[Freeipa-users] Migration from FreeIPA 1.2.1 to 2
Dmitri Pal
dpal at redhat.com
Wed Jun 1 20:17:19 UTC 2011
On 05/31/2011 08:28 PM, Dan Scott wrote:
> Done:
>
> https://fedorahosted.org/freeipa/ticket/1266
Thanks.
We will try to look at it as soon as we can.
> Dan
>
> On Tue, May 31, 2011 at 18:26, Dmitri Pal <dpal at redhat.com> wrote:
>> On 05/31/2011 06:02 PM, Dan Scott wrote:
>>> Hi,
>>>
>>> Thanks for all the replies.
>>>
>>> On Wed, May 25, 2011 at 18:13, Rob Crittenden <rcritten at redhat.com> wrote:
>>>>> I have a FreeIPA 1.2.1 system (1 master and 1 replica server) running
>>>>> on Fedora 14. I'd like to migrate to FreeIPA 2, now that Fedora 15 has
>>>>> been released. But I have a few questions:
>>>>>
>>>>> 1. Can Fedora 15 clients authenticate against my FreeIPA 1 servers?
>>>> Yes but you would have to configure it yourself. sssd would work nicely with
>>>> an ldap/krb5 configuration.
>>> I've set up a Fedora 15 VM and have successfully configured it to
>>> authenticate against my FreeIPA 1 servers, so this is good. One small
>>> problem was that I couldn't get passwordless ssh logins *to* the F15
>>> system working. I created and installed a host keytab, same as for all
>>> the other systems, but no luck. I was able to ssh *from* the F15
>>> system without a password however. Any ideas?
>>>
>>>>> 3. Can I migrate the servers from FreeIPA 1 to 2 (presumably requiring
>>>>> an upgrade from Fedora 14 to 15 along the way).
>>>> You cannot do a straight upgrade, too much changed between the two versions.
>>>> You should be able to migrate the users and groups using the v2 migration
>>>> system. This will maintain your user passwords at least. You would need to
>>>> generate new principals and keytabs for your kerberized services.
>>> I've setup a Fedora 15 VM and installed the FreeIPA server. I ran the
>>> ipa migrate-ds command provided in the documentation. All of the user
>>> groups were migrated successfully, but none of the users were migrated
>>> due to 'unknown object class "radiusprofile"' errors.
>>>
>>> I've seen this post here:
>>>
>>> https://www.redhat.com/archives/freeipa-users/2011-May/msg00282.html
>>>
>>> but I wanted to add that I don't use any of the radius functionality
>>> and my FreeIPA v1 installation is pretty standard, so other users
>>> might run into this. I didn't find a bug report, but can file one if
>>> needed?
>>>
>> Yes please: https://fedorahosted.org/freeipa/
>>
>>> Thanks,
>>>
>>> Dan
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IPA project,
>> Red Hat Inc.
>>
>>
>> -------------------------------
>> Looking to carve out IT costs?
>> www.redhat.com/carveoutcosts/
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list