We don't use NTP or DNS from IPA, as we have other systems for that. We've copied all users, groups, netgroups and created HBAC rules to replace the pam_access system we use on non-IPA servers. We haven't converted the LDAP sudo-rules to IPA yet, but that should be easy enough.
Most of our servers are running RHEL5 and RHEL6, but not many are migrated into IPA yet. Mostly because of lack of time / other priorities, but also because we've been hitting some problems with SSSD crashing on the RHEL5 clients (have a hot fix for it from RH now).
So, currently we use IPA for doing plain LDAP bind() authentication on some systems (works just the same as our old LDAP directory), full IPA clients on some RHEL6 servers, IPA is the authentication system for our RHEV installation. We're also looking into replicating between IPA and Active Directory, so that we can have the same userdatabase on both Windows and Linux servers.
I'm very much looking forward to killing the Sun Identity Managed LDAP directory, and have a complete kerberized environment with managed by IPA.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds