[Freeipa-users] sssd client cache timer and merging IPA domains
Rob Crittenden
rcritten at redhat.com
Fri Aug 17 12:38:50 UTC 2012
Lucas Yamanishi wrote:
>
> On 08/16/2012 05:39 PM, Rob Crittenden wrote:
>> Lucas Yamanishi wrote:
>>>
>>> On 08/16/2012 05:32 PM, Rob Crittenden wrote:
>>>> Lucas Yamanishi wrote:
>>>>> I just migrated my IPA instance from one to another a couple days
>>>>> ago to
>>>>> recover after a lost CA and failed yum upgrade. The "ipa migrate-ds"
>>>>> tool works very well, though I am having a few very minor issues. On
>>>>> the upside, as far as I can tell, you can skip the steps about Kerberos
>>>>> key generation as outlined in the documentation. I've been able to
>>>>> kinit just fine with my migrated users.
>>>>>
>>>>>
>>>>> Below are the few errors I've noticed.
>>>>>
>>>>> * When I ssh into an enrolled host using a migrated user's
>>>>> credentials I
>>>>> get this error:
>>>>>
>>>>> id: cannot find name for group ID 104600003\
>>>>
>>>> Does a group exist with that GID? You can try something like:
>>>>
>>>> $ ipa group-find --gid=104600003
>>>>
>>>
>>> The group doesn't exist. The GID is the counterpart to my UID.
>>
>> Try adding --private.
>>
>> rob
>>
>
> Nope. It doesn't exist.
>
> Other groups migrated. Why would the private groups fail?
I don't know, what have you done to date, including versions?
rob
More information about the Freeipa-users
mailing list