[Freeipa-users] Migration from FreeIPA 1.2.1 to 2

[Steven Jones]

Hi,

As far as I am aware Windows clients can only authenticate against ADs.  So if you need to authenticate Windows you need a password trust/sync setup with AD and yes you need an AD as well as FreeIPA.

>From what's been said in the last day or so the next version of FreeIPA will do interREALM kerberos trusts?....so its looking a bit better than a password sync....but I think you will still need AD and FreeIPA.  From my limited understanding something has to do the authorisation still which is the LDAP bit.....so once you trust the user you still have to put in two places what the user can do....depending on what the user wants to connect to.

regards


________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Dan Scott [danieljamesscott at gmail.com]
Sent: Thursday, 26 May 2011 9:00 a.m.
To: freeipa-users at redhat.com
Subject: [Freeipa-users] Migration from FreeIPA 1.2.1 to 2

Hello,

I have a FreeIPA 1.2.1 system (1 master and 1 replica server) running
on Fedora 14. I'd like to migrate to FreeIPA 2, now that Fedora 15 has
been released. But I have a few questions:

1. Can Fedora 15 clients authenticate against my FreeIPA 1 servers?
2. Can Fedora 14 (and older, and Windows and Mac) clients authenticate
against FreeIPA 2 servers?
3. Can I migrate the servers from FreeIPA 1 to 2 (presumably requiring
an upgrade from Fedora 14 to 15 along the way).

Overall, my questions boil down to this: Can I migrate systems as and
when possible/convenient, or do I have to do 'everything' in one go?

I looked through the documentation, but the V2 docs currently seem
quite developer-centric, does anyone have any links for me?

Thanks,

Dan Scott

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users