Not sure if they did drop their other scripts into github (as suggested two
thirds down)
Regards
Angus
On 17 August 2018 at 10:09, Alfredo De Luca via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Hi Rob. It worked. Thanks.
It was confusing for me the name *migrated *thinking was the new host
rather than the *"old"* .
Now users/groups are there and whoever has the password needs to connect
to the new server in order to recreate their password with kerberos. I
guess who has the ssh keys don't need to to that...right?
Now I need to migrate manually the hbac,sudo etc....
Thanks
On Thu, Aug 16, 2018 at 4:00 PM Alfredo De Luca <alfredo.deluca(a)gmail.com>
wrote:
> Thanks Rob. I ll give a try.
> CHeers
>
> On Thu, Aug 16, 2018 at 2:31 PM Rob Crittenden <rcritten(a)redhat.com>
> wrote:
>
>> Alfredo De Luca via FreeIPA-users wrote:
>> > Hi Florence.
>> > But the example says ldap://*migrated*.freeipa.server.test
>> >
>> > so I ran the command from the actual server where I want migrate the
>> > users from and pointing to the migrated (so the new which I will
>> migrate
>> > to) server...
>> > So is it wrong?
>> > So should I run the command instead fron the new ipa server pointing to
>> > the old server?
>>
>> The old server. You have been trying to migrate the server to itself.
>>
>> rob
>>
>> >
>> >
>> >
>> > On Thu, Aug 16, 2018 at 1:02 PM Florence Blanc-Renaud <flo(a)redhat.com
>> > <mailto:flo@redhat.com>> wrote:
>> >
>> > On 08/16/2018 12:37 PM, Alfredo De Luca via FreeIPA-users wrote:
>> > > The IP is the new server where I'd like to migrate all the
>> > user/groups
>> > > to and it should be ok.
>> > > The migrate-ds is the default I copy from the
freeipa.org
>> > <
http://freeipa.org>
>> > > <
http://freeipa.org> migration section..
>> > >
>> > Hi,
>> >
>> > the ldap URI should point to the server where the users are
>> currently
>> > defined (=the FROM server).
>> >
>> > Hope this clarifies,
>> > flo
>> > >
>> > >
>> > >
>> > > On Tue, Aug 14, 2018 at 7:00 PM Rob Crittenden
>> > <rcritten(a)redhat.com <mailto:rcritten@redhat.com>
>> > > <mailto:rcritten@redhat.com
<mailto:rcritten@redhat.com>>>
>> wrote:
>> > >
>> > > Alfredo De Luca via FreeIPA-users wrote:
>> > > > Hi Rob.
>> > > > Yes. I am following the link you sent. So now I can
>> understand
>> > > they need
>> > > > to create the new Kerberos but given the command I
should
>> have
>> > > seen all
>> > > > the users in the new freeipa server... which are not
>> there.
>> > > > Maybe I put a wrong command? (below)
>> > > >
>> > > > ipa migrate-ds --bind-dn="cn=Directory
Manager"
>> > > > --user-container=cn=users,cn=accounts
>> --group-overwrite-gid
>> > > > --group-container=cn=groups,cn=accounts
>> > > --group-objectclass=posixgroup
>> > > >
>> > >
>> > --user-ignore-attribute={krbPrincipalName,krbextradata,
>> krblastfailedauth,krblastpwdchange,krblastsuccessfulauth,
>> krbloginfailedcount,krbpasswordexpiration,krbticketflags,
>> krbpwdpolicyreference,mepManagedEntry}
>> > > > --user-ignore-objectclass=mepOriginEntry --with-compat
>> > > > ldap://192.168.20.177:389
<
http://192.168.20.177:389>
>> > <
http://192.168.20.177:389>
>> > > <
http://192.168.20.177:389>
>> > > >
>> > > > Password:
>> > > > -----------
>> > > > migrate-ds:
>> > > > -----------
>> > > > Migrated:
>> > > > group: admins, editors
>> > > > Failed user:
>> > > > admin: This entry already exists
>> > > > Failed group:
>> > > > ----------
>> > > > Passwords have been migrated in pre-hashed format.
>> > > > IPA is unable to generate Kerberos keys unless provided
>> > > > with clear text passwords. All migrated users need to
>> > > > login at
https://your.domain/ipa/migration/ before they
>> > > > can use their Kerberos accounts.
>> > >
>> > > It isn't finding any of your users. Are you sure that IP
>> > address points
>> > > to your existing IPA instance?
>> > >
>> > > rob
>> > >
>> > >
>> > >
>> > > --
>> > > /Alfredo/
>> > >
>> > >
>> > >
>> > > _______________________________________________
>> > > FreeIPA-users mailing list -- freeipa-users@lists.
>>
fedorahosted.org
>> > <mailto:freeipa-users@lists.fedorahosted.org>
>> > > To unsubscribe send an email to
>> > freeipa-users-leave(a)lists.fedorahosted.org
>> > <mailto:freeipa-users-leave@lists.fedorahosted.org>
>> > > Fedora Code of Conduct:
https://getfedora.org/code-of-
>> conduct.html
>> > > List Guidelines:
>> >
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> > > List Archives:
>> >
https://lists.fedoraproject.org/archives/list/freeipa-
>> users(a)lists.fedorahosted.org/message/N3LK45PLAZOV3SA2TRNI6SYQKTNQQPF3/
>> > >
>> >
>> >
>> >
>> > --
>> > /Alfredo/
>> >
>> >
>> >
>> > _______________________________________________
>> > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> > To unsubscribe send an email to freeipa-users-leave@lists.
>>
fedorahosted.org
>> > Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
>> > List Guidelines:
https://fedoraproject.org/
>> wiki/Mailing_list_guidelines
>> > List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-
>> users(a)lists.fedorahosted.org/message/VPSB6HPG4J3ZGJHOPA3IQTRJ56GGS4ZR/
>> >
>>
>>
>
> --
> *Alfredo*
>
>
--
*Alfredo*
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-
users(a)lists.fedorahosted.org/message/KI32QFU4SCN3CKBP6ZODISPLPLFYW3S2/