[Freeipa-users] sssd client cache timer and merging IPA domains

Rob Crittenden rcritten at redhat.com
Thu Aug 16 21:32:59 UTC 2012 

Lucas Yamanishi wrote:
> I just migrated my IPA instance from one to another a couple days ago to
> recover after a lost CA and failed yum upgrade.  The "ipa migrate-ds"
> tool works very well, though I am having a few very minor issues.  On
> the upside, as far as I can tell, you can skip the steps about Kerberos
> key generation as outlined in the documentation.  I've been able to
> kinit just fine with my migrated users.
>
>
> Below are the few errors I've noticed.
>
> * When I ssh into an enrolled host using a migrated user's credentials I
> get this error:
>
>    id: cannot find name for group ID 104600003\

Does a group exist with that GID? You can try something like:

$ ipa group-find --gid=104600003

>
> * I see this error in my dirsrv-EXAMPLE/errors log after changing a
> password:
>
>    [15/Aug/2012:12:38:24 -0400] ipapwd_setPasswordHistory - [file
> ipapwd_common.c, line 926]: failed to generate new password history!

It is a red herring. The default is to have no password history, so we 
don't generate any, then we complain that none was made! I actually have 
a fix in my tree I plan to propose soon.

rob

>
>
> -----
> *question everything*learn something*answer nothing*
> ------------
> Lucas Yamanishi
> ------------------
> Systems Administrator, ADNET Systems, Inc.
> NASA Space and Earth Science Data Analysis (606.9)
> 7515 Mission Drive, Suite A100
> Lanham, MD 20706 * 301-352-4646 * 0xE23F3D7A
>
> On 08/16/2012 05:00 PM, Steven Jones wrote:
>> Hi,
>>
>> What is the default length of time the sssd daemon on a client caches for once IPA is off line pls?
>>
>> Is there any practical way to take the user info from one ipa instance/domain and import it into another?  I know the client machines will have to have ipa un-installed and resetting users passwords are not biggees I'd just not rather have to input all the groups and hbac rules by hand.
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>

More information about the Freeipa-users mailing list