On 08/20/2012 08:44 AM, Rob Crittenden wrote: > Lucas Yamanishi wrote: >> >> On 08/17/2012 08:38 AM, Rob Crittenden wrote: >>> Lucas Yamanishi wrote: >>>> >>>> On 08/16/2012 05:39 PM, Rob Crittenden wrote: >>>>> Lucas Yamanishi wrote: >>>>>> >>>>>> On 08/16/2012 05:32 PM, Rob Crittenden wrote: >>>>>>> Lucas Yamanishi wrote: >>>>>>>> I just migrated my IPA instance from one to another a couple days >>>>>>>> ago to >>>>>>>> recover after a lost CA and failed yum upgrade. The "ipa >>>>>>>> migrate-ds" >>>>>>>> tool works very well, though I am having a few very minor >>>>>>>> issues. On >>>>>>>> the upside, as far as I can tell, you can skip the steps about >>>>>>>> Kerberos >>>>>>>> key generation as outlined in the documentation. I've been able to >>>>>>>> kinit just fine with my migrated users. >>>>>>>> >>>>>>>> >>>>>>>> Below are the few errors I've noticed. >>>>>>>> >>>>>>>> * When I ssh into an enrolled host using a migrated user's >>>>>>>> credentials I >>>>>>>> get this error: >>>>>>>> >>>>>>>> id: cannot find name for group ID 104600003\ >>>>>>> >>>>>>> Does a group exist with that GID? You can try something like: >>>>>>> >>>>>>> $ ipa group-find --gid=104600003 >>>>>>> >>>>>> >>>>>> The group doesn't exist. The GID is the counterpart to my UID. >>>>> >>>>> Try adding --private. >>>>> >>>>> rob >>>>> >>>> >>>> Nope. It doesn't exist. >>>> >>>> Other groups migrated. Why would the private groups fail? >>> >>> I don't know, what have you done to date, including versions? >>> >>> rob >> I've been following the stable Scientific Linux releases since 6.1. >> Based on repo archives, I guess that would be 2.0.0-23.el6.x86_64. The >> version was at 2.2.0-16.el6.x86_64 when I migrated, which I had just >> upgraded from 2.1.3-9.el6.x86_64. I migrated to and use now >> 2.2.0-16.el6.x86_64. >> >> So... >> 2.0.0-23.el6.x86_64 -> 2.1.3-9.el6.x86_64 -> 2.2.0-16.el6.x86_64 ----> >> 2.2.0-16.el6.x86_64 >> >> > > Can you verify that managed entries are configured: > > # ipa-managed-entries -l > > It should return: > > UPG Definition > NGP Definition > > This enables user-private groups and netgroup-private groups. > > rob Yes. That returned as expected.
-- ----- *question everything*learn something*answer nothing* ------------ Lucas Yamanishi ------------------ Systems Administrator, ADNET Systems, Inc. 7515 Mission Drive, Suite A100 Lanham, MD 20706 * 301-352-4646 * 0xE23F3D7A _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
