Hi, The biggest thing is really shear control. With the best will in the world AD is not unix orientated....
You can control who logs in to a server and from where, you can control who gets root remotely (or any other su - *) via IPA's sudo module. You can control what they can do like no-ftp, allow ssh, no login (console), sudo and its all easy to add users to and from via the web ui (once you get the hang of it). Ive gone through what you have gone through I feel your pain.....the problem is really Windows ppl dont understand and dont want to, I think its fear it certainly isnt logic. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: [email protected] [[email protected]] on behalf of Steven Jones [[email protected]] Sent: Friday, 31 August 2012 8:41 a.m. To: David Juran; KodaK Cc: [email protected] Subject: Re: [Freeipa-users] Desperate help requested. Hi, Also if its straight into AD Im not aware you can use AD to control a Linux authentication and authorisation adequately without something like likewise or centrify. I think the best yiu can do is one group? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: [email protected] [[email protected]] on behalf of David Juran [[email protected]] Sent: Thursday, 30 August 2012 7:30 p.m. To: KodaK Cc: [email protected] Subject: Re: [Freeipa-users] Desperate help requested. On lör, 2012-08-25 at 23:05 -0500, KodaK wrote: > I've just been informed by my boss's boss's boss that, and I quote > from his ridiculous email: > > "we cannot use anything other than MS AD for authentication" > > I've spent months of time and much effort rolling out IPA, > consolidating authentication across our Linux and AIX machines. To > paraphrase Babbage: I am not able rightly to apprehend the kind of > confusion of ideas that could provoke such a statement. > > Regardless, I need some help. I need some help with comparisons > between FreeIPA and AD, and the problems and issues one might > encounter when trying to authenticate Unix machines against AD. > Anything that can show IPA being superior to AD for *nix > authentication. Anything at all. We have a similar number of AIX and > Linux servers. We have a week before we have a meeting to discuss > this, and I'd like to be armed to the teeth, if at all possible. Apart from what everyone else already pointed out, I believe that if you register the Linux host in the AD, you'll need to purchase a CAL for it... /David _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
