[Freeipa-users] sssd compatibility with older RHEL 6 minor releases.

Martin Kosek mkosek at redhat.com
Tue Feb 3 16:24:26 UTC 2015 

Also, when upgrading, please make sure to upgrade to the 6.6.z version of SSSD
- there were couple important fixes. AFAIK, the version should be
sssd-1.11.6-30.el6_6.3

Martin

On 02/02/2015 10:35 PM, Genadi Postrilko wrote:
> Thank you for your reply.
> I think ill go with the first option, it about time to upgrade :).
> 
> Genadi.
> 
> 2015-02-01 2:09 GMT+02:00 Dmitri Pal <dpal at redhat.com>:
> 
>>  On 01/31/2015 01:37 PM, Genadi Postrilko wrote:
>>
>>  Hello all.
>>
>>  The environment i'm currently working to migrate under IPA identity
>> management contains mostly RHEL 6.2 servers.
>> I'm planing to use Active Directory Cross Forest Trust for Identities, IPA
>> as sudo provider, and all the other goodies that IPA provides.
>>
>>  If i want to enjoy all the new features (at least most of them), i know
>> that clients have to be sssd version > 1.9. And if i want IPA to be auto
>> configured as sudo provider  it has to be sssd > 1.11.
>>
>>  When reading the mailing list i noticed that sssd 1.11 is mentioned as
>> feature of rhel 6.6.
>> What i would like and understand is what could go wrong if i will install
>> sssd 1.11 on rhel 6.2 servers.And what is is your general recommendations
>> for older RHEL 6 (minor) releases?
>>
>>
>> It will pull a lot of dependencies and most of your system will look like
>> 6.6 system
>> Also the upgrade like this might reveal some issues as the upgrades are
>> expected to be gradual. 1-2 versions is ok but 4 is quit a big leap.
>>
>> Overall it is a bit risky to do it.
>> You have three options:
>> - upgrade properly but probably in two steps 6.2 -> 6.4 -> 6.6
>> - use SSSD from 6.2 as is for now. It will have limited functionality but
>> can leverage AD users from the trust. You would need to configure SSSD to
>> use LDAP for authentication and point to compat tree of IPA to take
>> advantage of the trust. See details here:
>> http://www.freeipa.org/images/0/0d/FreeIPA33-legacy-clients.pdf
>> - take your chances and try a hybrid you propose but it is not a formally
>> supported configuration.
>>
>>
>>  Thanks in advance,
>> Genadi.
>>
>>
>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go To http://freeipa.org for more info on the project
>>
> 
> 
>

More information about the Freeipa-users mailing list