On 04/08/2015 07:12 AM, Прохоров Сергей wrote:
Hello, I have self-signed freeipa replica. The problem is that I lose my freeipa primary server after hdd error. Now I need to create new replication server but I can't without primary server. I read this documentation and a lot of community correspondence but don't find my issue:


How can I resolve it or migrate my kerberos/ldap schema to the new primary server? I'm using ipa-server-3.0.0-42.el6.x86_64 from base oracle linux 6.5 repository.

By self-signed you mean you had a self signed CA as a part of the first IPA server, right?
Did you install replica with the CA component or not?

If you lost your first server that had CA and have replica that does not have CA you are not in a best situation. There are several options that you can explore. But before we dive into that please answer following questions.

1. Is the situation described correctly?
2. Do you take advantage of the cert capabilities of IPA?
3. Did you make any backups of the first server?

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to