Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 03-15-2015, 06:44 AM   #1
LQ Newbie
Registered: Sep 2014
Posts: 5

Rep: Reputation: Disabled
Samba4 vs OpenLDAP vs FreeIPA - what's the best for debian network?

Hello, I want to deploy some AD-like login and user management. All devices in network use Linux (Debian, 5-10 workstations).
The first idea is to use Samba4 because everyone is talking about how it is AD-compliant, but I think it's not needed, because there's no windows workstations, and it gives additional windows-specific tools and protocols like netbios, etc.

Next thought is, that FreeIPA is good idea, but I don't see it in Debian's repos (only sid).
I could try to install it from sid, but I'm afraid it's not stable and production ready. I see it stable only in RedHat family (centos/fedora).
What is more, freeipa-client is not even in jessie's repo. I heard about sssd as a client in Debian for FreeIPA.

The last idea is to use OpenLDAP. I'm sure it's supported by Debian very well, but I'm afraid of lack of integration with other tools like kerberos, etc. I've got ntp, dns, dhcp, some file sharing, etc. done right now without ldap, so I don't really need all that additional stuff.

Is using Centos/Fedora is only way to have FreeIPA?
Is it possible and supported to use Debian as client of FreeIPA?

Do you have any advice on the best way to do this?
Old 03-15-2015, 07:11 PM   #2
Senior Member
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653
My recommendation would be IPA but I'm not sure what state it's in for Debian, the client is simply a helper script that will install and configure the required services such as ntp, ldap, kerberos etc ... nothing you couldn't do manually.
Old 03-15-2015, 08:07 PM   #3
Senior Member
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
It depends on if you need single sign on vs. just network authentication. We use just plain old OpenLDAP at work with over 700 clients that are various sorts of Linux (no Windows, but one guinea pig iMac with OS X is set to authenticate with OpenLDAP). However, we just need a single authentication and authorization source, not single sign on. If you need single sign on or suspect you might want it in the future, then I agree FreeIPA is the way to go. If, however, you just need a common repository for user information, IMO you can't beat the simplicitly of regular old OpenLDAP. I decided against FreeIPA for the exact reason you mentioned -- it wants to have control over too many other services that I already had running well. Plus, I didn't really need the single sign on (it would have been nice, but not a deal-breaker).


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Copy Samba4 DC user to another Samba4 DC include userPassword troya Linux - Server 0 04-29-2014 06:44 AM
Freeipa vs Samba4 : will Redhat dump freeipa in favor of Samba4? exodius Linux - Enterprise 1 12-16-2013 02:16 AM
Samba4 AD error with smbclient and Debian Wheezy Toasterman Linux - Server 1 10-18-2013 10:06 AM
Samba4 + openldap mario.almeida Linux - Server 1 05-24-2013 02:54 AM
Active Directory Replacement OpenLdap and/or freeipa? Lantzvillian Linux - Server 7 09-13-2012 06:20 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:22 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration