I just migrated my IPA instance from one to another a couple days ago to recover after a lost CA and failed yum upgrade. The "ipa migrate-ds" tool works very well, though I am having a few very minor issues. On the upside, as far as I can tell, you can skip the steps about Kerberos key generation as outlined in the documentation. I've been able to kinit just fine with my migrated users.
Below are the few errors I've noticed. * When I ssh into an enrolled host using a migrated user's credentials I get this error: id: cannot find name for group ID 104600003 * I see this error in my dirsrv-EXAMPLE/errors log after changing a password: [15/Aug/2012:12:38:24 -0400] ipapwd_setPasswordHistory - [file ipapwd_common.c, line 926]: failed to generate new password history! ----- *question everything*learn something*answer nothing* ------------ Lucas Yamanishi ------------------ Systems Administrator, ADNET Systems, Inc. NASA Space and Earth Science Data Analysis (606.9) 7515 Mission Drive, Suite A100 Lanham, MD 20706 * 301-352-4646 * 0xE23F3D7A On 08/16/2012 05:00 PM, Steven Jones wrote: > Hi, > > What is the default length of time the sssd daemon on a client caches for > once IPA is off line pls? > > Is there any practical way to take the user info from one ipa instance/domain > and import it into another? I know the client machines will have to have ipa > un-installed and resetting users passwords are not biggees I'd just not > rather have to input all the groups and hbac rules by hand. > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
