
> > >> Operated by Battelle for the
> > >> U.S. Department of Energy
> > >>
> > >> Phone: 509.375.2687
> > >> Fax: 509.375.4399
> > >> Email: cathy.sm...@pnnl.gov
> >
Cathy L. Smith
> >> IT Engineer
> >>
> >> Pacific Northwest National Laboratory
> >> Operated by Battelle for the
> >> U.S. Department of Energy
> >>
> >> Phone: 509.375.2687
> >> Fax: 509.375.4399
> >> Email: cathy.sm..
t;
>> Phone: 509.375.2687
>> Fax: 509.375.4399
>> Email: cathy.sm...@pnnl.gov
>>
>>
>>
>> -Original Message-----
>> From: plug-boun...@pdxlinux.org [mailto:plug-boun...@pdxlinux.org] On
>> Behalf Of Thomas Groman
>> Sent: Wednesday, Ma
509.375.4399
> Email: cathy.sm...@pnnl.gov
>
>
>
> -Original Message-
> From: plug-boun...@pdxlinux.org [mailto:plug-boun...@pdxlinux.org] On
> Behalf Of Thomas Groman
> Sent: Wednesday, May 02, 2018 5:16 PM
> To: plug@pdxlinux.org
> Subject: [PLUG] Linux centralized au
...@pnnl.gov
-Original Message-
From: plug-boun...@pdxlinux.org [mailto:plug-boun...@pdxlinux.org] On Behalf Of
Thomas Groman
Sent: Wednesday, May 02, 2018 5:16 PM
To: plug@pdxlinux.org
Subject: [PLUG] Linux centralized authentication
Has anyone ever made a 100% UNIX/BSD/Linux network
Has anyone ever made a 100% UNIX/BSD/Linux network with centralized
authentication? Using native protocols not some sort of strange
Microsoft AD mesh thing.
I wanted to build a hacker-space for a school and since it would be
starting from scratch there's no reason to get locked in to a Microsoft
pr
21 matches
Mail list logo