Can anyone point me to a good walkthrough of how to set up a pure Linux environment with OpenLDAP and Kerberos or even using FreeIPA?
Everywhere I've ever worked has had an existing AD that I've tied the Linux boxes to. Over the years this has varied in terms of how it is done. At the moment we're doing krb5 auth against AD with local accounts created on machines using puppet.
I've also used SSSD against AD. And in the old days I did stuff with winbind/samba and various other trickery.
I've looked at FreeIPA docs, and there are a lot of them, but there was nothing that stood out as easy to use.
Once you set up something like FreeIPA, or an OpenLDAP/Kerberos setup, is there a good way to decide which users can log into which machines? With something like SSSD I can put a line in the config file on each machine to restrict a particular group to logging into that machine, but is there another option or something I can do centrally?
[link][5 comments]