[Freeipa-users] sssd client cache timer and merging IPA domains
Rob Crittenden
rcritten at redhat.com
Mon Aug 20 12:44:32 UTC 2012
Lucas Yamanishi wrote:
>
> On 08/17/2012 08:38 AM, Rob Crittenden wrote:
>> Lucas Yamanishi wrote:
>>>
>>> On 08/16/2012 05:39 PM, Rob Crittenden wrote:
>>>> Lucas Yamanishi wrote:
>>>>>
>>>>> On 08/16/2012 05:32 PM, Rob Crittenden wrote:
>>>>>> Lucas Yamanishi wrote:
>>>>>>> I just migrated my IPA instance from one to another a couple days
>>>>>>> ago to
>>>>>>> recover after a lost CA and failed yum upgrade. The "ipa migrate-ds"
>>>>>>> tool works very well, though I am having a few very minor issues. On
>>>>>>> the upside, as far as I can tell, you can skip the steps about
>>>>>>> Kerberos
>>>>>>> key generation as outlined in the documentation. I've been able to
>>>>>>> kinit just fine with my migrated users.
>>>>>>>
>>>>>>>
>>>>>>> Below are the few errors I've noticed.
>>>>>>>
>>>>>>> * When I ssh into an enrolled host using a migrated user's
>>>>>>> credentials I
>>>>>>> get this error:
>>>>>>>
>>>>>>> id: cannot find name for group ID 104600003\
>>>>>>
>>>>>> Does a group exist with that GID? You can try something like:
>>>>>>
>>>>>> $ ipa group-find --gid=104600003
>>>>>>
>>>>>
>>>>> The group doesn't exist. The GID is the counterpart to my UID.
>>>>
>>>> Try adding --private.
>>>>
>>>> rob
>>>>
>>>
>>> Nope. It doesn't exist.
>>>
>>> Other groups migrated. Why would the private groups fail?
>>
>> I don't know, what have you done to date, including versions?
>>
>> rob
> I've been following the stable Scientific Linux releases since 6.1.
> Based on repo archives, I guess that would be 2.0.0-23.el6.x86_64. The
> version was at 2.2.0-16.el6.x86_64 when I migrated, which I had just
> upgraded from 2.1.3-9.el6.x86_64. I migrated to and use now
> 2.2.0-16.el6.x86_64.
>
> So...
> 2.0.0-23.el6.x86_64 -> 2.1.3-9.el6.x86_64 -> 2.2.0-16.el6.x86_64 ---->
> 2.2.0-16.el6.x86_64
>
>
Can you verify that managed entries are configured:
# ipa-managed-entries -l
It should return:
UPG Definition
NGP Definition
This enables user-private groups and netgroup-private groups.
rob
More information about the Freeipa-users
mailing list