Hello, I am trying to migrate from my an IPA server that has FIPS disabled to an IPA server that has FIPS enabled. Both the old and the new IPA will have DNS, CA, and etc.
I ran: ipa migrate-ds --bind-dn="cn=Directory Manager" --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts --group-objectclass=posixgroup --user-ignore-objectclass=mepOriginEntry --with-compat ldap://oldipa.server.com However, when I login to a client machine connected to the new IPA server, my file ownership becomes htony : nobody. What steps have I missed within the migration process? I've tried exporting cn=groups tree from the old IPA server into a LDIF and imported to the new IPA server, but it did not solve the problem. For everything else, DNS, sudoers, automount, and etc, can I simply export from the old server and import into the new server? I also have 100+ client machines, is there an easy way where I can unjoin the machines from old-ipa-server and then join to the new-ipa-server? (My infrastructure is Ansible-enabled) Thanks in advance! Best, Tony _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
