Author: Marty Language: text
Description: FreeIPA Timestamp: 2020-10-27 16:35:19 +0000
View raw paste Reply
  1. Hi,
  2.  
  3. Listening to episode 376, you mentioned AD support in Ubuntu 20.10 and the forthcoming Fedora 33.  (I'm a small-time Fedora developer, but I run several different Linux distros, and have been for a long time).  I run FreeIPA in my homelab, and it is remarkably easy to set up.  The best thing about it (in my mind) is that clients are available for nearly all the major linux distros through sssd.  (I don't think OpenSUSE packages the client itself; but Ubuntu, Debain, Fedora, and CentOS etc all do.)   FreeIPA uses the underlying bits of 389 for LDAP, MIT KRB5, and dogtag for certs; it is ridiculously simple to get running and get clients joined to it.  It's very convenient as it also bundles LDAP-enabled BIND which allows for clients and servers both to do their own kerberos-secured DNS updates, even when doing dynamic addressing.
  4.  
  5. Even things like domain replication are pretty easy in FreeIPA - I run multi-master on my homelab.  I think it would be very worthwhile for you to check it out.
View raw paste Reply