[Freeipa-users] Migrate users with password from one IPA to another
Rene Trippen
rene.trippen at gmail.com
Thu Aug 25 15:24:16 UTC 2016
Hi,
I`ve got an IPA with a broken CA infrastructure (don`t know what happened,
but new clients cannot be registered)
It is even not possible to setup a new replica.
So, I wanted to setup a new IPA Server with new CA, and I want to move all
users with their passwords to the new IPA instance.
I`ve tried with 'ipa migrate-ds'
ipa migrate-ds --continue --bind-dn="cn=Directory Manager"
--user-container=cn=users,cn=accounts
--group-container=cn=groups,cn=accounts --group-objectclass=posixgroup
--group-overwrite-gid --with-compat ldap://<ldapserver>
The output is OK
=======
Passwords have been migrated in pre-hashed format.
IPA is unable to generate Kerberos keys unless provided
with clear text passwords. All migrated users need to
login at https://your.domain/ipa/migration/ before they
can use their Kerberos accounts.
========
But the ipa/migration website is not working for me.
Anyway, is there a way to export the users with passwords? I think I have
to export some kerberos specific stuff from the old IPA?
Best regards,
Rene
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/09804e89/attachment.htm>
More information about the Freeipa-users
mailing list