On 09/16/2015 06:30 PM, Andrey Ptashnik wrote:
Thank you for your feedback!
In my environment I noticed that client machines that are on Red Hat 6 have
version 3.0.0 of IPA client installed.
[root@ptr-test-6 ~]# yum list installed | grep ipa
[root@ptr-test-6 ~]# yum list installed | grep sssd
And I noticed particular behavior with IPA client 3.0.0 and IPA server 4.1 -
when I add machines to the domain using command below:
# ipa-client-install --enable-dns-updates --ssh-trust-dns —mkhomedir
DNS record populate in Forward lookup zone, but no PTR records appear in
Reverse lookup zones. That behavior is not the same with IPA client 4.1 and IPA
server 4.1 version combination.
Do you have enables PTR sync in forward zone configuration and do you
have allowed dynamic updates for reverse zones?
How does the ipa41 client work, does it populate PTR record?
Also during IPA client v. 3.0.0 configuration on version 6 of Red Hat I see
Synchronizing time with KDC...
Enrolled in IPA realm XXXXXXXXX.COM
Attempting to get host TGT...
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/krb5.conf for IPA realm XXXXXXXXX.COM
Forwarding 'env' to server u'https://ipa-idm.XXXXXXXXX.COM/ipa/xml'
Failed to update DNS records.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Forwarding 'host_mod' to server u'https://ipa-idm.XXXXXXXXX.COM/ipa/xml'
Configuring XXXXXXXXX.COM as NIS domain
Client configuration complete.
On 9/16/15, 8:43 AM, "Alexander Bokovoy" <aboko...@redhat.com> wrote:
On Wed, 16 Sep 2015, Andrey Ptashnik wrote:
Dear IPA Team,
We have a situation in our datacenter where we deployed Red Hat 7.1
with IPA server 4.1 and on the other hand we still have older machines
with Red Hat 5 and 6. I noticed that repositories associated with
version 6 have older version of the client software – v.3.0. Therefore
some functionality is missing from client package 3 vs 4, like
automatic update of both forward and reverse DNS records.
Is it possible to install IPA client v. 4 on Red Hat 5 and 6 without
much breaking dependencies in OS?
You don't need to install IPA python packages on older machines. These
packages are mostly for administration purposes.
Automatic update of forward/reverse DNS zones is done by SSSD. RHEL 6
version of SSSD is on par with RHEL 7 version in the recent updates.
Additionally, MIT Kerberos backports were done in the recent updates to
allow OTP functionality in RHEL6 as well. So most of features are there
RHEL5 version does not have such updates and you can implement most of
the support with existing SSSD and output of 'ipa-advise' tool on IPA
masters. nsupdate integration would probably need to be done
Backporting IPA v4.x client code to RHEL 5 or 6 in general makes not
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project