If you're looking for the ansible role that i used to set things up, the package is ansible-freeipa . if you're asking about the ipa packages themselves, those are called ipa-server, and ipa-client for the server and client respectively
Correct me if I’m wrong, but I think the sudo and hosts management would either not be doable or at the least a higher level of effort through autos/nfs/nis.
Great question! You can define public ssh keys for those users in ID overrides in 'Default Trust View'. This is documented: What attributes can be overridden: access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_idm_users_groups_hosts_and_access_control_rules/using-an-id-view-to-override-a-user-attribute-value-on-an-idm-client_managing-users-groups-hosts#attributes-an-ID-view-can-override_using-an-id-view-to-override-a-user-attribute-value-on-an-IdM-client - and - Specifics for AD users in Default Trust View: access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_idm_users_groups_hosts_and_access_control_rules/assembly_using-id-views-for-active-directory-users_managing-users-groups-hosts#con_how-the-default-trust-view-works_assembly_using-id-views-for-active-directory-users
Red Hat Identity Manager (IdM) allows you to specify a home directory that should be used for an account. That setting will be used by any machine authenticating users through IdM, however, how you choose to implement that home directory is up to you, the administrator. The *nix method of solving this is to provide an NFS mountable directory for each user's home directory, then adding the autofs daemon and some configuration to each client machine such that when the user logs in and their directory is accessed, autofs will retrieve and mount the directory in place on the machine being used. You can also use CIFS shares in a similar fashion. autofs can also be configured to use these, but windows machines can also access this format of disk share. With this method, you could use a linux system with samba to provide the shared directories or a windows machine or a SAN/NAS with CIFS sharing capability. Here is a product document on the subject as well: access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/using_external_red_hat_utilities_with_identity_management/using-automount-in-idm_using-external-red-hat-utilities-with-idm
Hi let's say i added a client called (server a) to idm can i see the users already created in server a ? If not is that possible to imported local users in client server to idm with their gid and uid ? Thank you
Thank you for wasting 45 minutes of my time. I am an IT Professional and, like all sysadmins, I'm working on three or four servers concurrently, plus interruptions from users and customers. I don't have time for derailing of conversations, "fluff" or other nonsense. For the interesting parts, I had to rewind because sometimes you nearly glossed over the important words. This could have been done in under 15 minutes. You guys aren't 12 years old. You don't have to talk about "cool stuff" just the important things. We are seasoned Red Hat Administrators. Isn’t that's cool enough? $0.02
Keep the IDM content coming!
Thanks for the presentation. A great introduction.
Can you tell me the rpm dependencies that you have to have installed to make that work?
If you're looking for the ansible role that i used to set things up, the package is ansible-freeipa . if you're asking about the ipa packages themselves, those are called ipa-server, and ipa-client for the server and client respectively
And thanks for watching!
IPA can be used in conjunction with NIS, but RHEL 9 is moving away from NIS. Our company uses IPA to replace NIS.
Correct me if I’m wrong, but I think the sudo and hosts management would either not be doable or at the least a higher level of effort through autos/nfs/nis.
Eric: “I need to be exploring STAR Systems, not computer systems!”
Great content, when IDM is downstream of AD, can we manage ssh keys for external users (users not defined within IDM but present in AD) ?
Great question! You can define public ssh keys for those users in ID overrides in 'Default Trust View'. This is documented:
What attributes can be overridden: access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_idm_users_groups_hosts_and_access_control_rules/using-an-id-view-to-override-a-user-attribute-value-on-an-idm-client_managing-users-groups-hosts#attributes-an-ID-view-can-override_using-an-id-view-to-override-a-user-attribute-value-on-an-IdM-client
- and -
Specifics for AD users in Default Trust View: access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_idm_users_groups_hosts_and_access_control_rules/assembly_using-id-views-for-active-directory-users_managing-users-groups-hosts#con_how-the-default-trust-view-works_assembly_using-id-views-for-active-directory-users
How can I connect servers to a shared common home directory with Redhat identity management?
Red Hat Identity Manager (IdM) allows you to specify a home directory that should be used for an account. That setting will be used by any machine authenticating users through IdM, however, how you choose to implement that home directory is up to you, the administrator.
The *nix method of solving this is to provide an NFS mountable directory for each user's home directory, then adding the autofs daemon and some configuration to each client machine such that when the user logs in and their directory is accessed, autofs will retrieve and mount the directory in place on the machine being used.
You can also use CIFS shares in a similar fashion. autofs can also be configured to use these, but windows machines can also access this format of disk share. With this method, you could use a linux system with samba to provide the shared directories or a windows machine or a SAN/NAS with CIFS sharing capability.
Here is a product document on the subject as well:
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/using_external_red_hat_utilities_with_identity_management/using-automount-in-idm_using-external-red-hat-utilities-with-idm
Hi let's say i added a client called (server a) to idm can i see the users already created in server a ? If not is that possible to imported local users in client server to idm with their gid and uid ? Thank you
Thank you for wasting 45 minutes of my time. I am an IT Professional and, like all sysadmins, I'm working on three or four servers concurrently, plus interruptions from users and customers. I don't have time for derailing of conversations, "fluff" or other nonsense. For the interesting parts, I had to rewind because sometimes you nearly glossed over the important words. This could have been done in under 15 minutes.
You guys aren't 12 years old. You don't have to talk about "cool stuff" just the important things. We are seasoned Red Hat Administrators. Isn’t that's cool enough? $0.02
We're sorry you had this experience.
agreed