[Freeipa-users] IPA Client join
Roland Kaeser
roland.kaeser at intersoft-networks.ch
Fri Apr 8 13:13:00 UTC 2011
Hello Rob
Thanks for the srpm. Sorry but I just had time now to compile and test it. While installing and testing ipa-client-install, I found a small installation dependency problem in the spec.
To install the rpm the package nss-tools should be required. This provides /usr/bin/certutil which is executed by the ipa-client-install while joining the realm and getting the certificate. You eventually can add this additional installation dependency to the spec file.
Thanks
Roland
----- Ursprüngliche Mail -----
Von: "Rob Crittenden" <rcritten at redhat.com>
An: "Roland Käser" <roland.kaeser at intersoft-networks.ch>
CC: freeipa-users at redhat.com
Gesendet: Freitag, 1. April 2011 16:54:24
Betreff: Re: [Freeipa-users] IPA Client join
Roland Kaeser wrote:
> Hello
>
>> The next update will be in 6.1. I can probably cobble together a srpm
>> that would work on 6.0 until 6.1 is released if you'd like.
>
> Is there a definitive release date for 6.1? I would like to have srpm for 6.0, if possible, to start building up my pilot.
> Thanks
Attached is a srpm that updates the OIDs. I did a very brief smoke-test
and was able to join a 6.0 client to a F-15 server. The tarball is still
alpha 3.
rob
>
> Roland
>
>
> ----- Ursprüngliche Mail -----
> Von: "Rob Crittenden"<rcritten at redhat.com>
> An: "Roland Käser"<roland.kaeser at intersoft-networks.ch>
> CC: freeipa-users at redhat.com
> Gesendet: Donnerstag, 31. März 2011 20:46:27
> Betreff: Re: [Freeipa-users] IPA Client join
>
> Roland Kaeser wrote:
>> Hello
>>
>>> Will there be an update to the ipa-client package in RHEL 6.0, or do we have to wait for RHEL 6.1?
>
> The next update will be in 6.1. I can probably cobble together a srpm
> that would work on 6.0 until 6.1 is released if you'd like.
>
>>
>> So which is the software stack to use for my pilot and the later production environment?
>> I wouldn't like to use Fedora in company production environments. I would be really prefer to use RHEL6/6.1
>> I also checked the latest avialable fedora 15 version. I only can find a alpha version iso from february, 28.
>>
>> I would really like to have a software stack which works with freeipa (client/server) and afs-server.
>
> Yeah, this is a bit of a grey area right now. IPA does a lot of cat
> herding and keeping all the various versions of the packages we require
> in sync is very tedious.
>
> For a pilot I think you'd be fine using Fedora 14 though I would
> recommend doing some amount of re-testing in F-15 once it is released.
> We've done 80% of our development in F-14 and it works very well. The
> dogtag project built F-14 packages for us as a favor. They don't want to
> support deployments of it because they've done zero testing of their own
> on F-14. You'd need to build the packages yourself though, we haven't
> pushed this to F-14 because of the dogtag issue. mock should be able to
> build it fairly painlessly.
>
> What I've done for my F-15 installations is to install F-14 and then
> upgrade to Fedora-15 from there. It has been fairly painless. The GA IPA
> release is in the stable repo of F-15 now.
>
> regards
>
> rob
>
>>
>>
>> ----- Ursprüngliche Mail -----
>> Von: "Sigbjorn Lie"<sigbjorn at nixtra.com>
>> An: "Rob Crittenden"<rcritten at redhat.com>
>> CC: "Roland Käser"<roland.kaeser at intersoft-networks.ch>, freeipa-users at redhat.com
>> Gesendet: Donnerstag, 31. März 2011 16:14:34
>> Betreff: Re: [Freeipa-users] IPA Client join
>>
>>>
>>> In rc2 we had to make a change to the OID used for some operations
>>> because they were duplicated. The OID for the ipa-getkeytab operation was one of them, so older
>>> clients don't work with newer servers. IIRC the EL6 ipa-client was based on the alpha 3 release.
>>>
>>> I attached a patch that gives the general idea of what needs to change.
>>> It was originally for the EL 5 branch but it may work with few changes
>>> in EL6.
>>>
>>
>> Will there be an update to the ipa-client package in RHEL 6.0, or do we have to wait for RHEL 6.1?
>>
>>
>> Rgds,
>> Siggi
>>
>>
>>
>
>
--
InterSoft Networks
Roland Käser, Systems Engineer OpenSource
Fulachstr. 197, 8200 Schaffhausen
Tel: +41 77 415 79 11
------------------------------------------------------------------------------------------------------------------------------
Diejenigen, die ihre Freiheit zugunsten der Sicherheit aufgeben,
werden am Ende keines von beiden haben - und verdienen es auch nicht.
(Benjamin Franklin)
------------------------------------------------------------------------------------------------------------------------------
More information about the Freeipa-users
mailing list