Bug 1248405
Summary: | PassSync should be disabled after ipa-winsync-migrate is finished | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Petr Vobornik <pvoborni> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.2 | CC: | ksiddiqu, pvoborni, rcritten, sumenon, tbabej |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.2.0-5.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-19 12:04:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Petr Vobornik
2015-07-30 08:38:12 UTC
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/025303987c93a48ea223c9bc8b70d143efcd9831 https://fedorahosted.org/freeipa/changeset/0f8ff007b4b0b4dfd22ede32f755621f7d325c82 ipa-4-2: https://fedorahosted.org/freeipa/changeset/fc62c135c877fd9b731b3a275b78ba30e29c4e08 https://fedorahosted.org/freeipa/changeset/5a9a8e2b09ada28d4f9a32eb833ffdc30d099fd0 Petr, Below are the obseravtions with respect to the testing done on the bug. Can you please confirm that we are good here to mark this ticket verified if point 4 is expected behaviour. 1. Found that the replication agreement is setup properly between IPA and AD. Winsync migrate command also runs without any error. Attaching the logs for reference. 2. The man page for ipa-winsync-migrate command list the required warning. WARNINGS After the migration, any PassSync agreements need to be removed from Active Directory Domain Controllers, otherwise theymight attempt to update passwords for accounts that no longer exist on the IPA server. 3. ipa-winsync-migrate command when executed displays the warning as well. ipa.ipaserver.install.ipa_winsync_migrate.WinsyncMigrate: WARNING: Migration completed. Please note that if PassSync was configured on the given Active Directory server, it needs to be manually removed, otherwise it may try to reset password for accounts that are no longer existent. 4. PassSync service on the Windows AD is not disabled (i.e the service is in running state) post winsync migration completion, is this expected? Yes, this is expected. We cannot disable the PassSync service on the AD automatically, hence we provide a warning to the admin instead. Thanks Tomas, Marking the bug verified as per above comment. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2362.html |