Re: [Freeipa-users] version compatibility between server and client

[Martin Kosek]

On 02/29/2016 07:03 PM, Rakesh Rajasekharan wrote:
> the only reason for me to avoid ipa-client-install was few of our machines
> are Amazon Linux and I was having a tough time setting up ipa over there as
> the yum does not get the repo even with epel enabled.

Ah, right. This was already discussed to some extent there:
https://www.redhat.com/archives/freeipa-users/2016-February/msg00311.html

Amazon Linux does not really fly with FreeIPA and SSSD. So if you want to avoid
these painful processes, I would recommend either increasing the pressure on
Amazon Linux to support it or switching to other AMIs, like CentOS (or even 
RHEL).

> Otherwise, I was able to get this working on all of the other systems ,
> which are centos 6.3

Good! (note that 6.3 is pretty old, IPA server on this version is known to have
some bugs and gaps. Current version is 6.7 or even better, 7.2)

> Are there any documentations on setting IPA on an Amazon Linux, if not, the
> only option would to try compiling this.

CCing Alexander in case he has any resources. But as I said above, current
situation of FreeIPA on Amazon Linux is not great.

> 
> Thanks,
> Rakesh
> 
> On Mon, Feb 29, 2016 at 5:23 PM, Martin Kosek  wrote:
> 
>> On 02/26/2016 05:23 PM, Rakesh Rajasekharan wrote:
>>> Hi!,
>>>
>>> I had successfully set up ipa in our qa environment, but since we are
>>> running cenots 6, i just got 3.0.25 version of IPA.
>>>
>>> I wanted to try out the latest 4.x version, for server by using a centos
>> 7
>>> OS. But have few questions regarding that
>>>
>>> Will there be compatibility issues, if I use a server at 4.x and clients
>> at
>>> 3.0.25
>>
>> Please see
>> http://www.freeipa.org/page/Client#Compatibility
>> There are plans for FreeIPA 4.4 to improve the "ipa" tool/API
>> compatibility too.
>>
>>> Another question is,
>>> >From the documentation, I see that theres an option to manually
>> configure a
>>> client where in we do not have to install freeipa-client using
>>> ipa-client-install
>>>
>>>
>> https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/linux-manual.html
>>
>> Please note that this is a quite old documentation, see here for other
>> options:
>> http://www.freeipa.org/page/Upstream_User_Guide
>>
>>> So that way , I can install the latest version of freeipa server and make
>>> my clients also be able to use the latest verison without actually
>>> installing it.
>>>
>>> But, are there any issues with this approach, and how does it differ from
>>> doing a ipa-client-install on the client machine.
>>
>> I can hardly imagine when manually configuring a FreeIPA client would be a
>> good
>> idea. In vast majority of cases, ipa-client-install is what you want, to
>> configure a client against newer or older FreeIPA server version.
>>
>> Martin
>>
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] version compatibility between server and client

[Martin Kosek]

On 02/26/2016 05:23 PM, Rakesh Rajasekharan wrote:
> Hi!,
> 
> I had successfully set up ipa in our qa environment, but since we are
> running cenots 6, i just got 3.0.25 version of IPA.
> 
> I wanted to try out the latest 4.x version, for server by using a centos 7
> OS. But have few questions regarding that
> 
> Will there be compatibility issues, if I use a server at 4.x and clients at
> 3.0.25

Please see
http://www.freeipa.org/page/Client#Compatibility
There are plans for FreeIPA 4.4 to improve the "ipa" tool/API compatibility too.

> Another question is,
>>From the documentation, I see that theres an option to manually configure a
> client where in we do not have to install freeipa-client using
> ipa-client-install
> 
> https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/linux-manual.html

Please note that this is a quite old documentation, see here for other options:
http://www.freeipa.org/page/Upstream_User_Guide

> So that way , I can install the latest version of freeipa server and make
> my clients also be able to use the latest verison without actually
> installing it.
> 
> But, are there any issues with this approach, and how does it differ from
> doing a ipa-client-install on the client machine.

I can hardly imagine when manually configuring a FreeIPA client would be a good
idea. In vast majority of cases, ipa-client-install is what you want, to
configure a client against newer or older FreeIPA server version.

Martin

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] version compatibility between server and client

[Rakesh Rajasekharan]

Hi!,

I had successfully set up ipa in our qa environment, but since we are
running cenots 6, i just got 3.0.25 version of IPA.

I wanted to try out the latest 4.x version, for server by using a centos 7
OS. But have few questions regarding that

Will there be compatibility issues, if I use a server at 4.x and clients at
3.0.25

Another question is,
>From the documentation, I see that theres an option to manually configure a
client where in we do not have to install freeipa-client using
ipa-client-install

https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/linux-manual.html

So that way , I can install the latest version of freeipa server and make
my clients also be able to use the latest verison without actually
installing it.

But, are there any issues with this approach, and how does it differ from
doing a ipa-client-install on the client machine.

Thanks,
Rakesh
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project