[Freeipa-users] Migration from FreeIPA 1.2.1 to 2

Dmitri Pal dpal at redhat.com
Tue May 31 22:26:02 UTC 2011 

On 05/31/2011 06:02 PM, Dan Scott wrote:
> Hi,
>
> Thanks for all the replies.
>
> On Wed, May 25, 2011 at 18:13, Rob Crittenden <rcritten at redhat.com> wrote:
>>> I have a FreeIPA 1.2.1 system (1 master and 1 replica server) running
>>> on Fedora 14. I'd like to migrate to FreeIPA 2, now that Fedora 15 has
>>> been released. But I have a few questions:
>>>
>>> 1. Can Fedora 15 clients authenticate against my FreeIPA 1 servers?
>> Yes but you would have to configure it yourself. sssd would work nicely with
>> an ldap/krb5 configuration.
> I've set up a Fedora 15 VM and have successfully configured it to
> authenticate against my FreeIPA 1 servers, so this is good. One small
> problem was that I couldn't get passwordless ssh logins *to* the F15
> system working. I created and installed a host keytab, same as for all
> the other systems, but no luck. I was able to ssh *from* the F15
> system without a password however. Any ideas?
>
>>> 3. Can I migrate the servers from FreeIPA 1 to 2 (presumably requiring
>>> an upgrade from Fedora 14 to 15 along the way).
>> You cannot do a straight upgrade, too much changed between the two versions.
>> You should be able to migrate the users and groups using the v2 migration
>> system. This will maintain your user passwords at least. You would need to
>> generate new principals and keytabs for your kerberized services.
> I've setup a Fedora 15 VM and installed the FreeIPA server. I ran the
> ipa migrate-ds command provided in the documentation. All of the user
> groups were migrated successfully, but none of the users were migrated
> due to 'unknown object class "radiusprofile"' errors.
>
> I've seen this post here:
>
> https://www.redhat.com/archives/freeipa-users/2011-May/msg00282.html
>
> but I wanted to add that I don't use any of the radius functionality
> and my FreeIPA v1 installation is pretty standard, so other users
> might run into this. I didn't find a bug report, but can file one if
> needed?
>

Yes please: https://fedorahosted.org/freeipa/

> Thanks,
>
> Dan
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list