Done: https://fedorahosted.org/freeipa/ticket/1266
Dan On Tue, May 31, 2011 at 18:26, Dmitri Pal <[email protected]> wrote: > On 05/31/2011 06:02 PM, Dan Scott wrote: >> Hi, >> >> Thanks for all the replies. >> >> On Wed, May 25, 2011 at 18:13, Rob Crittenden <[email protected]> wrote: >>>> I have a FreeIPA 1.2.1 system (1 master and 1 replica server) running >>>> on Fedora 14. I'd like to migrate to FreeIPA 2, now that Fedora 15 has >>>> been released. But I have a few questions: >>>> >>>> 1. Can Fedora 15 clients authenticate against my FreeIPA 1 servers? >>> Yes but you would have to configure it yourself. sssd would work nicely with >>> an ldap/krb5 configuration. >> I've set up a Fedora 15 VM and have successfully configured it to >> authenticate against my FreeIPA 1 servers, so this is good. One small >> problem was that I couldn't get passwordless ssh logins *to* the F15 >> system working. I created and installed a host keytab, same as for all >> the other systems, but no luck. I was able to ssh *from* the F15 >> system without a password however. Any ideas? >> >>>> 3. Can I migrate the servers from FreeIPA 1 to 2 (presumably requiring >>>> an upgrade from Fedora 14 to 15 along the way). >>> You cannot do a straight upgrade, too much changed between the two versions. >>> You should be able to migrate the users and groups using the v2 migration >>> system. This will maintain your user passwords at least. You would need to >>> generate new principals and keytabs for your kerberized services. >> I've setup a Fedora 15 VM and installed the FreeIPA server. I ran the >> ipa migrate-ds command provided in the documentation. All of the user >> groups were migrated successfully, but none of the users were migrated >> due to 'unknown object class "radiusprofile"' errors. >> >> I've seen this post here: >> >> https://www.redhat.com/archives/freeipa-users/2011-May/msg00282.html >> >> but I wanted to add that I don't use any of the radius functionality >> and my FreeIPA v1 installation is pretty standard, so other users >> might run into this. I didn't find a bug report, but can file one if >> needed? >> > > Yes please: https://fedorahosted.org/freeipa/ > >> Thanks, >> >> Dan >> >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IPA project, > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
