Creating a Domain Trust with Red Hat IdM/FreeIPA and Active Directory

This is something I wrote quite some time ago, and some how it was never published. Apologies for the late release.

What is a Domain Trust and why would I want one?

A Domain Trust, in the traditional sense, is a feature that would allow one “Domain” (Typical a Windows Active Directory Domain), to be set up to trust another “Domain”.

In the Active Directory world, trusts are generally used for large organisations who wish to join one organisations infrastructure to another.
For example, Company A has just purchased Company B, and as an interim step of consolidation, they would join them together in order to allow Company A staff to access resources of Company B and visa versa.

With the release of FreeIPA 3.0, setting up a trust with Active Directory is now a supported feature.

Continue reading “Creating a Domain Trust with Red Hat IdM/FreeIPA and Active Directory” »

How to backup / restore FreeIPA 2.2.0 on Red Hat Enterprise Linux 6

FreeIPA is a new technology which gives you many features in the areas of Identity management, host based security control as well as user based security control over your Linux infrastructure.

FreeIPA is designed to give centralised management capabilities over Linux, in a way similar to Microsoft Active Directory has over a Windows estate.

If you would like to find out more about FreeIPA, head across to the project wiki which you can find here.

For those of you who are already running FreeIPA, and looking for information about backing up and restoring your environment. Please read on.

Continue reading “How to backup / restore FreeIPA 2.2.0 on Red Hat Enterprise Linux 6” »

Managing FreeIPA replication agreements

Over the last few days I’ve done a couple of articles specific for setting up FreeIPA for a centralized Identify Management solution.

You can find articles on setting up FreeIPA from scratch here, and setting up multi-master replication here.

One thing that FreeIPA does differently to Microsoft Active Directory domain controllers, is by default, a new domain replica will not automatically replicate with every other directory server within the domain.
Tonight’s article is all about setting up your FreeIPA directory servers to replicate with the server or servers of your choosing.

Continue reading “Managing FreeIPA replication agreements” »

Implementing FreeIPA as a central Identity Management Solution

Many of my customers from many companies that have a reliance on Microsoft Active Directory to manage their server and workstation estate. This is great if you have a Windows only organisation.

However, although you can add Linux systems directly to Active Directory, you don’t maintain the same level of control over the systems in the same way that you would have with a Windows server connected to the same domain.

Continue reading “Implementing FreeIPA as a central Identity Management Solution” »

Auto-creation of user home directories in Linux

Many of my viewers are seeking to find some information on “oddjob”, so I thought I might give some details that should help clear the air.

All Linux distributions that I have ever tested are subject to this situation, however please don’t see this as a problem. It is merely something that has not been configured (yet, as it is entirely optional).

If you have ever created a local user on a Linux system, you will find that the home directory for the new user is automatically created for you. As a user or an admin of the system in question, no further work needs to be performed.

However, many people in production environments integrated their Linux servers into some form of Identity Management solution.

This could be Microsoft Active Directory, Red Hat Directory Server, FreeIPA, or one of many other forms of IDM.

Continue reading “Auto-creation of user home directories in Linux” »