Thanks Rob. I ll give a try.
CHeers
On Thu, Aug 16, 2018 at 2:31 PM Rob Crittenden <rcritten(a)redhat.com> wrote:
Alfredo De Luca via FreeIPA-users wrote:
> Hi Florence.
> But the example says ldap://*migrated*.freeipa.server.test
>
> so I ran the command from the actual server where I want migrate the
> users from and pointing to the migrated (so the new which I will migrate
> to) server...
> So is it wrong?
> So should I run the command instead fron the new ipa server pointing to
> the old server?
The old server. You have been trying to migrate the server to itself.
rob
>
>
>
> On Thu, Aug 16, 2018 at 1:02 PM Florence Blanc-Renaud <flo(a)redhat.com
> <mailto:flo@redhat.com>> wrote:
>
> On 08/16/2018 12:37 PM, Alfredo De Luca via FreeIPA-users wrote:
> > The IP is the new server where I'd like to migrate all the
> user/groups
> > to and it should be ok.
> > The migrate-ds is the default I copy from the
freeipa.org
> <
http://freeipa.org>
> > <
http://freeipa.org> migration section..
> >
> Hi,
>
> the ldap URI should point to the server where the users are currently
> defined (=the FROM server).
>
> Hope this clarifies,
> flo
> >
> >
> >
> > On Tue, Aug 14, 2018 at 7:00 PM Rob Crittenden
> <rcritten(a)redhat.com <mailto:rcritten@redhat.com>
> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>
wrote:
> >
> > Alfredo De Luca via FreeIPA-users wrote:
> > > Hi Rob.
> > > Yes. I am following the link you sent. So now I can
understand
> > they need
> > > to create the new Kerberos but given the command I should
have
> > seen all
> > > the users in the new freeipa server... which are not there.
> > > Maybe I put a wrong command? (below)
> > >
> > > ipa migrate-ds --bind-dn="cn=Directory Manager"
> > > --user-container=cn=users,cn=accounts --group-overwrite-gid
> > > --group-container=cn=groups,cn=accounts
> > --group-objectclass=posixgroup
> > >
> >
>
--user-ignore-attribute={krbPrincipalName,krbextradata,krblastfailedauth,krblastpwdchange,krblastsuccessfulauth,krbloginfailedcount,krbpasswordexpiration,krbticketflags,krbpwdpolicyreference,mepManagedEntry}
> > > --user-ignore-objectclass=mepOriginEntry --with-compat
> > > ldap://192.168.20.177:389 <
http://192.168.20.177:389>
> <
http://192.168.20.177:389>
> > <
http://192.168.20.177:389>
> > >
> > > Password:
> > > -----------
> > > migrate-ds:
> > > -----------
> > > Migrated:
> > > group: admins, editors
> > > Failed user:
> > > admin: This entry already exists
> > > Failed group:
> > > ----------
> > > Passwords have been migrated in pre-hashed format.
> > > IPA is unable to generate Kerberos keys unless provided
> > > with clear text passwords. All migrated users need to
> > > login at
https://your.domain/ipa/migration/ before they
> > > can use their Kerberos accounts.
> >
> > It isn't finding any of your users. Are you sure that IP
> address points
> > to your existing IPA instance?
> >
> > rob
> >
> >
> >
> > --
> > /Alfredo/
> >
> >
> >
> > _______________________________________________
> > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
> > To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
> <mailto:freeipa-users-leave@lists.fedorahosted.org>
> > Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> > List Guidelines:
>
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
>
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...
> >
>
>
>
> --
> /Alfredo/
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...
>