Re: [Freeipa-users] ipa 2 client connecting to ipa 3 server
On 08/20/2014 09:49 PM, Dmitri Pal wrote: On 08/20/2014 09:43 PM, Rob Crittenden wrote: Walid wrote: Thanks Rob, we have native python2.4, and anaconda python 2.7, so i guess if anything needs python 2.6 or greater it would not be an issue. I am just wondering if there are people using the upstream project in such a legacy system ;-) It's not just python, it's all the modules as well. In the end the issue isn't so much ipa-client as all the related dependencies. The ipa-client package just helps configure things, sssd does all the heavy lifting. If you wanted to backport anything I'd start there, and it is likely extremely non-trivial. I know that people still use RHEL-5 and the current 2.2-based client. It, and its related packages, generally works fine you just miss out on some of the newer features, particularly in sssd (like sudo and autofs). You can try to build sssd on 5.3 but I suspect it will require so many dependencies that you system would look more like a 5.10. You can try but this will be an adventurous effort. For old systems like that we recommend using what they had then and not SSSD. Users will be able to authenticate and posix data will be the same as on the more modern systems which should be sufficient for the needs of those old systems anyways. JFTR, note that you can also authenticate with users from potentially trusted AD domains by using: http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts Preso here: http://www.freeipa.org/images/0/0d/FreeIPA33-legacy-clients.pdf Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] ipa 2 client connecting to ipa 3 server
Walid wrote: Hello All, What is the recommendation on having ipa2 clients connecting to IPA 3 server, we have some RHEL5.3 clients (I know they are EOL, however end user still wants as it is) that we would like to connect them to IPA 3.x server running RHEL6.5. Should work fine with no problems. Any one running free-ipa on RHEL instead of the Red Hat packages on RHEL5, and RHEL6? Depending on the versions of IPA and RHEL it can be difficult but not impossible. The biggest obstacle is missing or older dependencies, some of which are extremely non-trivial to backport. RHEL 5 still has Python 2.4 which makes the backport that much more difficult. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] ipa 2 client connecting to ipa 3 server
Thanks Dmitri, so sssd is out of the picture in this case? On 20 August 2014 16:43, Dmitri Pal d...@redhat.com wrote: On 08/20/2014 03:30 PM, Walid wrote: Hello All, What is the recommendation on having ipa2 clients connecting to IPA 3 server, we have some RHEL5.3 clients (I know they are EOL, however end user still wants as it is) that we would like to connect them to IPA 3.x server running RHEL6.5. Any one running free-ipa on RHEL instead of the Red Hat packages on RHEL5, and RHEL6? regards Walid 5.3 clean can be connected to IPA using pam_krb5 or pam_ldap for authentication and nss_ldap for identity. Perfectly reasonable and supported configuration. No need to run unsupported packages on RHEL. -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] ipa 2 client connecting to ipa 3 server
Thanks Rob, we have native python2.4, and anaconda python 2.7, so i guess if anything needs python 2.6 or greater it would not be an issue. I am just wondering if there are people using the upstream project in such a legacy system ;-) On 20 August 2014 16:55, Rob Crittenden rcrit...@redhat.com wrote: Walid wrote: Hello All, What is the recommendation on having ipa2 clients connecting to IPA 3 server, we have some RHEL5.3 clients (I know they are EOL, however end user still wants as it is) that we would like to connect them to IPA 3.x server running RHEL6.5. Should work fine with no problems. Any one running free-ipa on RHEL instead of the Red Hat packages on RHEL5, and RHEL6? Depending on the versions of IPA and RHEL it can be difficult but not impossible. The biggest obstacle is missing or older dependencies, some of which are extremely non-trivial to backport. RHEL 5 still has Python 2.4 which makes the backport that much more difficult. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] ipa 2 client connecting to ipa 3 server
Walid wrote: Thanks Rob, we have native python2.4, and anaconda python 2.7, so i guess if anything needs python 2.6 or greater it would not be an issue. I am just wondering if there are people using the upstream project in such a legacy system ;-) It's not just python, it's all the modules as well. In the end the issue isn't so much ipa-client as all the related dependencies. The ipa-client package just helps configure things, sssd does all the heavy lifting. If you wanted to backport anything I'd start there, and it is likely extremely non-trivial. I know that people still use RHEL-5 and the current 2.2-based client. It, and its related packages, generally works fine you just miss out on some of the newer features, particularly in sssd (like sudo and autofs). rob On 20 August 2014 16:55, Rob Crittenden rcrit...@redhat.com mailto:rcrit...@redhat.com wrote: Walid wrote: Hello All, What is the recommendation on having ipa2 clients connecting to IPA 3 server, we have some RHEL5.3 clients (I know they are EOL, however end user still wants as it is) that we would like to connect them to IPA 3.x server running RHEL6.5. Should work fine with no problems. Any one running free-ipa on RHEL instead of the Red Hat packages on RHEL5, and RHEL6? Depending on the versions of IPA and RHEL it can be difficult but not impossible. The biggest obstacle is missing or older dependencies, some of which are extremely non-trivial to backport. RHEL 5 still has Python 2.4 which makes the backport that much more difficult. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] ipa 2 client connecting to ipa 3 server
On 08/20/2014 09:43 PM, Rob Crittenden wrote: Walid wrote: Thanks Rob, we have native python2.4, and anaconda python 2.7, so i guess if anything needs python 2.6 or greater it would not be an issue. I am just wondering if there are people using the upstream project in such a legacy system ;-) It's not just python, it's all the modules as well. In the end the issue isn't so much ipa-client as all the related dependencies. The ipa-client package just helps configure things, sssd does all the heavy lifting. If you wanted to backport anything I'd start there, and it is likely extremely non-trivial. I know that people still use RHEL-5 and the current 2.2-based client. It, and its related packages, generally works fine you just miss out on some of the newer features, particularly in sssd (like sudo and autofs). You can try to build sssd on 5.3 but I suspect it will require so many dependencies that you system would look more like a 5.10. You can try but this will be an adventurous effort. For old systems like that we recommend using what they had then and not SSSD. Users will be able to authenticate and posix data will be the same as on the more modern systems which should be sufficient for the needs of those old systems anyways. rob On 20 August 2014 16:55, Rob Crittenden rcrit...@redhat.com mailto:rcrit...@redhat.com wrote: Walid wrote: Hello All, What is the recommendation on having ipa2 clients connecting to IPA 3 server, we have some RHEL5.3 clients (I know they are EOL, however end user still wants as it is) that we would like to connect them to IPA 3.x server running RHEL6.5. Should work fine with no problems. Any one running free-ipa on RHEL instead of the Red Hat packages on RHEL5, and RHEL6? Depending on the versions of IPA and RHEL it can be difficult but not impossible. The biggest obstacle is missing or older dependencies, some of which are extremely non-trivial to backport. RHEL 5 still has Python 2.4 which makes the backport that much more difficult. rob -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project