I'm currently trying to figure out the ldap part. With help, I got access to the afs content without moving it. Users are reintroduced to krb, both afs and ldap preserved their user data.
I exported ldap data into a text file and replaced old domains with new ones. Then I imported it back. There is still something wrong there. E.g slapindex only works when pointing specifically the slapd.conf file with -f argument. Hmmm...? I grepped all old domain instances in /etc/ and replaced them, but something more needs to done or I've made a mistake or a typo somewhere. Br,jukka Sent from my iPhone > On 24.9.2013, at 23.12, Kim <[email protected]> wrote: > > Haven't followed the entire discussion, but I would use "vos dump > | vos restore" to copy the data if this hasn't already been ruled > out. > > Keeps ACLs/mountpoints/data ... > > Kim > > > > On Tue Sep 24 15:07:44 CDT 2013, Andrew Deason > <[email protected]> wrote: > >> On Tue, 24 Sep 2013 22:50:47 +0300 (EEST) >> "Jukka Tuominen" <[email protected]> wrote: >> >>>> That shouldn't be the problem here. What actual errors are you >>>> seeing? Can you run 'fs lsm' on the things you can't seem to >>>> access? (That is, 'services' and the homedirs) >>> >>> '/afs/[domain]/service' is a mount point for volume '#service' >>> >>>> fs: You don't have the required access rights on >>> '/afs/[domain]/user/...' >>> >>> Also, >>> fs la /afs/[domain]/service >>> fs: You don't have the required access rights on >>> '/afs/[domain]/service' >> >> Okay, I thought you meant they were just offline or something. If >> that's >> the problem, then it probably is related to authentication; it >> seems >> more like the authentication setup is broken, not related to the >> migration. Are your tokens not working at all, then? (A way to >> test >> would be to try writing to, say, a new file in /afs/.cell/ ) >> >> Do you know what the permissions on these dirs are supposed to >> be? >> >> Do you see anything in syslog, or 'dmesg | tail' on the client >> when you >> try to access these? >> >>>> If you want to copy the data from a 'source' cell to a >>> 'destination' >>>> cell and you can have both available at the same time, you can >>> use the >>>> 'up' tool to copy the directory tree while preserving all of >>> the >>>> afs-specific information and avoiding endless loops. >>> >>> I understood the client pointing to two different domains with a >>> single destiny. I can also switch between the two servers (old >>> and >>> new) one at the time, but I can't understand how the server can >>> hold >>> the two domains at once. When you destroy the krb data, or >>> change the >>> .confs, it only appears as one, AFAIK. Sorry... >> >> Sorry, I meant using two different actual machines for that >> scenario >> (using 'up' to copy the data between the two cells). You'd need >> two >> separate machines for that, or at least two different IPs, so >> it's not >> relevant if you only have the one machine to work with. >> >> It may be possible to do that with one machine by setting up >> chrooted >> servers bound to a different local IP, but... that's getting a >> bit >> complex :) >> >> -- Andrew Deason >> [email protected] >> >> _______________________________________________ >> OpenAFS-info mailing list >> [email protected] >> https://lists.openafs.org/mailman/listinfo/openafs-info >> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
