Tony Super via FreeIPA-users wrote: > Hello, > > I am trying to migrate from my an IPA server that has FIPS disabled to an IPA > server that has FIPS enabled. Both the old and the new IPA will have DNS, CA, > and etc. > > I ran: ipa migrate-ds --bind-dn="cn=Directory Manager" > --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts > --group-objectclass=posixgroup --user-ignore-objectclass=mepOriginEntry > --with-compat ldap://oldipa.server.com However, when I login to a client > machine connected to the new IPA server, my file ownership becomes htony : > nobody. > > What steps have I missed within the migration process? > > I've tried exporting cn=groups tree from the old IPA server into a LDIF and > imported to the new IPA server, but it did not solve the problem.
Did your user-private groups migrate? Is there an htony group? What is the group value in getent passwd htony? > For everything else, DNS, sudoers, automount, and etc, can I simply export > from the old server and import into the new server? Probably. It's possible you might have to massage some of the entries but I don't know of anything specific. > I also have 100+ client machines, is there an easy way where I can unjoin the > machines from old-ipa-server and then join to the new-ipa-server? (My > infrastructure is Ansible-enabled) Take a look at the ansible-freeipa project (and not freeipa-ansible). rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue