On 12/24/2012 08:11 AM, Viktor Mendes wrote:
> Hi guys,
> We are going to use the FreeIPA v2.2.0 (the latest one available on CentOS
> 6.3) and would like to know if there is a way to do a complete backup /
> restore of the server database for disaster recovery purposes?
Please see the thread about Backup and Restore earlier this month.
> I have been able to successfully export the userRoot db ldif via db2ldif,
> make some changes, then import the ldif via ldif2db.
> However when I try to build a new server with the same hostname, then import
> the ldif, that does not work.
> The import is successfull, however when trying to log in to IPA web GUI, I
> get an error that the admin password has expired. Here is an output when
> tring to change the password (I have restarted krb5kdc service at this point,
> as it was coming up with a different error):
> KRB5_TRACE=/dev/stdout kinit admin
>  1356353589.809893: Getting initial credentials for ad...@co.yb.lmax
>  1356353589.871805: Sending request (176 bytes) to CO.YB.LMAX
>  1356353589.879177: Sending initial UDP request to dgram
>  1356353589.888809: Received answer from dgram 10.81.10.234:88
>  1356353589.888893: Response was not from master KDC
>  1356353589.888941: Received error from KDC: -1765328361/Password has
>  1356353589.888969: Retrying AS request with master KDC
>  1356353589.888976: Getting initial credentials for ad...@co.yb.lmax
>  1356353589.889033: Sending request (176 bytes) to CO.YB.LMAX (master)
>  1356353589.889087: Principal expired; getting changepw ticket
>  1356353589.889111: Getting initial credentials for ad...@co.yb.lmax
>  1356353589.889148: Setting initial creds service to
>  1356353589.889208: Sending request (174 bytes) to CO.YB.LMAX
>  1356353589.889516: Sending initial UDP request to dgram
>  1356353589.901098: Received answer from dgram 10.81.10.234:88
>  1356353589.901326: Response was not from master KDC
>  1356353589.901340: Received error from KDC: -1765328359/Additional
> pre-authentication required
>  1356353589.901596: Processing preauth types: 2, 136, 19, 133
>  1356353589.901818: Selected etype info: etype aes256-cts, salt
> "^X"Ed"/E2,L]'Zs)", params ""
>  1356353589.901825: Received cookie: MIT
> Password for ad...@co.yb.lmax:
>  1356353596.402451: AS key obtained for encrypted timestamp:
>  1356353596.402608: Encrypted timestamp (for 1356353596.402519): plain
> 301AA011180F32303132313232343132353331365AA1050203062457, encrypted
>  1356353596.402627: Produced preauth for next request: 133, 2
>  1356353596.402648: Sending request (269 bytes) to CO.YB.LMAX
>  1356353596.404303: Sending initial UDP request to dgram
>  1356353596.447924: Received answer from dgram 10.81.10.234:88
>  1356353596.448011: Response was not from master KDC
>  1356353596.448077: Processing preauth types: 19
>  1356353596.448094: Selected etype info: etype aes256-cts, salt
> "^X"Ed"/E2,L]'Zs)", params ""
>  1356353596.448105: Produced preauth for next request: (empty)
>  1356353596.448116: AS key determined by preauth: aes256-cts/78C9
>  1356353596.448295: Decrypted AS reply; session key is: aes256-cts/A68E
>  1356353596.448376: FAST negotiation: available
>  1356353596.448483: Attempting password change; 3 tries remaining
> Password expired. You must change it now.
> Enter new password:
> Enter it again:
>  1356353604.147282: Creating authenticator for ad...@co.yb.lmax ->
> kadmin/chang...@co.yb.lmax, seqnum 0, subkey aes256-cts/E782, session key
>  1356353604.148689: Sending initial UDP request to dgram
>  1356353604.154628: Received answer from dgram 10.81.10.234:464
> kinit: Password change failed while getting initial credentials
> Thanks in advance for your help
> Viktor Mendes
> Systems Administrator
> viktor.men...@lmax.com | http://www.LMAX.com
> LMAX, Yellow Building, 1a Nicholas Road, London. W11 4AN
> FX and CFDs are leveraged products that can result in losses exceeding
> your deposit. They are not suitable for everyone so please ensure you
> fully understand the risks involved. The information in this email is not
> directed at residents of the United States of America or any other
> jurisdiction where trading in CFDs and/or FX is restricted or prohibited
> by local laws or regulations.
> The information in this email and any attachment is confidential and is
> intended only for the named recipient(s). The email may not be disclosed
> or used by any person other than the addressee, nor may it be copied in
> any way. If you are not the intended recipient please notify the sender
> immediately and delete any copies of this message. Any unauthorised
> copying, disclosure or distribution of the material in this e-mail is
> strictly forbidden.
> LMAX operates a multilateral trading facility. Authorised and regulated
> by the Financial Services Authority (firm registration number 509778) and
> is registered in England and Wales (number 06505809).
> Our registered address is Yellow Building, 1A Nicholas Road, London, W11
> Freeipa-users mailing list
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list