Hi guys,

We are going  to use the FreeIPA v2.2.0 (the latest one available on CentOS 
6.3) and would like to know if there is a way to do a complete backup / restore 
of the server database for disaster recovery purposes?
 
 
I have been able to successfully export the userRoot db ldif via db2ldif, make 
some changes, then import the ldif via ldif2db.

However when I try to build a new server with the same hostname, then import 
the ldif, that does not work.

The import is successfull, however when trying to log in to IPA web GUI, I get 
an error that the admin password has expired. Here is an output when tring to 
change the password (I have restarted krb5kdc service at this point, as it was 
coming up with a different error):

KRB5_TRACE=/dev/stdout kinit admin
[10814] 1356353589.809893: Getting initial credentials for ad...@co.yb.lmax
[10814] 1356353589.871805: Sending request (176 bytes) to CO.YB.LMAX
[10814] 1356353589.879177: Sending initial UDP request to dgram 10.81.10.234:88
[10814] 1356353589.888809: Received answer from dgram 10.81.10.234:88
[10814] 1356353589.888893: Response was not from master KDC
[10814] 1356353589.888941: Received error from KDC: -1765328361/Password has 
expired
[10814] 1356353589.888969: Retrying AS request with master KDC
[10814] 1356353589.888976: Getting initial credentials for ad...@co.yb.lmax
[10814] 1356353589.889033: Sending request (176 bytes) to CO.YB.LMAX (master)
[10814] 1356353589.889087: Principal expired; getting changepw ticket
[10814] 1356353589.889111: Getting initial credentials for ad...@co.yb.lmax
[10814] 1356353589.889148: Setting initial creds service to 
[10814] 1356353589.889208: Sending request (174 bytes) to CO.YB.LMAX
[10814] 1356353589.889516: Sending initial UDP request to dgram 10.81.10.234:88
[10814] 1356353589.901098: Received answer from dgram 10.81.10.234:88
[10814] 1356353589.901326: Response was not from master KDC
[10814] 1356353589.901340: Received error from KDC: -1765328359/Additional 
pre-authentication required
[10814] 1356353589.901596: Processing preauth types: 2, 136, 19, 133
[10814] 1356353589.901818: Selected etype info: etype aes256-cts, salt 
"^X"Ed"/E2,L]'Zs)", params ""
[10814] 1356353589.901825: Received cookie: MIT
Password for ad...@co.yb.lmax: 
[10814] 1356353596.402451: AS key obtained for encrypted timestamp: 
aes256-cts/78C9
[10814] 1356353596.402608: Encrypted timestamp (for 1356353596.402519): plain 
301AA011180F32303132313232343132353331365AA1050203062457, encrypted 
491EF490A7BFF756A7681BE9271E7925CCA41CC95916282FEFC3375FFBDC0B2A2E18B8501E81E1E14310762BC15351FE549633ABAB0CAB53
[10814] 1356353596.402627: Produced preauth for next request: 133, 2
[10814] 1356353596.402648: Sending request (269 bytes) to CO.YB.LMAX
[10814] 1356353596.404303: Sending initial UDP request to dgram 10.81.10.234:88
[10814] 1356353596.447924: Received answer from dgram 10.81.10.234:88
[10814] 1356353596.448011: Response was not from master KDC
[10814] 1356353596.448077: Processing preauth types: 19
[10814] 1356353596.448094: Selected etype info: etype aes256-cts, salt 
"^X"Ed"/E2,L]'Zs)", params ""
[10814] 1356353596.448105: Produced preauth for next request: (empty)
[10814] 1356353596.448116: AS key determined by preauth: aes256-cts/78C9
[10814] 1356353596.448295: Decrypted AS reply; session key is: aes256-cts/A68E
[10814] 1356353596.448376: FAST negotiation: available
[10814] 1356353596.448483: Attempting password change; 3 tries remaining
Password expired.  You must change it now.
Enter new password: 
Enter it again: 
[10814] 1356353604.147282: Creating authenticator for ad...@co.yb.lmax -> 
kadmin/chang...@co.yb.lmax, seqnum 0, subkey aes256-cts/E782, session key 
aes256-cts/A68E
[10814] 1356353604.148689: Sending initial UDP request to dgram 10.81.10.234:464
[10814] 1356353604.154628: Received answer from dgram 10.81.10.234:464
kinit: Password change failed while getting initial credentials


Thanks in advance for your help


Viktor Mendes 



Systems Administrator 



viktor.men...@lmax.com | http://www.LMAX.com 



LMAX, Yellow Building, 1a Nicholas Road, London. W11 4AN 




FX and CFDs are leveraged products that can result in losses exceeding
your deposit.  They are not suitable for everyone so please ensure you
fully understand the risks involved.  The information in this email is not
directed at residents of the United States of America or any other
jurisdiction where trading in CFDs and/or FX is restricted or prohibited
by local laws or regulations.

The information in this email and any attachment is confidential and is
intended only for the named recipient(s). The email may not be disclosed
or used by any person other than the addressee, nor may it be copied in
any way. If you are not the intended recipient please notify the sender
immediately and delete any copies of this message. Any unauthorised
copying, disclosure or distribution of the material in this e-mail is
strictly forbidden.

LMAX operates a multilateral trading facility.  Authorised and regulated 
by the Financial Services Authority (firm registration number 509778) and
is registered in England and Wales (number 06505809). 
Our registered address is Yellow Building, 1A Nicholas Road, London, W11
4AN.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to