Any ideas on that? Regards,
Andrey Ptashnik | Network Architect CCC Information Services Inc. 222 Merchandise Mart Plaza, Suite 900 Chicago, IL 60654 Office: +1-312-229-2533 | Cell : +1-773-315-0200 | aptash...@cccis.com On 9/16/15, 11:30 AM, "freeipa-users-boun...@redhat.com on behalf of Andrey Ptashnik" <freeipa-users-boun...@redhat.com on behalf of aptash...@cccis.com> wrote: >Alexander, > >Thank you for your feedback! > >In my environment I noticed that client machines that are on Red Hat 6 have >version 3.0.0 of IPA client installed. > >[root@ptr-test-6 ~]# yum list installed | grep ipa >ipa-client.x86_64 3.0.0-47.el6 >ipa-python.x86_64 3.0.0-47.el6 > > >[root@ptr-test-6 ~]# yum list installed | grep sssd >python-sssdconfig.noarch 1.12.4-47.el6 >sssd.x86_64 1.12.4-47.el6 >sssd-ad.x86_64 1.12.4-47.el6 >sssd-client.x86_64 1.12.4-47.el6 >sssd-common.x86_64 1.12.4-47.el6 >sssd-common-pac.x86_64 1.12.4-47.el6 >sssd-ipa.x86_64 1.12.4-47.el6 >sssd-krb5.x86_64 1.12.4-47.el6 >sssd-krb5-common.x86_64 1.12.4-47.el6 >sssd-ldap.x86_64 1.12.4-47.el6 >sssd-proxy.x86_64 1.12.4-47.el6 >[root@ptr-test-6 ~]# > > >And I noticed particular behavior with IPA client 3.0.0 and IPA server 4.1 - >when I add machines to the domain using command below: > ># ipa-client-install --enable-dns-updates --ssh-trust-dns —mkhomedir > >DNS record populate in Forward lookup zone, but no PTR records appear in >Reverse lookup zones. That behavior is not the same with IPA client 4.1 and >IPA server 4.1 version combination. > >Also during IPA client v. 3.0.0 configuration on version 6 of Red Hat I see >output below: > >Synchronizing time with KDC... >Enrolled in IPA realm XXXXXXXXX.COM >Attempting to get host TGT... >Created /etc/ipa/default.conf >New SSSD config will be created >Configured sudoers in /etc/nsswitch.conf >Configured /etc/sssd/sssd.conf >Configured /etc/krb5.conf for IPA realm XXXXXXXXX.COM >trying https://ipa-idm.XXXXXXXXX.COM/ipa/xml >Forwarding 'env' to server u'https://ipa-idm.XXXXXXXXX.COM/ipa/xml' >Failed to update DNS records. >Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub >Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub >Forwarding 'host_mod' to server u'https://ipa-idm.XXXXXXXXX.COM/ipa/xml' >SSSD enabled >Configuring XXXXXXXXX.COM as NIS domain >Configured /etc/openldap/ldap.conf >NTP enabled >Configured /etc/ssh/ssh_config >Configured /etc/ssh/sshd_config >Client configuration complete. > > >Regards, > >Andrey Ptashnik > > > > > > >On 9/16/15, 8:43 AM, "Alexander Bokovoy" <aboko...@redhat.com> wrote: > >>On Wed, 16 Sep 2015, Andrey Ptashnik wrote: >>>Dear IPA Team, >>> >>>We have a situation in our datacenter where we deployed Red Hat 7.1 >>>with IPA server 4.1 and on the other hand we still have older machines >>>with Red Hat 5 and 6. I noticed that repositories associated with >>>version 6 have older version of the client software – v.3.0. Therefore >>>some functionality is missing from client package 3 vs 4, like >>>automatic update of both forward and reverse DNS records. >>> >>>Is it possible to install IPA client v. 4 on Red Hat 5 and 6 without >>>much breaking dependencies in OS? >>You don't need to install IPA python packages on older machines. These >>packages are mostly for administration purposes. >> >>Automatic update of forward/reverse DNS zones is done by SSSD. RHEL 6 >>version of SSSD is on par with RHEL 7 version in the recent updates. >>Additionally, MIT Kerberos backports were done in the recent updates to >>allow OTP functionality in RHEL6 as well. So most of features are there >>already, client-wise. >> >>RHEL5 version does not have such updates and you can implement most of >>the support with existing SSSD and output of 'ipa-advise' tool on IPA >>masters. nsupdate integration would probably need to be done >>differently. >> >>Backporting IPA v4.x client code to RHEL 5 or 6 in general makes not >>much sense. >> >>-- >>/ Alexander Bokovoy > >-- >Manage your subscription for the Freeipa-users mailing list: >https://www.redhat.com/mailman/listinfo/freeipa-users >Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project