On ke, 10 maalis 2021, iulian roman via FreeIPA-users wrote:
> On ti, 09 maalis 2021, iulian roman via FreeIPA-users wrote:
>
> Han Boetes (Han on #freeipa) did build Samba against MIT Keberos some
> time ago to experiment with a similar stuff but he runs IPA DC on Fedora
> and only needs Samba domain members on Ubuntu:
>
https://launchpad.net/~hboetes/+archive/ubuntu/samba-mit-kerberos
>
> I do not really recommend running IPA DCs on Ubuntu/Debian at the moment
> if you need trust to Active Directory. This mode is not tested by anyone
> in FreeIPA upstream development team and bugs reported would not be
> fixed.
>
> Since this year, if you need RHEL, you can run RHEL in production as a
> part of the RHEL Developer program as well. It has some limitations
> (only 16 instances of RHEL machines can be done by a single RHEL
> Developer account and it is all self-support unless you buy additional
> support on top of it) but it is a viable option.
Thanks again for the information. Do you recommend a specific RHEL7
minor version which is fully supported and integrated with Idm/IPA ?
FreeIPA is packaged in RHEL as RHEL Identity Management. It is part of
RHEL itself and if you have RHEL subscription, you have support for RHEL
IdM. When RHEL subscription is valid, it applies to all supported RHEL
series but what can be asked for differs by which phase a specific RHEL
version is in.
The following page explains RHEL life cycle phases:
https://access.redhat.com/support/policy/updates/errata
If you are switching to IPA in RHEL, I'd suggest you to look at RHEL 8,
not RHEL 7. RHEL 7 is in maintenance support 2 phase that has a number
of limitations for updates.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland