Author: Mathias Language: text
Description: Feedback on FreeIPA Timestamp: 2020-11-07 19:29:47 +0000
View raw paste Reply
  1.  
  2. In the latest LUP you had mentioned wanting to setup AAD or FreeIPA. I have been using FreeIPA in my house and homelab for a little more than a year and, I love it.
  3.  
  4. You can use it to Manage the SSH keys, shells, users, groups, and SSL certs all from one pretty UI that looks uses the same UI framework as cockpit, pattern fly.
  5.  
  6. For the server I would recommend using Fedora or Centos since they there is an option to install FreeIPA server during install, and I have run into issues deploying it on Ubuntu in the past. Fedora with Gnome is the best combination for the client since you can install the client during the install and it configures firefox to kerberos to sign into your freeipa account when you go to the FreeIPA web gui and imports the CA certificate for your FreeIPA domain.
  7.  
  8. Ubuntu doesn't add in CA into firefox or setup kerberos, and plasma doesn't remember your FreeIPA username so each time you login or unlock you have to click other user and enter your username.
  9.  
  10. Setting up LDAP for things nextcloud and Gitlab work but it can be a bit harder than AD since most the docs are AD centric. Keep up the great work and thanks for the Amazing Content
  11.  
  12. -- Mathias
View raw paste Reply