[Freeipa-users] sssd client cache timer and merging IPA domains
Lucas Yamanishi
lyamanishi at sesda2.com
Thu Aug 16 21:36:36 UTC 2012
On 08/16/2012 05:32 PM, Rob Crittenden wrote:
> Lucas Yamanishi wrote:
>> I just migrated my IPA instance from one to another a couple days ago to
>> recover after a lost CA and failed yum upgrade. The "ipa migrate-ds"
>> tool works very well, though I am having a few very minor issues. On
>> the upside, as far as I can tell, you can skip the steps about Kerberos
>> key generation as outlined in the documentation. I've been able to
>> kinit just fine with my migrated users.
>>
>>
>> Below are the few errors I've noticed.
>>
>> * When I ssh into an enrolled host using a migrated user's credentials I
>> get this error:
>>
>> id: cannot find name for group ID 104600003\
>
> Does a group exist with that GID? You can try something like:
>
> $ ipa group-find --gid=104600003
>
The group doesn't exist. The GID is the counterpart to my UID.
>>
>> * I see this error in my dirsrv-EXAMPLE/errors log after changing a
>> password:
>>
>> [15/Aug/2012:12:38:24 -0400] ipapwd_setPasswordHistory - [file
>> ipapwd_common.c, line 926]: failed to generate new password history!
>
> It is a red herring. The default is to have no password history, so we
> don't generate any, then we complain that none was made! I actually have
> a fix in my tree I plan to propose soon.
>
> rob
>
>>
>>
>> -----
>> *question everything*learn something*answer nothing*
>> ------------
>> Lucas Yamanishi
>> ------------------
>> Systems Administrator, ADNET Systems, Inc.
>> NASA Space and Earth Science Data Analysis (606.9)
>> 7515 Mission Drive, Suite A100
>> Lanham, MD 20706 * 301-352-4646 * 0xE23F3D7A
>>
>> On 08/16/2012 05:00 PM, Steven Jones wrote:
>>> Hi,
>>>
>>> What is the default length of time the sssd daemon on a client caches
>>> for once IPA is off line pls?
>>>
>>> Is there any practical way to take the user info from one ipa
>>> instance/domain and import it into another? I know the client
>>> machines will have to have ipa un-installed and resetting users
>>> passwords are not biggees I'd just not rather have to input all the
>>> groups and hbac rules by hand.
>>>
>>> regards
>>>
>>> Steven Jones
>>>
>>> Technical Specialist - Linux RHCE
>>>
>>> Victoria University, Wellington, NZ
>>>
>>> 0064 4 463 6272
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
>
--
-----
*question everything*learn something*answer nothing*
------------
Lucas Yamanishi
------------------
Systems Administrator, ADNET Systems, Inc.
7515 Mission Drive, Suite A100
Lanham, MD 20706 * 301-352-4646 * 0xE23F3D7A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120816/0bcb57b8/attachment.sig>
More information about the Freeipa-users
mailing list