[Freeipa-users] Migration from FreeIPA 1.2.1 to 2
Rob Crittenden
rcritten at redhat.com
Wed May 25 22:13:30 UTC 2011
Dan Scott wrote:
> Hello,
>
> I have a FreeIPA 1.2.1 system (1 master and 1 replica server) running
> on Fedora 14. I'd like to migrate to FreeIPA 2, now that Fedora 15 has
> been released. But I have a few questions:
>
> 1. Can Fedora 15 clients authenticate against my FreeIPA 1 servers?
Yes but you would have to configure it yourself. sssd would work nicely
with an ldap/krb5 configuration.
> 2. Can Fedora 14 (and older, and Windows and Mac) clients authenticate
> against FreeIPA 2 servers?
You would need to either build your own Fedora 14 ipa-client v2 package
or manually configure it. The sssd in F-14 should work well even using
the ipa provider.
Windows domain login is not supported.
> 3. Can I migrate the servers from FreeIPA 1 to 2 (presumably requiring
> an upgrade from Fedora 14 to 15 along the way).
You cannot do a straight upgrade, too much changed between the two
versions. You should be able to migrate the users and groups using the
v2 migration system. This will maintain your user passwords at least.
You would need to generate new principals and keytabs for your
kerberized services.
I don't think it would be practical to try to run the two systems
side-by-side.
rob
More information about the Freeipa-users
mailing list