On 03/21/2015 05:53 AM, Prasun Gera wrote:
Is it possible to completely automate the client enrollment process
similar to securenets in NIS? I'm trying to migrate NIS to IDM, and
hoping that it runs largely in auto-pilot mode. The kickstarter method
suggests adding host entries with a one time kerberos password to
launch unattended client installs. That, however, needs the admin's
involvement every time a new host has to be added. Securenets works
pretty well in our case since we can authenticate based on the IP
address. User addition is still manual, but that's all right since
that is infrequent. Is it possible to do something similar using IP
masks or fqdn regex in ipa ?
No but if you trust your network you can create a host admin that would
have the host add privilege and host enroll privilege and nothing else
and use this admin.
IMO it would be a nice enhancement to have a way to restrict such
enrollments to specific subnets. The logic on the server would be
something like this:
Enrollment request comes in
If host entry there?
Yes - follow the current logic
Check user privileges
<Check that the client is coming from one of the given IPA ranges> <-new
Enroll
Would you mind filing an RFE if this approach would work for you?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
