11.6 Run Transfer ID

Ensure that you have completed the following:

  • All the services you need to migrate must be configured on the target server.

  • Ensure that all eDirectory processes (such as eDirectory repair) are completed before performing the Transfer ID scenario. The Transfer ID process locks the DIB (eDirectory database) on the source server and no operations can be performed.

  • Back up the eDirectory database. For more information, see Backup eDirectory Database and NICI Keys.

IMPORTANT:Some of the steps for Transfer ID need to be performed manually. The GUI displays messages to ensure that you have completed the manual step. When the manual steps are completed, click OK to proceed to the next step. If you skip the manual steps, errors are encountered in the subsequent steps.

The Transfer ID GUI displays tasks you perform to complete the identity transfer.

  1. eDirectory Precheck: Click Next.

    The eDirectory Precheck step can be executed multiple times to verify the health of the eDirectory tree. Executing this step does not modify the source server and target server.

    On successful completion of this step, the icon adjacent eDirectory Precheck changes to a green check mark.

    1. (Conditional) If the source server is supported version of OES, ensure that you have copied the SSH keys to avoid multiple password prompts on execution of this step.

      1. Enable SSH on the source server and the target server.

      2. Enter the # ssh-keygen -t rsa command on the target server.

      3. When you are prompted to enter the file in which to save the key (/root/.ssh/id_rsa), press Enter.

        The ssh keys are stored in the default location.

      4. When you are prompted to enter the passphrase (empty for no passphrase), press Enter.

        We recommend that you do not include the passphrase.

      5. Copy the key value (the output of the # ssh-keygen -t rsa command) to the source server.

        # scp ~/.ssh/id_rsa.pub root@<source-server>:/root/

        where <source-server> is the IP address or the hostname of the source server.

      6. Log on to source server by using ssh. If the .ssh directory is not available, create the directory, then append the key value to the list of authenticated keys.

        cat id_rsa.pub >> /root/.ssh/authorized_keys

  2. Preparation: Click Next.

    The Preparation step removes eDirectory from the target server. The LUM association with the groups and users is no longer available because the Unix Workstation object is also removed.

    This step fails to execute if the prerequisites are not met.

    Source Server and Target server in Active Directory environment: If the source server and target server are in Active Directory environment, additional Domain Authentication screen is displayed. You must specify the credentials to authenticate to the Active Directory server.

    • Domain Name: Specify the Active Directory domain name that the OES server is joined to.

    • Administrator Name: Specify the user name that can be used for the domain join operation. This user should have the following privileges: rights to reset password, create computer objects, delete computer objects, and read and write the msDs-supportedEncryptionTypes attribute.

    • Password: Specify the password of the user who is used for the domain join operation.

    • Port: Specify the port number for the SSL connection on the Active Directory server. By default, port 636 is used for the SSL connection and port 389 for the non-SSL connection.

    • Use SSL: Select this option to perform Transfer ID by using the SSL connection.

  3. DIB Copy: Click Next.

    The DIB Copy creates a eDirectory DIB (Directory Information Base) copy of the source server on to the target server.

    On completion of this step, the source server's DIB is locked and further operations are not permitted on the source server. The eDirectory database and the NICI files are copied to the target server.

    IMPORTANT:This command fails to execute if the replica ring is not in sync, or the time is not synchronized among all the servers in the replica ring.

    The eDirectory database on the source server is locked. The eDirectory database and the NICI files are copied to the target server.

  4. Shutdown Source: Click Next to manually shut down the source server and disconnect it from the network.

    1. You are prompted to confirm that the source server is shut down. Click OK and proceed with the next step, or click Cancel and shutdown the source server.

  5. DIB Restore: Click Next to restore the eDirectory database that was backed up from the source server in Step 3 on the target server. This includes the NICI keys and the eDirectory related information.

    WARNING:If the backup in Step 3 was not successful, the DIB Restore step fails. A failure at this point might cause the target eDirectory server to be unusable.

  6. IP Change: Click Next to change the IP address of the services and their configuration files on the target server to the source server IP address.

    IMPORTANT:Failure of the script to change the IP address, or terminating the operation manually, might cause the system to hang. For more details, refer to Section 15.0, Troubleshooting Issues.

    If you are executing the Migration GUI by using a remote session, the Transfer ID wizard hangs and fails to proceed. For more information, refer Section 13.0, Running Transfer ID Remotely.

    • System: The target server IP address is overwritten with the source server IP address.

    • Services: The configuration files of the migrated services are assigned with the new IP address of the target server.

    • Others: The IP address change scripts located in the nonplugin folder is executed. Executes the IP address change scripts for the services that are not included in the plug-ins of the Migration Tool GUI. The IP address change scripts are located in the /opt/novell/migration/sbin/serveridswap/scripts/ipchange/nonplugin/ folder. If you need to change the IP address of any additional services, you must add the scripts to the nonplugin folder.

      No e-mail is sent in this step, even if you have selected the settings to receive an e-mail.

  7. Hostname Change: Click Next to change the hostname of the system, services and their configuration files to the source server hostname.

    IMPORTANT:Failure of the script to change the hostname or terminating the operation manually, may cause the system to hang. For more details, refer to Section 15.0, Troubleshooting Issues.

    • System: The target server hostname is overwritten with the source server hostname.

    • Services: The configuration files of the migrated services are assigned with the new hostname of the target server.

    • Others: Executes the hostname change scripts for the services that are not included in the plug-ins of the Migration Tool GUI. The hostname change scripts are located in the /opt/novell/migration/sbin/serveridswap/scripts/hostchange/nonplugin/ folder. If you need to change the hostname of any additional services, you need to add the scripts in the nonplugin folder.

      In this step, the Transfer ID wizard runs the hostname change scripts located in the nonplugin folder.

      NOTE:No e-mail is sent in this step, even if you have selected the settings to receive an e-mail.

  8. Reinitialize Server: Click Next to reinitialize the target server with the IP address and hostname of the source server. eDirectory is also restarted.

  9. Repair: Click Next displays an option to perform either of the following eDirectory repair:

    • Unattended full repair of eDirectory (existing option in earlier OES releases)

    • Local eDirectory database and network repair

    The ndsrepair command is used to perform eDirectory repair. Service-specific repairs only run for services that were migrated using the current project.

    • eDirectory: Checks if eDirectory is up and running on the target server. It also runs a repair on the eDirectory tree.

    • Certificates: Repairs the target server certificate and the trusted root certificate.

    • LUM: The following steps are performed during LUM repair:

      • Creates a Unix Workstation object.

      • Regenerates the certificate for LUM on the target server.

      • Associates LUM groups and users to the target servers’s Unix Workstation object.

      • Refreshes the LUM cache.

    • Services: Repairs the services that are migrated to the target server. If no services are configured for migration, then the Migration Tool skips this step and icon adjacent to Services changes to a green check mark.

    • Others: Executes the repair scripts for the services that are not included in the plug-ins of the Migration Tool GUI. The scripts are located in the /opt/novell/migration/sbin/serveridswap/scripts/repair/nonplugin/ folder. If you need to repair any additional services, you must add the scripts to the nonplugin folder.

      In this step, Transfer ID wizard runs the scripts located in nonplugin folder.

    • CleanUp: Lists all the stale objects available on the temporary server. You can select the stale objects that needs to be deleted from the target server. Click OK to delete the selected objects.

  10. Restart Server: Manually restart your target server for completion of Transfer ID.

    The target server now runs with the source server identity.

    Continue with Section 14.0, Post Transfer ID Migration.