On 08/16/2012 05:39 PM, Rob Crittenden wrote: > Lucas Yamanishi wrote: >> >> On 08/16/2012 05:32 PM, Rob Crittenden wrote: >>> Lucas Yamanishi wrote: >>>> I just migrated my IPA instance from one to another a couple days >>>> ago to >>>> recover after a lost CA and failed yum upgrade. The "ipa migrate-ds" >>>> tool works very well, though I am having a few very minor issues. On >>>> the upside, as far as I can tell, you can skip the steps about Kerberos >>>> key generation as outlined in the documentation. I've been able to >>>> kinit just fine with my migrated users. >>>> >>>> >>>> Below are the few errors I've noticed. >>>> >>>> * When I ssh into an enrolled host using a migrated user's >>>> credentials I >>>> get this error: >>>> >>>> id: cannot find name for group ID 104600003\ >>> >>> Does a group exist with that GID? You can try something like: >>> >>> $ ipa group-find --gid=104600003 >>> >> >> The group doesn't exist. The GID is the counterpart to my UID. > > Try adding --private. > > rob >
Nope. It doesn't exist. Other groups migrated. Why would the private groups fail? >> >> >>>> >>>> * I see this error in my dirsrv-EXAMPLE/errors log after changing a >>>> password: >>>> >>>> [15/Aug/2012:12:38:24 -0400] ipapwd_setPasswordHistory - [file >>>> ipapwd_common.c, line 926]: failed to generate new password history! >>> >>> It is a red herring. The default is to have no password history, so we >>> don't generate any, then we complain that none was made! I actually have >>> a fix in my tree I plan to propose soon. >>> >>> rob >>> >>>> >>>> >>>> ----- >>>> *question everything*learn something*answer nothing* >>>> ------------ >>>> Lucas Yamanishi >>>> ------------------ >>>> Systems Administrator, ADNET Systems, Inc. >>>> NASA Space and Earth Science Data Analysis (606.9) >>>> 7515 Mission Drive, Suite A100 >>>> Lanham, MD 20706 * 301-352-4646 * 0xE23F3D7A >>>> >>>> On 08/16/2012 05:00 PM, Steven Jones wrote: >>>>> Hi, >>>>> >>>>> What is the default length of time the sssd daemon on a client caches >>>>> for once IPA is off line pls? >>>>> >>>>> Is there any practical way to take the user info from one ipa >>>>> instance/domain and import it into another? I know the client >>>>> machines will have to have ipa un-installed and resetting users >>>>> passwords are not biggees I'd just not rather have to input all the >>>>> groups and hbac rules by hand. >>>>> >>>>> regards >>>>> >>>>> Steven Jones >>>>> >>>>> Technical Specialist - Linux RHCE >>>>> >>>>> Victoria University, Wellington, NZ >>>>> >>>>> 0064 4 463 6272 >>>>> >>>>> _______________________________________________ >>>>> Freeipa-users mailing list >>>>> [email protected] >>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> [email protected] >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> >>> >>> >> > > -- ----- *question everything*learn something*answer nothing* ------------ Lucas Yamanishi ------------------ Systems Administrator, ADNET Systems, Inc. 7515 Mission Drive, Suite A100 Lanham, MD 20706 * 301-352-4646 * 0xE23F3D7A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
