[LON-CAPA-admin] System upgrade: moving users over?

Stuart Raeburn raeburn at msu.edu
Thu May 14 18:37:50 EDT 2009


When switching between SuSE and Fedora/CentOS distros, because of the  
different encryption algorithms you would need to create the user and  
group accounts (with the same uids and gids as they had on the  
original system) from the command line.  That said this only applies  
to filesystem authenticated users, of which there should only be a  
few.  Although filesystem authentication (or "UNIX" auth) is still  
supported in LON-CAPA, in more recent releases it is not available via  
the web GUI as an option to assign to new users or an authentication  
type to which existing users can be changed.  As Stefan pointed out,  
the one filesystem authenticated user you would typically have in a  
recently created LON-CAPA domain is a Domain Coordinator (if created  
using the make_domain_coordinator.pl script.

The fact that the user can login indicates that authentication is not  
the issue in this particular case.  It seems it is more likely to be a  
permissions issue (i.e., the www user can not read the contents of the  
user's roles.db file, e.g.,  in  
/home/httpd/lonUsers/tmcc/l/j/e/ljensen) or an architecture change  
(e.g., 32 bit to 64 bit) if you have changed hardware, between the old  
installation and the new.  If this is a 32 bit -> 64 bit issue, as  
described at: http://loncapa.org/hardwareupgrade.html, there is a  
LON-CAPA script which can be used to copy the db files.

The fact that login was possible indicates that the www user was able  
to view the contents of, for example,  
/home/httpd/lonUsers/tmcc/l/j/e/ljensen/passwd which contains  
information about the the authentication type.  Is other information  
(e.g., from the user's environment.db file - full name, etc.,  
displayed on the roles page which reports  "Currently no active roles  
or courses"?

Stuart Raeburn

Quoting Lars Jensen <ljensen at tmcc.edu>:

> Hi Stefan,
> Thanks for the reply. The problem is that I'm going from suse to
> Centos, and apparently it is not possible to just copy over the
> password fils - see comment on the page you referred me to:
> "Transfer /etc/passwd, /etc/shadow, /etc/group, /etc/gshadow from the
> old machine to the new one
> Warning: this does not work if you go from Fedora to SUSE or vice
> versa, since these distributions use different encryption algorithms.
> If you switch distributions, you need to make the file-system-based
> LON-CAPA users from the command line."
> Two years ago, we went from Fedora to Suse, and we managed to transfer
> the users fine. Unfortunately, I don't remember how we transferred the
> users, but I recall a similar problem to the one I'm seeing here.
> Lars.
> Stefan Bisitz wrote:
>> Hi Lars,
>> I guess that the host entries somewhere in the system are not all
>> correctly configured. But before starting to search please have a look
>> at:
>> http://loncapa.org/hardwareupgrade.html
>> Your questions should be answered there. If not, please tell so the site
>> can be updated.
>> By the way, creation of a new domain coordinator is not necessary.
>> Follow the steps carfully and you'll get your whole old system on the
>> new one.
>> Stefan Bisitz
>> On 13.05.2009, 21:14 -0700, Lars Jensen wrote:
>>> Hi everyone,
>>> We're preparing for a system upgrade of our lon-capa system. We're  
>>>  moving from suse to CentOS 5.3. I moved the /home/httpd directory  
>>>  over and I created the domain coordinator. How do I move the  
>>> users  over? When I login as a user, I get a "Currently no active  
>>> roles  or courses" message.
>>> Lars.

More information about the LON-CAPA-admin mailing list