[Freeipa-users] Gave Up on RHEL6->7 migration, starting over. (ipa migrate-ds)
Benjamin Reed
ranger at opennms.org
Tue Mar 17 16:16:53 UTC 2015
On 3/17/15 12:09 PM, Martin Kosek wrote:
> I would still wished we fixed the original root cause why replication was
> failing for you - as this is the obviously expected way of upgrading to
> RHEL/CentOS 7.1 from RHEL-6 environment and I think/hope it would be less work
> than starting over (depends on how populated is your existing IPA instance).
Yeah, I totally get that, but I've actually been holding up a product
launch trying to get things working, or I'd try to work through it
longer. :(
I'm actually going to just shut down the old server's IPA but not
uninstall it, so if there is any progress made on the issue I've opened
I may be able to try it with a fresh replication target still.
I did run into one snag. Our IPA servers are on the public internet, so
I've disabled anonymous bind. However, it appears that the
/ipa/migration/ tool requires it; at least, I'm getting this error in
httpd/error_log:
> migration context search failed: Insufficient access: Inappropriate
> authentication: Anonymous access is not allowed.
Is there a way to make migration work without anonymous bind? A config
file I can change somewhere to force the migration tool to bind as a user?
--
Benjamin Reed
The OpenNMS Group
http://www.opennms.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150317/0244e837/attachment.sig>
More information about the Freeipa-users
mailing list