Hi Florence.
I created an new IPA server and tried to migrate but I got the following ...
*Passwords have been migrated in pre-hashed format.*
*IPA is unable to generate Kerberos keys unless provided*
*with clear text passwords. All migrated users need to*
*login at
before they*
*can use their Kerberos accounts.*
Alfredo
On Mon, Aug 13, 2018 at 2:04 PM Alfredo De Luca <alfredo.deluca(a)gmail.com>
wrote:
Thanks heaps Florence. Appreciated
Alfredo
On Mon, Aug 13, 2018 at 11:42 AM Florence Blanc-Renaud <flo(a)redhat.com>
wrote:
> On 08/13/2018 11:17 AM, Alfredo De Luca via FreeIPA-users wrote:
> > Hi Florence. yes this clarify my question. So or I will build an new
> > FreeIPA then manually add all the users/groups etc ... or maybe import
> > at least some users with some sort of ldap command?
> >
> Hi,
>
> FreeIPA provides a tool to migrate users/groups: ipa migrate-ds, see [1]
>
> Note that other objects need to be migrated manually (sudo, hbac, ...).
> The procedure involves retrieving the objects with ldapsearch into a
> ldif file, editing the ldif to replace the basedn, and importing to the
> new server.
>
> There are a few knowledge base articles related to this topic, for
> instance Migrating Your IDM Environment To a New Environment in RHEL 7
> [2]. You may also find additional information in the users mailing list.
>
> HTH,
> flo
>
> [1]
>
>
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
> [2]
https://access.redhat.com/articles/2949931
>
> > Cheers
> >
> >
> > On Mon, Aug 13, 2018 at 8:38 AM Florence Blanc-Renaud <flo(a)redhat.com
> > <mailto:flo@redhat.com>> wrote:
> >
> > On 08/11/2018 06:11 PM, Alfredo De Luca via FreeIPA-users wrote:
> > > Hi all.
> > > We'd like to change the domain name on our freeipa (4.5.4 on
> centos
> > > 7.5). Not the realm but only the domain....
> > > is it doable?
> > > If so... how?
> > >
> > Hi,
> >
> > unfortunately, no. Please have a look at IdM documentation, section
> > Host
> > Name and DNS Configuration [1]. It contains a big warning:
> > Note that the primary DNS domain and Kerberos realm cannot be
> changed
> > after the installation.
> >
> > Hope this clarifies,
> > flo
> >
> > [1]
> >
>
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
> >
> > > Cheers
> > >
> > >
> > > --
> > > /Alfredo/
> > >
> > >
> > >
> > > _______________________________________________
> > > FreeIPA-users mailing list --
> > freeipa-users(a)lists.fedorahosted.org
> > <mailto:freeipa-users@lists.fedorahosted.org>
> > > To unsubscribe send an email to
> > freeipa-users-leave(a)lists.fedorahosted.org
> > <mailto:freeipa-users-leave@lists.fedorahosted.org>
> > > Fedora Code of Conduct:
>
https://getfedora.org/code-of-conduct.html
> > > List Guidelines:
> >
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > List Archives:
> >
>
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...
> > >
> >
> >
> >
> > --
> > /Alfredo/
> >
> >
> >
> > _______________________________________________
> > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> > To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
> > Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
>
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...
> >
>
>
--
*Alfredo*