On 12/24/2012 08:11 AM, Viktor Mendes wrote:
> Hi guys,
>
> We are going  to use the FreeIPA v2.2.0 (the latest one available on CentOS 
> 6.3) and would like to know if there is a way to do a complete backup / 
> restore of the server database for disaster recovery purposes?
>  

Please see the thread about Backup and Restore earlier this month.
https://www.redhat.com/archives/freeipa-users/2012-December/msg00118.html

>  
> I have been able to successfully export the userRoot db ldif via db2ldif, 
> make some changes, then import the ldif via ldif2db.
>
> However when I try to build a new server with the same hostname, then import 
> the ldif, that does not work.
>
> The import is successfull, however when trying to log in to IPA web GUI, I 
> get an error that the admin password has expired. Here is an output when 
> tring to change the password (I have restarted krb5kdc service at this point, 
> as it was coming up with a different error):
>
> KRB5_TRACE=/dev/stdout kinit admin
> [10814] 1356353589.809893: Getting initial credentials for ad...@co.yb.lmax
> [10814] 1356353589.871805: Sending request (176 bytes) to CO.YB.LMAX
> [10814] 1356353589.879177: Sending initial UDP request to dgram 
> 10.81.10.234:88
> [10814] 1356353589.888809: Received answer from dgram 10.81.10.234:88
> [10814] 1356353589.888893: Response was not from master KDC
> [10814] 1356353589.888941: Received error from KDC: -1765328361/Password has 
> expired
> [10814] 1356353589.888969: Retrying AS request with master KDC
> [10814] 1356353589.888976: Getting initial credentials for ad...@co.yb.lmax
> [10814] 1356353589.889033: Sending request (176 bytes) to CO.YB.LMAX (master)
> [10814] 1356353589.889087: Principal expired; getting changepw ticket
> [10814] 1356353589.889111: Getting initial credentials for ad...@co.yb.lmax
> [10814] 1356353589.889148: Setting initial creds service to 
> [10814] 1356353589.889208: Sending request (174 bytes) to CO.YB.LMAX
> [10814] 1356353589.889516: Sending initial UDP request to dgram 
> 10.81.10.234:88
> [10814] 1356353589.901098: Received answer from dgram 10.81.10.234:88
> [10814] 1356353589.901326: Response was not from master KDC
> [10814] 1356353589.901340: Received error from KDC: -1765328359/Additional 
> pre-authentication required
> [10814] 1356353589.901596: Processing preauth types: 2, 136, 19, 133
> [10814] 1356353589.901818: Selected etype info: etype aes256-cts, salt 
> "^X"Ed"/E2,L]'Zs)", params ""
> [10814] 1356353589.901825: Received cookie: MIT
> Password for ad...@co.yb.lmax: 
> [10814] 1356353596.402451: AS key obtained for encrypted timestamp: 
> aes256-cts/78C9
> [10814] 1356353596.402608: Encrypted timestamp (for 1356353596.402519): plain 
> 301AA011180F32303132313232343132353331365AA1050203062457, encrypted 
> 491EF490A7BFF756A7681BE9271E7925CCA41CC95916282FEFC3375FFBDC0B2A2E18B8501E81E1E14310762BC15351FE549633ABAB0CAB53
> [10814] 1356353596.402627: Produced preauth for next request: 133, 2
> [10814] 1356353596.402648: Sending request (269 bytes) to CO.YB.LMAX
> [10814] 1356353596.404303: Sending initial UDP request to dgram 
> 10.81.10.234:88
> [10814] 1356353596.447924: Received answer from dgram 10.81.10.234:88
> [10814] 1356353596.448011: Response was not from master KDC
> [10814] 1356353596.448077: Processing preauth types: 19
> [10814] 1356353596.448094: Selected etype info: etype aes256-cts, salt 
> "^X"Ed"/E2,L]'Zs)", params ""
> [10814] 1356353596.448105: Produced preauth for next request: (empty)
> [10814] 1356353596.448116: AS key determined by preauth: aes256-cts/78C9
> [10814] 1356353596.448295: Decrypted AS reply; session key is: aes256-cts/A68E
> [10814] 1356353596.448376: FAST negotiation: available
> [10814] 1356353596.448483: Attempting password change; 3 tries remaining
> Password expired.  You must change it now.
> Enter new password: 
> Enter it again: 
> [10814] 1356353604.147282: Creating authenticator for ad...@co.yb.lmax -> 
> kadmin/chang...@co.yb.lmax, seqnum 0, subkey aes256-cts/E782, session key 
> aes256-cts/A68E
> [10814] 1356353604.148689: Sending initial UDP request to dgram 
> 10.81.10.234:464
> [10814] 1356353604.154628: Received answer from dgram 10.81.10.234:464
> kinit: Password change failed while getting initial credentials
>
>
> Thanks in advance for your help
>
>
> Viktor Mendes 
>
>
>
> Systems Administrator 
>
>
>
> viktor.men...@lmax.com | http://www.LMAX.com 
>
>
>
> LMAX, Yellow Building, 1a Nicholas Road, London. W11 4AN 
>
>
>
>
> FX and CFDs are leveraged products that can result in losses exceeding
> your deposit.  They are not suitable for everyone so please ensure you
> fully understand the risks involved.  The information in this email is not
> directed at residents of the United States of America or any other
> jurisdiction where trading in CFDs and/or FX is restricted or prohibited
> by local laws or regulations.
>
> The information in this email and any attachment is confidential and is
> intended only for the named recipient(s). The email may not be disclosed
> or used by any person other than the addressee, nor may it be copied in
> any way. If you are not the intended recipient please notify the sender
> immediately and delete any copies of this message. Any unauthorised
> copying, disclosure or distribution of the material in this e-mail is
> strictly forbidden.
>
> LMAX operates a multilateral trading facility.  Authorised and regulated 
> by the Financial Services Authority (firm registration number 509778) and
> is registered in England and Wales (number 06505809). 
> Our registered address is Yellow Building, 1A Nicholas Road, London, W11
> 4AN.
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to