Hello, I have an existing environment with three Idm servers running RHEL 8.10 running 4.9.13-10 ipa-server version with FIPS disabled.
I’ve been asked to enable FIPS. I’ve done enough googling to know you can’t just flip a switch and all is well, and you must start from scratch. I must keep the existing domain name the same between the old and new idm servers. I was thinking that I could stand up a new idm server with FIPS enabled using the same domainname. Manually add in all the important things like users, groups, HBAC, etc etc. Then slowly migrate hosts from the old (uninstall/de-join) to the new (install). I believe there is an issue where it checks for an authoritative DNS server for domain during initial install, so I’d have to install without being a DNS master. Can that be added later once the old server are no longer needed? Does this plan make sense? Is this possible? Is there a better way?? Thanks! David
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
