Hi, you can do (on another server) $ ipa server-del --force server.example.com This should clean up all references to server.example.com
(on server.example.com) $ ipa-client-install --uninstall -U $ kdestroy -A $ ipa-client-install ... $ kinit admin $ ipa-replica-install ... HTH, flo On Fri, Jan 28, 2022 at 2:56 PM Brian J. Murrell via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > On Tue, 2022-01-25 at 16:45 +0200, Alexander Bokovoy wrote: > > > > On another server, use the ipa server-del command to delete > > server.example.com from the topology: > > Indeed, I missed this part. :-( I suppose this cannot be done now that > the machine has been redployed as a client correct? > > # ipa host-show server.example.com > Host name: server.example.com > Platform: x86_64 > Operating system: 4.18.0-305.25.1.el8_4.x86_64 > Principal name: host/server.example....@example.com > Principal alias: host/server.example....@example.com > SSH public key fingerprint: [redacted] > Password: False > Member of host-groups: ipaservers > Member of HBAC rule: all_allow_mail_services > Keytab: True > Managed by: server.example.com > # ipa server-show server.example.com > ipa: ERROR: server.example.com: server not found > # ipa server-find > -------------------- > 1 IPA server matched > -------------------- > Server name: server-staging.example.com > Min domain level: 1 > Max domain level: 1 > ---------------------------- > Number of entries returned 1 > ---------------------------- > > Could I attempt to add as a replica again, have it fail and then would > I be able to do the "ipa server-del"? > > > Does using a raw LDAP delete help? > > > > ldapdelete -D cn=directory\ manager -W > > krbprincipalname=ldap/server.example....@example.com,cn=services,cn=a > > ccounts,dc=example,dc=com > > I have not tried yet, pending the answer to the above questions. I > don't want to much around too much under the hood before I have to. > > > If not, you might need to temporarily fix the LDAP entry schema > > consistency before deleting the object. It means you'd need to add > > krbPrincipalName attribute back. > > I have no idea how to do that. I have not mucked around with LDAP > directly. > > Cheers, > b. > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
