On 08/20/2012 12:09 PM, Lucas Yamanishi wrote: > On 08/20/2012 08:44 AM, Rob Crittenden wrote: >> Lucas Yamanishi wrote: >>> >>> On 08/17/2012 08:38 AM, Rob Crittenden wrote: >>>> Lucas Yamanishi wrote: >>>>> >>>>> On 08/16/2012 05:39 PM, Rob Crittenden wrote: >>>>>> Lucas Yamanishi wrote: >>>>>>> >>>>>>> On 08/16/2012 05:32 PM, Rob Crittenden wrote: >>>>>>>> Lucas Yamanishi wrote: >>>>>>>>> I just migrated my IPA instance from one to another a couple days >>>>>>>>> ago to >>>>>>>>> recover after a lost CA and failed yum upgrade. The "ipa >>>>>>>>> migrate-ds" >>>>>>>>> tool works very well, though I am having a few very minor >>>>>>>>> issues. On >>>>>>>>> the upside, as far as I can tell, you can skip the steps about >>>>>>>>> Kerberos >>>>>>>>> key generation as outlined in the documentation. I've been able to >>>>>>>>> kinit just fine with my migrated users. >>>>>>>>> >>>>>>>>> >>>>>>>>> Below are the few errors I've noticed. >>>>>>>>> >>>>>>>>> * When I ssh into an enrolled host using a migrated user's >>>>>>>>> credentials I >>>>>>>>> get this error: >>>>>>>>> >>>>>>>>> id: cannot find name for group ID 104600003\ >>>>>>>> >>>>>>>> Does a group exist with that GID? You can try something like: >>>>>>>> >>>>>>>> $ ipa group-find --gid=104600003 >>>>>>>> >>>>>>> >>>>>>> The group doesn't exist. The GID is the counterpart to my UID. >>>>>> >>>>>> Try adding --private. >>>>>> >>>>>> rob >>>>>> >>>>> >>>>> Nope. It doesn't exist. >>>>> >>>>> Other groups migrated. Why would the private groups fail? >>>> >>>> I don't know, what have you done to date, including versions? >>>> >>>> rob >>> I've been following the stable Scientific Linux releases since 6.1. >>> Based on repo archives, I guess that would be 2.0.0-23.el6.x86_64. The >>> version was at 2.2.0-16.el6.x86_64 when I migrated, which I had just >>> upgraded from 2.1.3-9.el6.x86_64. I migrated to and use now >>> 2.2.0-16.el6.x86_64. >>> >>> So... >>> 2.0.0-23.el6.x86_64 -> 2.1.3-9.el6.x86_64 -> 2.2.0-16.el6.x86_64 ----> >>> 2.2.0-16.el6.x86_64 >>> >>> >> >> Can you verify that managed entries are configured: >> >> # ipa-managed-entries -l >> >> It should return: >> >> UPG Definition >> NGP Definition >> >> This enables user-private groups and netgroup-private groups. >> >> rob > Yes. That returned as expected. >
The why and how of this aside, is there any easy way to repopulate all my private groups? -- ----- *question everything*learn something*answer nothing* ------------ Lucas Yamanishi ------------------ Systems Administrator, ADNET Systems, Inc. 7515 Mission Drive, Suite A100 Lanham, MD 20706 * 301-352-4646 * 0xE23F3D7A _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users