[Freeipa-users] Migrating to FreeIPA from an existing Heimdal Kerberos and 389-ds deployment
Andreas Ladanyi
andreas.ladanyi at kit.edu
Fri Jul 15 10:08:52 UTC 2016
Hi,
> Hi all,
>
> I'm part of the CMU Computer Club and our Kerberos/LDAP deployment has
> been a pain point for quite some time. I've heard that FreeIPA might
> be a solution worth exploring.
>
> I would like to try to avoid user visible disruption if possible,
> however. This means that we would like to keep our Kerberos realm
> name, keep AFS cross-realm authentication working, etc. UIDs
> remaining the same would be good; I'd have to think about
We dont use cross realm. We created a new realm with new name. We used
ipa migrade-ds to migrate users/groups with uids.
Because we couldnt migrate the user passwords from old to new realm, we
reset the users password in the new IPA realm and let the users input a
new password once.
>
> Essentially all of our clients are various flavors of Debian; mostly
> Jessie (we have an unfortunate number of older machines that I hope to
> upgrade soon).
>
> Has anyone done something like this before? Anyone have any ideas
> what the migration path would look like or whether this is even
> possible?
I have the same situation. We have an old MIT Kerberos / OpenLDAP system
which we have to migrate. We use FreeIPA 4.2 on Fedora 23 and the
current OpenAFS release and simply said: it works. Our first milestone
was to migrate webplattforms and all behind them (apache with kerberos
auth and data in AFS) first and after them with more experience with the
afs / freeipa combination we want to migrate the user homes and client
desktops.
>
> Thanks,
>
> Grant Wu
> grantwu at andrew.cmu.edu <mailto:grantwu at andrew.cmu.edu>
regards,
Andreas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160715/0acb5bf6/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5326 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160715/0acb5bf6/attachment.p7s>
More information about the Freeipa-users
mailing list