Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   FreeIPA on Centos 6 (http://www.linux-archive.org/centos/677473-freeipa-centos-6-a.html)

Boris Epstein 06-26-2012 07:55 PM

FreeIPA on Centos 6
 
Hello all,

Is anybody using http://freeipa.org on a CentOS 6 server? Is it working
well?

Thanks.

Boris.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

James Hogarth 06-26-2012 09:11 PM

FreeIPA on Centos 6
 
>
> Is anybody using http://freeipa.org on a CentOS 6 server? Is it working
> well?
>

Yes and yes.... I suggest checking out the FreeIPA mailing list and
IRC channel if you have any trouble as you'll find quite a few people
there.

As a heads up IPA 2.2 will be coming in CentOS 6.3 which includes SSH
key maintenance in IPA and form based authentication for when you
don't have a kerberos token to pass to the IPA interface.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Laurent Wandrebeck 06-27-2012 06:32 AM

FreeIPA on Centos 6
 
2012/6/26 James Hogarth <james.hogarth@gmail.com>:
>>
>> Is anybody using http://freeipa.org on a CentOS 6 server? Is it working
>> well?
>>
>
> Yes and yes.... I suggest checking out the FreeIPA mailing list and
> IRC channel if you have any trouble as you'll find quite a few people
> there.
>
> As a heads up IPA 2.2 will be coming in CentOS 6.3 which includes SSH
> key maintenance in IPA and form based authentication for when you
> don't have a kerberos token to pass to the IPA interface.
Hi,

deployed it at work, two (kvm) instances for HA, with DNS.
Named segfaulted here and there, and when the master instance failed,
takeover didn't work for whatever reason.
A really nice piece of software i'd have liked to continue to use, but
not yet prod ready imho.
I guess I'll have another look after 6.3.
HTH,
Laurent.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

James Hogarth 06-27-2012 06:39 AM

FreeIPA on Centos 6
 
> Named segfaulted here and there, and when the master instance failed,
> takeover didn't work for whatever reason.
>

I have four IPAs replicating together across two DCs with full DNS and CA
integration plus using it for sudo management as well.... fully stable.

Have never seen the behaviour you describe and there is no 'master' to take
over from since it is multi master.... so no take over even exists much
less is required....
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Rob Kampen 06-27-2012 06:46 AM

FreeIPA on Centos 6
 
On 06/27/2012 06:39 PM, James Hogarth wrote:

Named segfaulted here and there, and when the master instance failed,
takeover didn't work for whatever reason.


I have four IPAs replicating together across two DCs with full DNS and CA
integration plus using it for sudo management as well.... fully stable.

Have never seen the behaviour you describe and there is no 'master' to take
over from since it is multi master.... so no take over even exists much
less is required....
__________________________

Is there a HOWTO for this somewhere? Sounds like a very useful setup.


_____________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

James Hogarth 06-27-2012 07:25 AM

FreeIPA on Centos 6
 
> Is there a HOWTO for this somewhere? Sounds like a very useful setup

All the docs needed to set up that bit can be found on docs.redhat.com ...
the identity management guide in the rhel6 section.

I've written some more advanced guides on the freeipa wiki (look at how tos
under documentation) covering Apache auth against IPA and IPA for httpd
certificate management... will soon add my kvm/libvirt/vnc authentication
against IPA doc as well - just waiting on feedback before adding it to the
how to section.

If there are any specific how tos you'd like to see on there feel free to
suggest... and always feel free to ping me...
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Natxo Asenjo 06-27-2012 08:36 AM

FreeIPA on Centos 6
 
On Wed, Jun 27, 2012 at 8:39 AM, James Hogarth <james.hogarth@gmail.com>wrote:

> > Named segfaulted here and there, and when the master instance failed,
> > takeover didn't work for whatever reason.
> >
>
> I have four IPAs replicating together across two DCs with full DNS and CA
> integration plus using it for sudo management as well.... fully stable.
>
> Have never seen the behaviour you describe and there is no 'master' to take
> over from since it is multi master.... so no take over even exists much
> less is required....
>

+1.

IPA is a very nice addition to the linux environment. And getting better
all the time :-)

Finally we can deploy a secure, trusted network without having to hack 20
different software pieces together. TUV has really nailed this one.

--
groet,
natxo
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Boris Epstein 06-27-2012 09:15 AM

FreeIPA on Centos 6
 
On Wed, Jun 27, 2012 at 2:39 AM, James Hogarth <james.hogarth@gmail.com>wrote:

> > Named segfaulted here and there, and when the master instance failed,
> > takeover didn't work for whatever reason.
> >
>
> I have four IPAs replicating together across two DCs with full DNS and CA
> integration plus using it for sudo management as well.... fully stable.
>
> Have never seen the behaviour you describe and there is no 'master' to take
> over from since it is multi master.... so no take over even exists much
> less is required....
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Thanks. What's DC in this context?

Boris.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Natxo Asenjo 06-27-2012 09:23 AM

FreeIPA on Centos 6
 
On Wed, Jun 27, 2012 at 11:15 AM, Boris Epstein <borepstein@gmail.com>wrote:

> On Wed, Jun 27, 2012 at 2:39 AM, James Hogarth <james.hogarth@gmail.com
> >wrote:
>
> > > Named segfaulted here and there, and when the master instance failed,
> > > takeover didn't work for whatever reason.
> > >
> >
> > I have four IPAs replicating together across two DCs with full DNS and CA
> > integration plus using it for sudo management as well.... fully stable.
> >
> > Have never seen the behaviour you describe and there is no 'master' to
> take
> > over from since it is multi master.... so no take over even exists much
> > less is required....
> > _______________________________________________
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
>
> Thanks. What's DC in this context?
>
> Boris.
>

datacenters?

--
groeten,
natxo
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

James Hogarth 06-27-2012 09:35 AM

FreeIPA on Centos 6
 
>
> datacenters?
>

Bingo
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 11:28 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.