On 04/08/2015 07:12 AM, Прохоров Сергей wrote:
Hello, I have self-signed freeipa replica. The problem is that I lose
my freeipa primary server after hdd error.
Now I need to create new replication server but I can't without
primary server. I read this documentation and a lot of community
correspondence but don't find my issue:
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html
http://www.freeipa.org/page/Howto/Promoting_a_self-signed_FreeIPA_CA
How can I resolve it or migrate my kerberos/ldap schema to the new
primary server?
I'm using ipa-server-3.0.0-42.el6.x86_64 from base oracle linux 6.5
repository.
By self-signed you mean you had a self signed CA as a part of the first
IPA server, right?
Did you install replica with the CA component or not?
If you lost your first server that had CA and have replica that does not
have CA you are not in a best situation.
There are several options that you can explore. But before we dive into
that please answer following questions.
1. Is the situation described correctly?
2. Do you take advantage of the cert capabilities of IPA?
3. Did you make any backups of the first server?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project