On 3/17/15 12:09 PM, Martin Kosek wrote: > I would still wished we fixed the original root cause why replication was > failing for you - as this is the obviously expected way of upgrading to > RHEL/CentOS 7.1 from RHEL-6 environment and I think/hope it would be less work > than starting over (depends on how populated is your existing IPA instance).
Yeah, I totally get that, but I've actually been holding up a product launch trying to get things working, or I'd try to work through it longer. :( I'm actually going to just shut down the old server's IPA but not uninstall it, so if there is any progress made on the issue I've opened I may be able to try it with a fresh replication target still. I did run into one snag. Our IPA servers are on the public internet, so I've disabled anonymous bind. However, it appears that the /ipa/migration/ tool requires it; at least, I'm getting this error in httpd/error_log: > migration context search failed: Insufficient access: Inappropriate > authentication: Anonymous access is not allowed. Is there a way to make migration work without anonymous bind? A config file I can change somewhere to force the migration tool to bind as a user? -- Benjamin Reed The OpenNMS Group http://www.opennms.org/
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project