On 02/29/2016 07:03 PM, Rakesh Rajasekharan wrote: > the only reason for me to avoid ipa-client-install was few of our machines > are Amazon Linux and I was having a tough time setting up ipa over there as > the yum does not get the repo even with epel enabled.
Ah, right. This was already discussed to some extent there: https://www.redhat.com/archives/freeipa-users/2016-February/msg00311.html Amazon Linux does not really fly with FreeIPA and SSSD. So if you want to avoid these painful processes, I would recommend either increasing the pressure on Amazon Linux to support it or switching to other AMIs, like CentOS (or even RHEL). > Otherwise, I was able to get this working on all of the other systems , > which are centos 6.3 Good! (note that 6.3 is pretty old, IPA server on this version is known to have some bugs and gaps. Current version is 6.7 or even better, 7.2) > Are there any documentations on setting IPA on an Amazon Linux, if not, the > only option would to try compiling this. CCing Alexander in case he has any resources. But as I said above, current situation of FreeIPA&SSSD on Amazon Linux is not great. > > Thanks, > Rakesh > > On Mon, Feb 29, 2016 at 5:23 PM, Martin Kosek <mko...@redhat.com> wrote: > >> On 02/26/2016 05:23 PM, Rakesh Rajasekharan wrote: >>> Hi!, >>> >>> I had successfully set up ipa in our qa environment, but since we are >>> running cenots 6, i just got 3.0.25 version of IPA. >>> >>> I wanted to try out the latest 4.x version, for server by using a centos >> 7 >>> OS. But have few questions regarding that >>> >>> Will there be compatibility issues, if I use a server at 4.x and clients >> at >>> 3.0.25 >> >> Please see >> http://www.freeipa.org/page/Client#Compatibility >> There are plans for FreeIPA 4.4 to improve the "ipa" tool/API >> compatibility too. >> >>> Another question is, >>> >From the documentation, I see that theres an option to manually >> configure a >>> client where in we do not have to install freeipa-client using >>> ipa-client-install >>> >>> >> https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/linux-manual.html >> >> Please note that this is a quite old documentation, see here for other >> options: >> http://www.freeipa.org/page/Upstream_User_Guide >> >>> So that way , I can install the latest version of freeipa server and make >>> my clients also be able to use the latest verison without actually >>> installing it. >>> >>> But, are there any issues with this approach, and how does it differ from >>> doing a ipa-client-install on the client machine. >> >> I can hardly imagine when manually configuring a FreeIPA client would be a >> good >> idea. In vast majority of cases, ipa-client-install is what you want, to >> configure a client against newer or older FreeIPA server version. >> >> Martin >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project