Re: [Freeipa-users] Announcing FreeIPA v3.0.0 Release
On 10/12/2012 08:06 PM, Rob Crittenden wrote: The FreeIPA team is proud to announce version FreeIPA v3.0.0. It can be downloaded from http://www.freeipa.org/Downloads. Correction: FreeIPA 3.0.0 can be downloaded from http://www.freeipa.org/page/Downloads Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Announcing FreeIPA v3.0.0 Release
On Fri, Oct 12, 2012 at 8:06 PM, Rob Crittenden rcrit...@redhat.com wrote: The FreeIPA team is proud to announce version FreeIPA v3.0.0. It can be downloaded from http://www.freeipa.org/Downloads. A build is on the way to updates-testing for Fedora 18. FreeIPA 3.0.0 works well in Fedora 17 but we will not be providing a build in the Fedora 17 following Fedora's policy of not moving forward with releases. Nice, thanks! Is RHEL 6.3 going to get it as well or must we wait a bit longer :-) ? -- natxo ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Announcing FreeIPA v3.0.0 Release
Hi, I think it was/is scheduled for 6.4...which is I assume December. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Natxo Asenjo [natxo.ase...@gmail.com] Sent: Monday, 15 October 2012 4:16 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Announcing FreeIPA v3.0.0 Release On Fri, Oct 12, 2012 at 8:06 PM, Rob Crittenden rcrit...@redhat.com wrote: The FreeIPA team is proud to announce version FreeIPA v3.0.0. It can be downloaded from http://www.freeipa.org/Downloads. A build is on the way to updates-testing for Fedora 18. FreeIPA 3.0.0 works well in Fedora 17 but we will not be providing a build in the Fedora 17 following Fedora's policy of not moving forward with releases. Nice, thanks! Is RHEL 6.3 going to get it as well or must we wait a bit longer :-) ? -- natxo ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Announcing FreeIPA v3.0.0 Release
On 10/14/2012 03:32 PM, Steven Jones wrote: Hi, I think it was/is scheduled for 6.4...which is I assume December. No. You expect a bit too soon. The cycle is about 6-7 months but you need to factor in the holiday season. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Natxo Asenjo [natxo.ase...@gmail.com] Sent: Monday, 15 October 2012 4:16 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Announcing FreeIPA v3.0.0 Release On Fri, Oct 12, 2012 at 8:06 PM, Rob Crittenden rcrit...@redhat.com wrote: The FreeIPA team is proud to announce version FreeIPA v3.0.0. It can be downloaded from http://www.freeipa.org/Downloads. A build is on the way to updates-testing for Fedora 18. FreeIPA 3.0.0 works well in Fedora 17 but we will not be providing a build in the Fedora 17 following Fedora's policy of not moving forward with releases. Nice, thanks! Is RHEL 6.3 going to get it as well or must we wait a bit longer :-) ? -- natxo ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Announcing FreeIPA v3.0.0 Release
Hi, Ah, that might explain an approximate date I was given on something else. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal [d...@redhat.com] Sent: Monday, 15 October 2012 2:03 p.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Announcing FreeIPA v3.0.0 Release On 10/14/2012 03:32 PM, Steven Jones wrote: Hi, I think it was/is scheduled for 6.4...which is I assume December. No. You expect a bit too soon. The cycle is about 6-7 months but you need to factor in the holiday season. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Natxo Asenjo [natxo.ase...@gmail.com] Sent: Monday, 15 October 2012 4:16 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Announcing FreeIPA v3.0.0 Release On Fri, Oct 12, 2012 at 8:06 PM, Rob Crittenden rcrit...@redhat.com wrote: The FreeIPA team is proud to announce version FreeIPA v3.0.0. It can be downloaded from http://www.freeipa.org/Downloads. A build is on the way to updates-testing for Fedora 18. FreeIPA 3.0.0 works well in Fedora 17 but we will not be providing a build in the Fedora 17 following Fedora's policy of not moving forward with releases. Nice, thanks! Is RHEL 6.3 going to get it as well or must we wait a bit longer :-) ? -- natxo ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Announcing FreeIPA v3.0.0 Release
