On 8/7/20 12:49 PM, Bo Lind via FreeIPA-users wrote:
We have a workflow where we sometimes reinstall enrolled hosts. The role of the
host does not change, IP, hostname etc. stay unchanged.
Our current workflow is to enter the GUI, select unprovision, set a one time
password, and then enroll the freshly installed host.
Hi,
- unprovision is the equivalent of "ipa host-disable <hostname>".
- in order to set a one-time password, use "ipa host-mod
--password=<value> <hostname>", or to generate a random value "ipa
host-mod --random <hostname>".
The re-enrolling methods are described in [1] Re-enrolling a client into
the IdM domain. You can either use --force-join or re-use the host keytab.
The drawback of using "ipa host-disable" is that it also disables all
the services configured on the host.
HTH,
flo
[1]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/client-re-enrolling
Do command line tools exist that can handle these two steps?
Alternatively, is there a better way to achieve what we want?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
