On 08/28/2013 10:16 AM, Bret Wortman wrote: > Ugh. Well that certainly hurts, but I just don't see an alternative. I > hope Puppet can at least make the re-enrollment a bit easier. > > I'm still hand-copying some of the configuration and user group > details and crafting the load scripts so if anyone has a bright idea > in the next few hours, I'd love to hear it! > > > _ > _ > *Bret Wortman* > > http://damascusgrp.com/ > http://about.me/wortmanbret > > > On Wed, Aug 28, 2013 at 9:56 AM, Rob Crittenden <rcrit...@redhat.com > <mailto:rcrit...@redhat.com>> wrote: > > Bret Wortman wrote: > > Today, I'm going to wipe my master, install f18 from scratch, then > install the freeipa-server RPMs again and manually load all > our hosts, > dns entries, and users from scratch (I'm building scripts to > do this for > me using the command line tools). We'll then do the same for each > replica so that our system will basically be starting clean again. > > Are there any files that I really ought to back up and restore > as part > of this effort, like certificates, that might make it easier > for clients > to deal with us after the master comes back on line? Or am I > safe to > just nuke the box and start clean? > > > You'll end up with a new CA so you'll need to re-enroll any client > machines. Browsers will see the most grief as there will be a > different CA with the same subject. > > Depending on how you are migrating your users they will all likely > need to reset their passwords, or go through the migration step. >
And migration step means you carry forward user data as if you migrated from an LDAP server. In this case you can complete migration using either a migration web page or just using SSSD. If the migration is enabled and you migrated LDAP password attributes from the older IPA then SSSD and/or migration page would be able to capture user password and create kerberos hashes completing the migration. This at least would not require people to change the passwords. > > rob > > > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users