I just migrated my IPA instance from one to another a couple days ago to
recover after a lost CA and failed yum upgrade.  The "ipa migrate-ds"
tool works very well, though I am having a few very minor issues.  On
the upside, as far as I can tell, you can skip the steps about Kerberos
key generation as outlined in the documentation.  I've been able to
kinit just fine with my migrated users.

Below are the few errors I've noticed.

* When I ssh into an enrolled host using a migrated user's credentials I
get this error:

  id: cannot find name for group ID 104600003

* I see this error in my dirsrv-EXAMPLE/errors log after changing a

  [15/Aug/2012:12:38:24 -0400] ipapwd_setPasswordHistory - [file
ipapwd_common.c, line 926]: failed to generate new password history!

*question everything*learn something*answer nothing*
Lucas Yamanishi
Systems Administrator, ADNET Systems, Inc.
NASA Space and Earth Science Data Analysis (606.9)
7515 Mission Drive, Suite A100
Lanham, MD 20706 * 301-352-4646 * 0xE23F3D7A

On 08/16/2012 05:00 PM, Steven Jones wrote:
> Hi,
> What is the default length of time the sssd daemon on a client caches for 
> once IPA is off line pls?
> Is there any practical way to take the user info from one ipa instance/domain 
> and import it into another?  I know the client machines will have to have ipa 
> un-installed and resetting users passwords are not biggees I'd just not 
> rather have to input all the groups and hbac rules by hand.
> regards
> Steven Jones
> Technical Specialist - Linux RHCE
> Victoria University, Wellington, NZ
> 0064 4 463 6272
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Attachment: signature.asc
Description: OpenPGP digital signature

Freeipa-users mailing list

Reply via email to