The FreeIPA team is proud to announce version FreeIPA v3.0.0. It can be downloaded from http://www.freeipa.org/Downloads. A build is on the way to updates-testing for Fedora 18. FreeIPA 3.0.0 works well in Fedora 17 but we will not be providing a build in the Fedora 17 following Fedora's policy of not moving forward with releases. There is a known issue installing a replica with a dogtag CA in Fedora 18. We are continuing to investigate. Non-CA replica installation is fine, and upgrading a replica with a CA is unaffected. FreeIPA will be participating in a Fedora 18 Test Day next Monday, October 15. For details see http://fedoraproject.org/wiki/Test_Day:2012-10-15_FreeIPA == Highlights in 3.0.0 == * Support for AD Trust * Per-domain DNS permissions * DNS persistent search enabled by default, new zones are seen immediately * New DNS resolver library * Migration improvements * The last administrator cannot be removed or disabled * Forms-based password reset * Redesigned action panels in UI * Sessions for command-line users * Tool to configure automount client, ipa-client-automount * NTLM password hash is generated for existing users on first use of IPA cross-realm environment based on their Kerberos keys without requiring a password change. * Secure identifiers compatible with Active Directory are generated automatically for existing users upon set up of IPA cross-realm environment. * Use certmonger to renew CA subsystem certificates * Support for DNS zone transfers to non-IPA slaves * Internal change to LDAP Distinguished Name handling to be more robust * Better support for Internet Explorer 9 in the UI * Allow multiple servers on client install command-line and configuring without DNS discovery. * Cooperate with new 389-ds-base winsync POSIX plugin so that AD POSIX attribute can be synced with IPA. * Improvements to schema upgrade process. * Exclude some attributes from replication. * Notify success on add, delete and update in UI. * Set the e-mail attribute on new users by default. * SSH public key format has been changed to OpenSSH-style public keys. * Support for the Dogtag CA version 10 * New ipa-client-install option to disable OpenSSH client configuration. * Expand Referential Integrity checks on hosts, SUDO and HBAC rule referential attributes * Run the CLEANALLRUV task when deleting a replication agreement to remove replication meta-data about removed master. See the ipa-replica-manage man page for the list of new commands related to CLEANALLRUV command. * Try to prevent orphaning other servers when deleting a master. * Add missing indices for automount and principal aliases which will improve performance. * Provide a new Firefox extension for configuring the browser. Firefox 15 deprecated the interface we used in the past to set the Kerberos negotiation directives. This new extension will be used on Firefox 15 and beyond, and the older interface for older browsers. * Man page improvements * A SID can be created as the last step of ipa-adtrust-install. * Create a default fallback group for AD trust users. * Support for 389-ds-base 1.3.0. * Move CRL publish directory to IPA owned directory * Add uniqueness plugin configuration for sudorule names. * The initial IPA server with a dogtag CA is configured to generate CRLs. Subsequent masters are configured to not generate CRLs. The CRL is available on a non-generating master at http://fqdn.example.com/ipa/crl/MasterCRL.bin. == Upgrading == An IPA server can be upgraded simply by installing updated rpms. The server does not need to be shut down in advance. Please note, that the referential integrity extension requires an extended set of indexes to be configured. RPM update for an IPA server with a excessive number of hosts, SUDO or HBAC entries may require several minutes to finish. If you have multiple servers you may upgrade them one at a time. It is expected that all servers will be upgraded in a relatively short period (days or weeks not months). They should be able to co-exist peacefully but new features will not be available on old servers and enrolling a new client against an old server will result in the SSH keys not being uploaded. Downgrading a server once upgraded is not supported. Upgrading from 2.2.0 is supported. Upgrading from previous versions is not supported and has not been tested. An enrolled client does not need the new packages installed unless you want to re-enroll it. SSH keys for already installed clients are not uploaded, you will have to re-enroll the client or manually upload the keys. == Feedback == Please provide comments, bugs and other feedback via the freeipa-devel mailing list: http://www.redhat.com/mailman/listinfo/freeipa-devel == Detailed Changelog since 3.0.0 rc2 == Alexander Bokovoy (7): * support multi-line error messages in exceptions * Handle NotFound exception when establishing trust * Fix wrong RID for Domain Admins in the examples of trust