Sigbjorn Lie via FreeIPA-users wrote: > Hi list, > > After our upgrade from EL7 to EL8, the ipa-backup script is stating a > warning: > > "Warning: Local roles CA, DNS, DNSKeySync do not match globally used > roles ADTRUST, CA, DNS, DNSKeySync. A backup done on this host would not > be complete enough to restore a fully functional, identical cluster. > Proceeding as role check was explicitly disabled." > > We are performing backup on an IPA server configured as a Hidden Master. > Because this is a hidden master it has not been configured to be an > ADTRUST Controller, only an ADTRUST Agent. > > We are currently using the "--disable-role-check" option to force the > backup. > > Is this warning accurate, or is this a bug? > If it is accurate, what data is specific to an ADTRUST Controller that > would be missing from the backup?
AD Trust isn't my strong point but IIRC the controller runs some additional services, Samba for sure and I think some others like CLDAP. So in case of catastrophe and all your servers were lost and you only had a backup from this one, restoring it would not fully restore the trust. I don't think that would be a big problem though because I think you could disconnect and re-establish the trust and be good to go. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
