This is number5 in the series for FreeIPA, but I will be doing more follow up videos in the future to add other applications to our LDAP and FreeIPA install. I hope you get a lot out of these. I appreciate all of you subscribers, adn my Patrons from patreon so much more than I can express. Thank you all so much..
Hi Brian, by now I'm using FreeIPA as the central user management for my Debian servers and can thus assign a dedicated account to each server (each account can only log in via ssh to the server intended for it) and also define corresponding sudo rules. A really ingeniously simple open source solution. I would be happy if you would make more videos about FreeIPA (OTP Token, Identity Provider etc).
It's on my list for some future update videos for sure. Just have to find the time to get them done. Super glad you've got it up and running so well through!
Hi Brian, do you use FreeIPA in your Homelab today or is it too much work for home? I guess it is a great alternativ for active directory for small business, but too much for home use. Thanks for this really great work.
Thank you for this. You are doing great work showing this stuff pedagogically. I was thinking spinning up a FreeIPA or OpenIAM.. Iam using Univention Corporate Server right now but it's pretty bloated but it works great on Windows machines out of the box.
Thank you, glad you like it. Haven't gotten to the Windows side of FreeIPA yet, but there is hope...just having to read up a lot and learn how to make it not super painful.
Just curious. Firstly, I experimented a bit. I noticed it adds all users and creates folders with these settings. It just blocks logging in by setting the group. I set users to only get users from a specific group i setup myself (cloud). It seems a bit unnecessary to add all of your users? Especially if you'd have say, a 100-200 users in FreeIPA, but only wanting 10 in Nextcloud? I set my users to: (memberOf=CN=cloud,cn=groups,cn=accounts,DC=domain,DC=com). My advanced settings were set automatically. (Why did you put them in?). I also had to set Override UUID detection so Usernames wouldnt be the UUID. (set to cn) Then getting groups, would somehow find 2 groups of each group? Also, the group would show up, but it wouldnt show any members in the group. Did you set the usernames to objectclass * on purpose?
It's been so long since I made this video, much may have changed in either or both Nextcloud and FreeIPAwith regard to how this is setup. I did it int he most generic (beginner friendly way) I could. So i used the most broad defaults. You can certainly clamp things down by using more tightly setup groups.
Thanks! I have everything like you. I have OK all the configurations, users found, configuration OK with green circle.... but, when i try to login, i just can't. already tried with 1,2,3 users... no way, i get "Wrong username or password". Also, If i try to enter on Users in nextcloud, there's a group from FreeIpa, but its empty.
It's been so long, I don't really recall. You may need a plugin (package) for "quota" in order to get this to work. I know on RedHat it uses the "quota" package for limiting user disk space.
Hi, Thanks a lot for this video. It would be usefull if I found it earlier. I still have a question. Do you know how to create a freeipa user from nextcloud with the LDAP write plugin on nextcliyd. Each time I tried to create an user form that it never appears in freaipa. Like the user is not integrated in Freeipa usergroup. And I still try to configure SSO with freeipa. Thanks a lot again.
No, the only way I know to do it is to go from FreeIPA creating the user, then log in with that user in NextCloud. You may need / want something like Authelia which gives a web interface authentication portal that can integrate with FreeIPA.
Thanks for all the videos on this playlist. Your videos are very well explained. I understand LDAP is unencrypted which is fine for internal network or to test, but I was wondering if it is possible to use LDAPS instead? If so, how to integrate nextcloud via LDAPS?
sir pls make tutorial of a website that host multiple virtual machine and we can login in to it ,ssh in to it on new tab and do some hacking stuff ,deploy docker in to it for diffrent person create different sessin like cloud
I have a video on MeshCentral that may work for you. It would really be in conjunction with another virtualization system like KVM, and then meshCentral to control it and login through the browser, but could work. ruclips.net/video/T8LllCqCRG0/видео.html I'll also look around for a good Virtualization System with a native Web front end. I used to use Kimchi, but it seems to be behind on updates for more recent operating systems.
This is number5 in the series for FreeIPA, but I will be doing more follow up videos in the future to add other applications to our LDAP and FreeIPA install. I hope you get a lot out of these. I appreciate all of you subscribers, adn my Patrons from patreon so much more than I can express. Thank you all so much..
I’ll take a look.
Hi Brian, by now I'm using FreeIPA as the central user management for my Debian servers and can thus assign a dedicated account to each server (each account can only log in via ssh to the server intended for it) and also define corresponding sudo rules. A really ingeniously simple open source solution. I would be happy if you would make more videos about FreeIPA (OTP Token, Identity Provider etc).
It's on my list for some future update videos for sure. Just have to find the time to get them done. Super glad you've got it up and running so well through!
Thanks for the video it helped me a lot!
Glad it helped!
I heard that laugh after you said neighbor 💀💀💀💀💀💀🤨📸🤣
Sometimes I' make myself giggle a bit.
