Hi! While doing a yearly disaster recovery I encountered a strange issue, of the 749 users in production environment 748 got successfully imported, but one user is missing.
"kinit missing.username" just warns that the user was not found in Kerberos database while getting initial credentials. "ipa user-find missing.username" says 0 users matched and WebUI shows there are just 748 users and doesn't see the missing one. It is also not present in "Stage users" or "Preserved users". What logs can I check to troubleshoot this issue? There is nothing special about this user as far I can see. Password will expire next year, he is a member of admin group, but other admins got imported without issues. The issue could also be connected to my next question: for security reasons we have disabled the system admin user (the FreeIPA build in account, the only member of "trust admins" group) - can this action interfere with full backup restore? I did one restore like that and the admin and the missing user could not get the kerberos tickets - now I have enabled the admin user back again and made a full backup and then restored it - and admin account started to work (can log in), but then the issue with missing user arose. I am testing with a VirtualBox and I reverted the failed restore, so the missing user issue is not directly connected to the disabled admin. But it could be connected to admin user not being in the admin group? I suppose the admin user should be a member of admin group when doing restore? We probably also removed it from this group when disabling it - can anybody confirm, that the admin user is part of the admin group in default install? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
