On 12/24/2012 08:11 AM, Viktor Mendes wrote: > Hi guys, > > We are going to use the FreeIPA v2.2.0 (the latest one available on CentOS > 6.3) and would like to know if there is a way to do a complete backup / > restore of the server database for disaster recovery purposes? >
Please see the thread about Backup and Restore earlier this month. https://www.redhat.com/archives/freeipa-users/2012-December/msg00118.html > > I have been able to successfully export the userRoot db ldif via db2ldif, > make some changes, then import the ldif via ldif2db. > > However when I try to build a new server with the same hostname, then import > the ldif, that does not work. > > The import is successfull, however when trying to log in to IPA web GUI, I > get an error that the admin password has expired. Here is an output when > tring to change the password (I have restarted krb5kdc service at this point, > as it was coming up with a different error): > > KRB5_TRACE=/dev/stdout kinit admin > [10814] 1356353589.809893: Getting initial credentials for [email protected] > [10814] 1356353589.871805: Sending request (176 bytes) to CO.YB.LMAX > [10814] 1356353589.879177: Sending initial UDP request to dgram > 10.81.10.234:88 > [10814] 1356353589.888809: Received answer from dgram 10.81.10.234:88 > [10814] 1356353589.888893: Response was not from master KDC > [10814] 1356353589.888941: Received error from KDC: -1765328361/Password has > expired > [10814] 1356353589.888969: Retrying AS request with master KDC > [10814] 1356353589.888976: Getting initial credentials for [email protected] > [10814] 1356353589.889033: Sending request (176 bytes) to CO.YB.LMAX (master) > [10814] 1356353589.889087: Principal expired; getting changepw ticket > [10814] 1356353589.889111: Getting initial credentials for [email protected] > [10814] 1356353589.889148: Setting initial creds service to > [10814] 1356353589.889208: Sending request (174 bytes) to CO.YB.LMAX > [10814] 1356353589.889516: Sending initial UDP request to dgram > 10.81.10.234:88 > [10814] 1356353589.901098: Received answer from dgram 10.81.10.234:88 > [10814] 1356353589.901326: Response was not from master KDC > [10814] 1356353589.901340: Received error from KDC: -1765328359/Additional > pre-authentication required > [10814] 1356353589.901596: Processing preauth types: 2, 136, 19, 133 > [10814] 1356353589.901818: Selected etype info: etype aes256-cts, salt > "^X"Ed"/E2,L]'Zs)", params "" > [10814] 1356353589.901825: Received cookie: MIT > Password for [email protected]: > [10814] 1356353596.402451: AS key obtained for encrypted timestamp: > aes256-cts/78C9 > [10814] 1356353596.402608: Encrypted timestamp (for 1356353596.402519): plain > 301AA011180F32303132313232343132353331365AA1050203062457, encrypted > 491EF490A7BFF756A7681BE9271E7925CCA41CC95916282FEFC3375FFBDC0B2A2E18B8501E81E1E14310762BC15351FE549633ABAB0CAB53 > [10814] 1356353596.402627: Produced preauth for next request: 133, 2 > [10814] 1356353596.402648: Sending request (269 bytes) to CO.YB.LMAX > [10814] 1356353596.404303: Sending initial UDP request to dgram > 10.81.10.234:88 > [10814] 1356353596.447924: Received answer from dgram 10.81.10.234:88 > [10814] 1356353596.448011: Response was not from master KDC > [10814] 1356353596.448077: Processing preauth types: 19 > [10814] 1356353596.448094: Selected etype info: etype aes256-cts, salt > "^X"Ed"/E2,L]'Zs)", params "" > [10814] 1356353596.448105: Produced preauth for next request: (empty) > [10814] 1356353596.448116: AS key determined by preauth: aes256-cts/78C9 > [10814] 1356353596.448295: Decrypted AS reply; session key is: aes256-cts/A68E > [10814] 1356353596.448376: FAST negotiation: available > [10814] 1356353596.448483: Attempting password change; 3 tries remaining > Password expired. You must change it now. > Enter new password: > Enter it again: > [10814] 1356353604.147282: Creating authenticator for [email protected] -> > kadmin/[email protected], seqnum 0, subkey aes256-cts/E782, session key > aes256-cts/A68E > [10814] 1356353604.148689: Sending initial UDP request to dgram > 10.81.10.234:464 > [10814] 1356353604.154628: Received answer from dgram 10.81.10.234:464 > kinit: Password change failed while getting initial credentials > > > Thanks in advance for your help > > > Viktor Mendes > > > > Systems Administrator > > > > [email protected] | http://www.LMAX.com > > > > LMAX, Yellow Building, 1a Nicholas Road, London. W11 4AN > > > > > FX and CFDs are leveraged products that can result in losses exceeding > your deposit. They are not suitable for everyone so please ensure you > fully understand the risks involved. The information in this email is not > directed at residents of the United States of America or any other > jurisdiction where trading in CFDs and/or FX is restricted or prohibited > by local laws or regulations. > > The information in this email and any attachment is confidential and is > intended only for the named recipient(s). The email may not be disclosed > or used by any person other than the addressee, nor may it be copied in > any way. If you are not the intended recipient please notify the sender > immediately and delete any copies of this message. Any unauthorised > copying, disclosure or distribution of the material in this e-mail is > strictly forbidden. > > LMAX operates a multilateral trading facility. Authorised and regulated > by the Financial Services Authority (firm registration number 509778) and > is registered in England and Wales (number 06505809). > Our registered address is Yellow Building, 1A Nicholas Road, London, W11 > 4AN. > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