@@AwesomeOpenSource 🤣🤣
GoodJob boy 💯
Thanks.
Hi Brian, do you use FreeIPA in your Homelab today or is it too much work for home? I guess it is a great alternativ for active directory for small business, but too much for home use. Thanks for this really great work.
I personally think it's a bit too much for a Home setup. I definitely think it's worth a look for business / small business though.
Thank you for this. You are doing great work showing this stuff pedagogically.
I was thinking spinning up a FreeIPA or OpenIAM.. Iam using Univention Corporate Server right now but it's pretty bloated but it works great on Windows machines out of the box.
Thank you, glad you like it. Haven't gotten to the Windows side of FreeIPA yet, but there is hope...just having to read up a lot and learn how to make it not super painful.
Just curious. Firstly, I experimented a bit. I noticed it adds all users and creates folders with these settings. It just blocks logging in by setting the group. I set users to only get users from a specific group i setup myself (cloud). It seems a bit unnecessary to add all of your users? Especially if you'd have say, a 100-200 users in FreeIPA, but only wanting 10 in Nextcloud? I set my users to: (memberOf=CN=cloud,cn=groups,cn=accounts,DC=domain,DC=com). My advanced settings were set automatically. (Why did you put them in?). I also had to set Override UUID detection so Usernames wouldnt be the UUID. (set to cn) Then getting groups, would somehow find 2 groups of each group? Also, the group would show up, but it wouldnt show any members in the group. Did you set the usernames to objectclass * on purpose?
It's been so long since I made this video, much may have changed in either or both Nextcloud and FreeIPAwith regard to how this is setup. I did it int he most generic (beginner friendly way) I could. So i used the most broad defaults. You can certainly clamp things down by using more tightly setup groups.
@@AwesomeOpenSource I understand.
Very informative tutorial. Can you please make something like that but with Fedora Server and its 389 Directory Server
I will likely cover FreeIPA again in the future, but not sure which OS I'll use for the server. We'll see what they suggest when I get to it.
Thanks! I have everything like you. I have OK all the configurations, users found, configuration OK with green circle.... but, when i try to login, i just can't. already tried with 1,2,3 users... no way, i get "Wrong username or password". Also, If i try to enter on Users in nextcloud, there's a group from FreeIpa, but its empty.
This is a fairly old video now, things have likely changed. I'll see about an update video at some point.
How to set up a disk quota (Max. storage space) for each users using user configuration settings inside FreeIPA?
It's been so long, I don't really recall. You may need a plugin (package) for "quota" in order to get this to work. I know on RedHat it uses the "quota" package for limiting user disk space.
Hi, Thanks a lot for this video. It would be usefull if I found it earlier.
I still have a question. Do you know how to create a freeipa user from nextcloud with the LDAP write plugin on nextcliyd. Each time I tried to create an user form that it never appears in freaipa. Like the user is not integrated in Freeipa usergroup. And I still try to configure SSO with freeipa.
Thanks a lot again.
No, the only way I know to do it is to go from FreeIPA creating the user, then log in with that user in NextCloud. You may need / want something like Authelia which gives a web interface authentication portal that can integrate with FreeIPA.
Thanks for all the videos on this playlist. Your videos are very well explained. I understand LDAP is unencrypted which is fine for internal network or to test, but I was wondering if it is possible to use LDAPS instead? If so, how to integrate nextcloud via LDAPS?
Hmmmm. Hadn't looked into it, but I'll look around as I get some time and see.
just put "ldaps://ldap.acme.com" in the server connection string, and then click on "Detect port", which should automatically resolve to port 636
@@arnaudveron4696 thanks. I'll try that.
@@AwesomeOpenSource I too would love to see a tutorial about setting it up with LDAPS. Whenever I try to connect via LDAPS I get a certificate error.
Can you think about doing a FreeRadius + FreeIPA integration?
I'll look into it, but it may be a while before I do it.
For some reason I can't click the "Continue" button :|
That's definitely odd. Could it be an issue with the db not connecting properly?
sir pls make tutorial of a website that host multiple virtual machine and we can login in to it ,ssh in to it on new tab and do some hacking stuff ,deploy docker in to it for diffrent person create different sessin like cloud
I have a video on MeshCentral that may work for you. It would really be in conjunction with another virtualization system like KVM, and then meshCentral to control it and login through the browser, but could work. ruclips.net/video/T8LllCqCRG0/видео.html
I'll also look around for a good Virtualization System with a native Web front end. I used to use Kimchi, but it seems to be behind on updates for more recent operating systems.
@@AwesomeOpenSource sir i mean to say this kind of for example is this :--ruclips.net/video/pHBRQ_jxybI/видео.html
@@AwesomeOpenSource thanks
@@AwesomeOpenSource XCP-ng and XenOrchestra is the way to go!
Tom Lawrence has some great content on it! ruclips.net/video/q-jKs62b6Co/видео.html
@@JoaoSilva-gs5jb thanks sir