[Freeipa-users] Re: is anyone running Debian as freeipa-client
Hello, That works!! My bugreport update mainly was about trouble with chrony andere ntp. With no-ntp option I can enroll Debian clients. This is serieus good news. Thanks you! Greetz, j. Op za 16 feb. 2019 11:46 schreef Timo Aaltonen On 16.2.2019 10.40, Johan Vermeulen via FreeIPA-users wrote: > > Hello, > > > > thanks for helping me out. > > I have replied tot the bug report, additional info is in there. > > I am nog yet familiar with bug report etiquette, wasn't sure where to > > reply to. > > for some reason that reply never got to me.. anyway, if you don't use > chrony you should probably use '--no-ntp' for ipa-client-install > > > -- > t > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
On 16.2.2019 10.40, Johan Vermeulen via FreeIPA-users wrote: > Hello, > > thanks for helping me out. > I have replied tot the bug report, additional info is in there. > I am nog yet familiar with bug report etiquette, wasn't sure where to > reply to. for some reason that reply never got to me.. anyway, if you don't use chrony you should probably use '--no-ntp' for ipa-client-install -- t ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
Hello, thanks for helping me out. I have replied tot the bug report, additional info is in there. I am nog yet familiar with bug report etiquette, wasn't sure where to reply to. Greetings, J. Op za 16 feb. 2019 09:21 schreef Timo Aaltonen via FreeIPA-users < freeipa-users@lists.fedorahosted.org: > On 11.2.2019 15.19, Johan Vermeulen via FreeIPA-users wrote: > > Hello All, > > > > I'm seeing package freeipa-client now in Debian 10 Buster, that is great! > > But ipa-client-install fails: > > > > Joining realm failed: http response code is 500, not 200 > > I asked you a question on the bug report, but you haven't replied? > > > > -- > t > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
On 11.2.2019 15.19, Johan Vermeulen via FreeIPA-users wrote: > Hello All, > > I'm seeing package freeipa-client now in Debian 10 Buster, that is great! > But ipa-client-install fails: > > Joining realm failed: http response code is 500, not 200 I asked you a question on the bug report, but you haven't replied? -- t ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
Hello All, I'm seeing package freeipa-client now in Debian 10 Buster, that is great! But ipa-client-install fails: Joining realm failed: http response code is 500, not 200 greetings, J. Op do 7 feb. 2019 om 17:24 schreef Johan Vermeulen : > Hello, > > thanks for al the work on this. > > In the mean time I guess the freeze is already there. > So how does it go from here with Buster/freeipa? > > Grtz j. > > > Op vr 11 jan. 2019 om 11:43 schreef Timo Aaltonen via FreeIPA-users < > freeipa-users@lists.fedorahosted.org>: > >> On 11.1.2019 12.10, Alexander Bokovoy wrote: >> > On pe, 11 tammi 2019, Timo Aaltonen via FreeIPA-users wrote: >> >> On 10.1.2019 0.14, Eric Engstrom via FreeIPA-users wrote: >> one option would be to only build freeipa-client, but that'd leave >> anyone using the server out in the cold. >> >>> >> >>> Since some of us are running the server on different distros, what do >> >>> you see as the blockers to getting freeipa-client into debian, >> >>> presumably without -server? >> >>> >> >>> And, in the interest of moving this forward, where should I look to >> >>> contribute to getting freeipa-client up on debian (buster, or ). >> >> >> >> Actually, nss-pem got accepted so the last (functional) blocker is now >> >> kinda fixed for the client. >> >> >> >> The server is still blocked on other things, like Dogtag being broken >> >> with current java even while everything builds and should work with >> it.. >> > Timo, >> > >> > could you describe in more detail what is missing/blocked? >> >> What's missing is a working CA :) I sent a message to pki-users@ about >> this. >> >> Other than that it needs update to 4.7.2 (now at 4.7.1), testing etc, so >> the usual maintenance.. It's been a couple of months since I was able to >> get a server up because of other components. And nss-pem is very fresh >> on Debian. Once Dogtag is fixed I'm sure there will be new minor issues >> since the last time. Still a month to go before Buster is frozen. >> >> One thing to mention separately is missing support for opendnssec 2.x, >> since Fedora is still on 1.4.x... >> https://pagure.io/freeipa/issue/6873 >> >> I'm not sure how much work is left to be done. Opendnssec got a new >> maintainer this week, maybe we'll be able to sort this out together.. >> >> -- >> t >> ___ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >> > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
Hello, thanks for al the work on this. In the mean time I guess the freeze is already there. So how does it go from here with Buster/freeipa? Grtz j. Op vr 11 jan. 2019 om 11:43 schreef Timo Aaltonen via FreeIPA-users < freeipa-users@lists.fedorahosted.org>: > On 11.1.2019 12.10, Alexander Bokovoy wrote: > > On pe, 11 tammi 2019, Timo Aaltonen via FreeIPA-users wrote: > >> On 10.1.2019 0.14, Eric Engstrom via FreeIPA-users wrote: > one option would be to only build freeipa-client, but that'd leave > anyone using the server out in the cold. > >>> > >>> Since some of us are running the server on different distros, what do > >>> you see as the blockers to getting freeipa-client into debian, > >>> presumably without -server? > >>> > >>> And, in the interest of moving this forward, where should I look to > >>> contribute to getting freeipa-client up on debian (buster, or ). > >> > >> Actually, nss-pem got accepted so the last (functional) blocker is now > >> kinda fixed for the client. > >> > >> The server is still blocked on other things, like Dogtag being broken > >> with current java even while everything builds and should work with it.. > > Timo, > > > > could you describe in more detail what is missing/blocked? > > What's missing is a working CA :) I sent a message to pki-users@ about > this. > > Other than that it needs update to 4.7.2 (now at 4.7.1), testing etc, so > the usual maintenance.. It's been a couple of months since I was able to > get a server up because of other components. And nss-pem is very fresh > on Debian. Once Dogtag is fixed I'm sure there will be new minor issues > since the last time. Still a month to go before Buster is frozen. > > One thing to mention separately is missing support for opendnssec 2.x, > since Fedora is still on 1.4.x... > https://pagure.io/freeipa/issue/6873 > > I'm not sure how much work is left to be done. Opendnssec got a new > maintainer this week, maybe we'll be able to sort this out together.. > > -- > t > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
Hi Eric, On 1/10/19 2:33 PM, Eric Engstrom via FreeIPA-users wrote: > >> I am using freeipa 4.4.4-3 and sssd 1.16.3-1 on Stretch. Just the >> client part of freeipa, of course. Requires systemd for running >> ipa-client-install, but it works fine for me. > > Harald, > > Could you be a bit more specific about the method of installing a client on > stretch? Are you downloading the packages manually and installing via dpkg > or what repositories are you referencing to get apt* to do the right thing - > presumably sid/unstable if the latter... > I manually picked up the freeipa packages for Sid and added them to my local backports repository for Stretch (without rebuild). I *did* a local backport of sssd 1.16.3-1, though. ipa-client-install command line on Stretch: ipa-client-install --no-ssh --no-sshd --no-nisdomain --no-sudo --no-ntp --no-dns-sshfp sed -i.bak -e 's/compat/files/g' -e 's/^sudoers\:/\#sudoers\:/' /etc/nsswitch.conf Your mileage may vary, of course. Regards Harri ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
On 11.1.2019 12.10, Alexander Bokovoy wrote: > On pe, 11 tammi 2019, Timo Aaltonen via FreeIPA-users wrote: >> On 10.1.2019 0.14, Eric Engstrom via FreeIPA-users wrote: one option would be to only build freeipa-client, but that'd leave anyone using the server out in the cold. >>> >>> Since some of us are running the server on different distros, what do >>> you see as the blockers to getting freeipa-client into debian, >>> presumably without -server? >>> >>> And, in the interest of moving this forward, where should I look to >>> contribute to getting freeipa-client up on debian (buster, or ). >> >> Actually, nss-pem got accepted so the last (functional) blocker is now >> kinda fixed for the client. >> >> The server is still blocked on other things, like Dogtag being broken >> with current java even while everything builds and should work with it.. > Timo, > > could you describe in more detail what is missing/blocked? What's missing is a working CA :) I sent a message to pki-users@ about this. Other than that it needs update to 4.7.2 (now at 4.7.1), testing etc, so the usual maintenance.. It's been a couple of months since I was able to get a server up because of other components. And nss-pem is very fresh on Debian. Once Dogtag is fixed I'm sure there will be new minor issues since the last time. Still a month to go before Buster is frozen. One thing to mention separately is missing support for opendnssec 2.x, since Fedora is still on 1.4.x... https://pagure.io/freeipa/issue/6873 I'm not sure how much work is left to be done. Opendnssec got a new maintainer this week, maybe we'll be able to sort this out together.. -- t ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
On pe, 11 tammi 2019, Timo Aaltonen via FreeIPA-users wrote: On 10.1.2019 0.14, Eric Engstrom via FreeIPA-users wrote: one option would be to only build freeipa-client, but that'd leave anyone using the server out in the cold. Since some of us are running the server on different distros, what do you see as the blockers to getting freeipa-client into debian, presumably without -server? And, in the interest of moving this forward, where should I look to contribute to getting freeipa-client up on debian (buster, or ). Actually, nss-pem got accepted so the last (functional) blocker is now kinda fixed for the client. The server is still blocked on other things, like Dogtag being broken with current java even while everything builds and should work with it.. Timo, could you describe in more detail what is missing/blocked? -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
On 10.1.2019 0.14, Eric Engstrom via FreeIPA-users wrote: >> one option would be to only build freeipa-client, but that'd leave >> anyone using the server out in the cold. > > Since some of us are running the server on different distros, what do you see > as the blockers to getting freeipa-client into debian, presumably without > -server? > > And, in the interest of moving this forward, where should I look to > contribute to getting freeipa-client up on debian (buster, or ). Actually, nss-pem got accepted so the last (functional) blocker is now kinda fixed for the client. The server is still blocked on other things, like Dogtag being broken with current java even while everything builds and should work with it.. -- t ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
> I am using freeipa 4.4.4-3 and sssd 1.16.3-1 on Stretch. Just the > client part of freeipa, of course. Requires systemd for running > ipa-client-install, but it works fine for me. Harald, Could you be a bit more specific about the method of installing a client on stretch? Are you downloading the packages manually and installing via dpkg or what repositories are you referencing to get apt* to do the right thing - presumably sid/unstable if the latter... Thanks, Eric ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
> one option would be to only build freeipa-client, but that'd leave > anyone using the server out in the cold. Since some of us are running the server on different distros, what do you see as the blockers to getting freeipa-client into debian, presumably without -server? And, in the interest of moving this forward, where should I look to contribute to getting freeipa-client up on debian (buster, or ). ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
Hi Johan, I am using freeipa 4.4.4-3 and sssd 1.16.3-1 on Stretch. Just the client part of freeipa, of course. Requires systemd for running ipa-client-install, but it works fine for me. My ipa servers are running on CentOS 7. Regards Harri ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
Hello All, thanks for the replie, I really appreciate it. I will try with the package from snapshot.debian.org. greetings, J. Op zo 2 dec. 2018 om 10:43 schreef Timo Aaltonen : > On 30.11.2018 18.28, Johan Vermeulen via FreeIPA-users wrote: > > Hello All, > > > > first of all, we have great success running Freeipa and Freeipa-clients > > on Centos. > > Thanks for making this possible! I think this is a really important > > peace of software for Linux. > > > > Now it would come in handy if I could field some Debian clients for some > > purposes. > > But on the current stable release there is no freeipa client. > > I have installed some freeipa-clients from unstable, but it's not ideal. > > There won't be official freeipa packages in a Debian release until > certain blockers are fixed: > > - certmonger fully ported to openssl (to avoid requiring nss-pem) > - Dogtag ported to JDK11 (WIP, likely not going to happen soon enough > for buster) > - Dogtag ported to newer resteasy (who knows when) > > one option would be to only build freeipa-client, but that'd leave > anyone using the server out in the cold. > > > -- > t > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
On 30.11.2018 18.28, Johan Vermeulen via FreeIPA-users wrote: > Hello All, > > first of all, we have great success running Freeipa and Freeipa-clients > on Centos. > Thanks for making this possible! I think this is a really important > peace of software for Linux. > > Now it would come in handy if I could field some Debian clients for some > purposes. > But on the current stable release there is no freeipa client. > I have installed some freeipa-clients from unstable, but it's not ideal. There won't be official freeipa packages in a Debian release until certain blockers are fixed: - certmonger fully ported to openssl (to avoid requiring nss-pem) - Dogtag ported to JDK11 (WIP, likely not going to happen soon enough for buster) - Dogtag ported to newer resteasy (who knows when) one option would be to only build freeipa-client, but that'd leave anyone using the server out in the cold. -- t ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
On Fri, 2018-11-30 at 21:42 +0100, Jochen Hein via FreeIPA-users wrote: > I've installed the client packages from snapshot.debian.org with a > version near the freeze for the next release. That's working fine > for > me, but you won't get security fixes that way. This is basically what I'm doing: https://gist.github.com/alexpdp7/98e3bad91cd44a3f11e88bbc9ee113c0 I have a pretty oddball configuration management setup, but that should be easily adaptable to sane environments. Cheers, Álex -- ___ {~._.~} ( Y ) ()~*~() mail: alex at corcoles dot net (_)-(_) http://alex.corcoles.net/ ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
We are using FreeIPA Debian clients, been using snapshots or sid packages for that since it is very nicely constrained wrt dependencies. Using our IoC/configuration management/orchestration tooling we simply push a number of packages to the clients and install them and their in-repo dependencies. From an older log (few years old?) we seem to mostly push: freeipa-client_4.4.4-3_amd64.deb freeipa-common_4.4.4-3_all.deb libipa-hbac0_1.15.2-1_amd64.deb libsss-idmap0_1.15.2-1_amd64.deb python-ipaclient_4.4.4-3_all.deb python-ipalib_4.4.4-3_all.deb python-libipa-hbac_1.15.2-1_amd64.deb python-sss_1.15.2-1_amd64.deb sssd-ad-common_1.15.2-1_amd64.deb sssd-ad_1.15.2-1_amd64.deb sssd-common_1.15.2-1_amd64.deb sssd-ipa_1.15.2-1_amd64.deb sssd-krb5-common_1.15.2-1_amd64.deb sssd-krb5_1.15.2-1_amd64.deb sssd-ldap_1.15.2-1_amd64.deb sssd-proxy_1.15.2-1_amd64.deb sssd_1.15.2-1_amd64.deb and then auto upgrade from then on. We have the luxury of running most systems immutable (changes in RAM) or re-spin the VMs (and thus deregister/re-enroll) them constantly via CI/CD, so that mitigates a small amount of security issues with this method as there is no persistence on the machines. We enroll automatically and remove hosts via the API that are no longer in our VM inventory. A newer/more secure setup should be feasible using recent packages etc. but I haven’t had this as my main track in Ops projects for a few months. As far as I know, we have had zero incidents and it’s been running stable for years, including upgrades and replacing masters with newer versions. John > On 30 Nov 2018, at 17:28, Johan Vermeulen via FreeIPA-users > wrote: > > Hello All, > > first of all, we have great success running Freeipa and Freeipa-clients on > Centos. > Thanks for making this possible! I think this is a really important peace of > software for Linux. > > Now it would come in handy if I could field some Debian clients for some > purposes. > But on the current stable release there is no freeipa client. > I have installed some freeipa-clients from unstable, but it's not ideal. > > I'm wondering, is anyone doing this at the moment. > Is there some repo for this? > Can this be compiled from source? > > Thanks for any help. > > Greetings, J. > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
Another option might be able to use packages from Ubuntu somehow? I've been playing with a replica on a device (Rock64) running Armbian (which appears mostly Ubuntu based, which in turn is Debian based), and was able to upgrade it from Bionic to Cosmic to get the more recent FreeIPA packages which solved some ARM installation problems I was having (I'd use Fedora but this device I'm playing with is not currently supported under Fedora). I did still run into some issues when trying to set up a CA replica, which appear to be fixed in a new version of Dogtag but even Cosmic doesn't seem to have that update yet. The client packages worked fine though as far as I could tell, and the base replica installation plus DNS seemed to work fine, I just ran into issues with CA replica. On Fri, Nov 30, 2018 at 2:43 PM Jochen Hein via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Johan Vermeulen via FreeIPA-users > writes: > > > Now it would come in handy if I could field some Debian clients for some > > purposes. > > But on the current stable release there is no freeipa client. > > I have installed some freeipa-clients from unstable, but it's not ideal. > > > > I'm wondering, is anyone doing this at the moment. > > Is there some repo for this? > > Can this be compiled from source? > > I've installed the client packages from snapshot.debian.org with a > version near the freeze for the next release. That's working fine for > me, but you won't get security fixes that way. > > On the other hand other packages seem more relevant for security > patches, like sssd, kerberos, or certmonger - and these are part of > debian. > > So, I'm quite happy with the packages from snapshots. > Jochen > > -- > This space is intentionally left blank. > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: is anyone running Debian as freeipa-client
Johan Vermeulen via FreeIPA-users writes: > Now it would come in handy if I could field some Debian clients for some > purposes. > But on the current stable release there is no freeipa client. > I have installed some freeipa-clients from unstable, but it's not ideal. > > I'm wondering, is anyone doing this at the moment. > Is there some repo for this? > Can this be compiled from source? I've installed the client packages from snapshot.debian.org with a version near the freeze for the next release. That's working fine for me, but you won't get security fixes that way. On the other hand other packages seem more relevant for security patches, like sssd, kerberos, or certmonger - and these are part of debian. So, I'm quite happy with the packages from snapshots. Jochen -- This space is intentionally left blank. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org