Hi, I`ve got an IPA with a broken CA infrastructure (don`t know what happened, but new clients cannot be registered) It is even not possible to setup a new replica. So, I wanted to setup a new IPA Server with new CA, and I want to move all users with their passwords to the new IPA instance. I`ve tried with 'ipa migrate-ds'
ipa migrate-ds --continue --bind-dn="cn=Directory Manager" --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts --group-objectclass=posixgroup --group-overwrite-gid --with-compat ldap://<ldapserver> The output is OK ======= Passwords have been migrated in pre-hashed format. IPA is unable to generate Kerberos keys unless provided with clear text passwords. All migrated users need to login at https://your.domain/ipa/migration/ before they can use their Kerberos accounts. ======== But the ipa/migration website is not working for me. Anyway, is there a way to export the users with passwords? I think I have to export some kerberos specific stuff from the old IPA? Best regards, Rene
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project