[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Linux Server Basics Trainer requested by CNN



On 02/05/2014 06:46 PM, Jim Kinney wrote:
>
>
>
> On Wed, Feb 5, 2014 at 6:17 PM, Damon L. Chesser <damon at damtek.com 
> <mailto:damon at damtek.com>> wrote:
>
>     On 02/05/2014 06:05 PM, Jim Kinney wrote:
>
>
>
>
>         On Wed, Feb 5, 2014 at 5:48 PM, Beddingfield, Allen
>         <allen at ua.edu <mailto:allen at ua.edu> <mailto:allen at ua.edu
>         <mailto:allen at ua.edu>>> wrote:
>
>             Yes, but 20-30 years of experience in the field, whether
>         or not
>             related to the technology at hand is valuable. In that
>         time, the
>             person has learned troubleshooting methods, seen things
>         come and
>             go, and learned to adapt.
>
>         +1
>
>         Yes the tech bits change forms often but the core doesn't. The
>         skills accumulated over 20+ years are not in a specific
>         toolchain but in an overall process.
>
>         That said, freeipa kicks nis{,+} in the tail :-)
>
>
>     Working on getting Red Hat ID Management server deployed to tie
>     into AD. Not exaclty the same, but similar.
>
>
> Very related. FreeIPA is the upstream. I'm running that on CentOS6. 
> Opted to toss AD to the dumpster. Good riddance. The tie to AD was a 
> bad hack and was not really recommended in the RHEL IdM (the FreeIPA 
> was the same hack but they said it worked better - probably not as 
> well tested as IdM) I did use an apache tool to extract the data from 
> AD (all but password hashes - no way without EXPENSIVE winders only 
> stuff) and scripted the insertion with random passwords into freeipa  
> and saved output to send emails from. Client systems will notify of 
> expired passwords on login as they should. Admin password reset forces 
> an expired password on users :-)
>
> Next step is to fix a glitch that blocks users from hitting the 
> freeipa web interface to update their personal data. After that it 
> will be to incorporate ssh keys into ldap. I have some sudo controls 
> running on a per user, per machine basis. That was nice. The cli 
> allows everything to be scripted. Web interface is pretty useful for 
> everything as well.
>
>
>
>
SNIP

I don't disagree with anything you said.  Having said that:  But, 
however, it must beat Centrify to do the same job at $385 a seat which 
is what my masters insisted on doing before asking me about it.  :(  
going this route we can save some serious cash, if it pans out.

-- 
Damon L. Chesser
damon at damtek.com
http://www.linkedin.com/in/dchesser