[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Linux Server Basics Trainer requested by CNN
- Subject: [ale] Linux Server Basics Trainer requested by CNN
- From: damon at damtek.com (Damon L. Chesser)
- Date: Wed, 05 Feb 2014 19:00:47 -0500
- In-reply-to: <CAEo=5PwRoQwnNoHK4MKCtC0atKYyPDWAmDfDgxrk_Kz3kxujLg@mail.gmail.com>
- References: <[email protected]> <CAEo=5Pwg-09mtR5BP-6bExmV05-a94WfYt0FL4F-WRdm+csftQ@mail.gmail.com> <[email protected]> <[email protected]> <CAEo=5PxzUK2NMxAEgHVOjz5_Zd3RDW=-cv3yjdL+tfL-6fB1mA@mail.gmail.com> <[email protected]> <CAEo=5PwRoQwnNoHK4MKCtC0atKYyPDWAmDfDgxrk_Kz3kxujLg@mail.gmail.com>
On 02/05/2014 06:46 PM, Jim Kinney wrote:
>
>
>
> On Wed, Feb 5, 2014 at 6:17 PM, Damon L. Chesser <damon at damtek.com
> <mailto:damon at damtek.com>> wrote:
>
> On 02/05/2014 06:05 PM, Jim Kinney wrote:
>
>
>
>
> On Wed, Feb 5, 2014 at 5:48 PM, Beddingfield, Allen
> <allen at ua.edu <mailto:allen at ua.edu> <mailto:allen at ua.edu
> <mailto:allen at ua.edu>>> wrote:
>
> Yes, but 20-30 years of experience in the field, whether
> or not
> related to the technology at hand is valuable. In that
> time, the
> person has learned troubleshooting methods, seen things
> come and
> go, and learned to adapt.
>
> +1
>
> Yes the tech bits change forms often but the core doesn't. The
> skills accumulated over 20+ years are not in a specific
> toolchain but in an overall process.
>
> That said, freeipa kicks nis{,+} in the tail :-)
>
>
> Working on getting Red Hat ID Management server deployed to tie
> into AD. Not exaclty the same, but similar.
>
>
> Very related. FreeIPA is the upstream. I'm running that on CentOS6.
> Opted to toss AD to the dumpster. Good riddance. The tie to AD was a
> bad hack and was not really recommended in the RHEL IdM (the FreeIPA
> was the same hack but they said it worked better - probably not as
> well tested as IdM) I did use an apache tool to extract the data from
> AD (all but password hashes - no way without EXPENSIVE winders only
> stuff) and scripted the insertion with random passwords into freeipa
> and saved output to send emails from. Client systems will notify of
> expired passwords on login as they should. Admin password reset forces
> an expired password on users :-)
>
> Next step is to fix a glitch that blocks users from hitting the
> freeipa web interface to update their personal data. After that it
> will be to incorporate ssh keys into ldap. I have some sudo controls
> running on a per user, per machine basis. That was nice. The cli
> allows everything to be scripted. Web interface is pretty useful for
> everything as well.
>
>
>
>
SNIP
I don't disagree with anything you said. Having said that: But,
however, it must beat Centrify to do the same job at $385 a seat which
is what my masters insisted on doing before asking me about it. :(
going this route we can save some serious cash, if it pans out.
--
Damon L. Chesser
damon at damtek.com
http://www.linkedin.com/in/dchesser