Lucas Yamanishi wrote:

On 08/17/2012 08:38 AM, Rob Crittenden wrote:
Lucas Yamanishi wrote:

On 08/16/2012 05:39 PM, Rob Crittenden wrote:
Lucas Yamanishi wrote:

On 08/16/2012 05:32 PM, Rob Crittenden wrote:
Lucas Yamanishi wrote:
I just migrated my IPA instance from one to another a couple days
ago to
recover after a lost CA and failed yum upgrade.  The "ipa migrate-ds"
tool works very well, though I am having a few very minor issues.  On
the upside, as far as I can tell, you can skip the steps about
Kerberos
key generation as outlined in the documentation.  I've been able to
kinit just fine with my migrated users.


Below are the few errors I've noticed.

* When I ssh into an enrolled host using a migrated user's
credentials I
get this error:

      id: cannot find name for group ID 104600003\

Does a group exist with that GID? You can try something like:

$ ipa group-find --gid=104600003


The group doesn't exist.  The GID is the counterpart to my UID.

Try adding --private.

rob


Nope. It doesn't exist.

Other groups migrated.  Why would the private groups fail?

I don't know, what have you done to date, including versions?

rob
I've been following the stable Scientific Linux releases since 6.1.
Based on repo archives, I guess that would be 2.0.0-23.el6.x86_64.  The
version was at 2.2.0-16.el6.x86_64 when I migrated, which I had just
upgraded from 2.1.3-9.el6.x86_64.  I migrated to and use now
2.2.0-16.el6.x86_64.

So...
2.0.0-23.el6.x86_64 -> 2.1.3-9.el6.x86_64 -> 2.2.0-16.el6.x86_64 ---->
2.2.0-16.el6.x86_64



Can you verify that managed entries are configured:

# ipa-managed-entries -l

It should return:

UPG Definition
NGP Definition

This enables user-private groups and netgroup-private groups.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to