Beginning with OES 2015 or later, you can perform Common Proxy or Service Proxy migration using the Migration GUI tool.
The Transfer ID GUI now supports migration of Common proxy and Service Proxy and there is no need to perform any additional manual steps.
In the eDirectory Precheck step, the source server’s proxy credentials are copied to the target server. In the Repair step, these proxy credentials are used to reconfigure the proxy user on the target server.
Source server and target server are both configured with Common Proxy.
Source server and target server are both configured with Service Proxy
Cross proxy migration (Service proxy to Common proxy or vice versa) or mixed proxy migration (service proxy + common proxy to target or vice versa) is not supported.
Ensure that the source server and target server is updated with the latest patches.
Enable SSH on the source server. For more information, see Enabling SSH.
Before services are migrated to OES 2018 SP3 server, you must identify the services using common proxy and the common proxy credentials on the source server.
On the source server, login as a root user.
Retrieve the common proxy credentials on the source server by executing the following commands:
/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username
Displays common proxy DN.
IMPORTANT:The dot format is not supported by the common proxy scripts. Ensure to use comma format for common proxy users and contexts.
/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred password
Displays common proxy password.
Make a note of the common proxy credentials.
Identify the services using common proxy on the source server by executing the following command:
/opt/novell/proxymgmt/bin/retrieve_proxy_list.sh
This command writes all the OES services and their proxy users to the file /var/opt/novell/log/proxymgmt/pxylist.txt. Using the common proxy credentials that are identified in Step 2, determine the services using common proxy from the pxylist.txt file.
IMPORTANT:Do not delete, modify, or rename the common proxy user from eDirectory.
Migrate all the services that are using common proxy to the target server. On successful migration proceed with the post-migration procedure.
After the services are migrated to OES 2018 SP3 server, you must update OES Credential Store (OCS) on the target server with common proxy credentials and reconfigure the services using common proxy to use the updated credentials.
Update OCS on the target server with common proxy credentials retrieved in Step 2.
On the target server, login as a root user.
Run the following command:
/opt/novell/proxymgmt/bin/cp_update_proxy_cred.sh
You are prompted to enter common proxy user DN and password. Enter details that are retrieved in Step 2. This updates OCS with common proxy credentials.
Verify if common proxy credentials are updated properly by executing the following commands:
/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username
Displays common proxy DN.
/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred password
Displays common proxy password.
Reconfigure the services identified in Step 3 to use updated common proxy credentials.
/opt/novell/proxymgmt/bin/move_to_common_proxy.sh -d <Admin DN> -w <Admin Password> -i <Destination system IP> -p 636 -s <comma separated list of services>
For example:
/opt/novell/proxymgmt/bin/move_to_common_proxy.sh -d cn=admin,o=novell -w novell -i 192.168.1.254 -p 636 -s novell-afp,novell-cifs,novell-dns
AFP service configured with service proxy fails to come up after Transfer ID migration to OES 2018 SP3. This is because the service proxy users are not migrated to OES Credential Store (OCS). To resolve this issue, perform the following:
Login as a root user.
Run yast2 novell-afp and then enter eDirectory user password.
Specify the AFP proxy user password.
Click Next and continue with AFP configuration.
Verify the AFP service is up and running by using the following command:
systemctl status novell-afptcpd.service
Verify the service entry is present in OES Credential Store by using the following command:
oescredstore -l
Enable SSH on the source server and the target server.
Enter the # ssh-keygen -t rsa command on the target server.
When you are prompted to enter the file in which to save the key (/root/.ssh/id_rsa), press Enter.
The ssh keys are stored in the default location.
When you are prompted to enter the passphrase (empty for no passphrase), press Enter.
We recommend that you do not include the passphrase.
Copy the key value (the output of the # ssh-keygen -t rsa command) to the source server.
# scp ~/.ssh/id_rsa.pub root@<source-server>:/root/
where <source-server> is the IP address or the hostname of the source server.
Log in to the source server by using ssh. If the.ssh directory is not available, create the directory, then append the key value to the list of authenticated keys.
cat id_rsa.pub >> /root/.ssh/authorized_keys