Hi, I have googled around a bit, but I still have a couple of questions:
1) is it possible to get "getent shadow" to return shadow entries from the ipa server? This is so we can do a DR test on some server or set of servers without also having to restore the IPA server first. I can do a "getent passwd" easily enough, and I could rebuild the shadow file for local users, so it's not critical, but it would be a "nice to have" in the case of a DR. 2) What is everyone else doing to prepare IPA for a DR? I've read that the best way to do it is to turn off the IPA services on a replica and then back that replica up. I also read that this will miss some important files that only exist on the master. I don't want to turn off the master server services for a DR due to failover lag. Would it be safe to take a backup of the master while "hot", then restore a replica, and promote it to master using the "hot" backup of the master (just the specific CA files needed)? Thanks, --Jason _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users