Hello Rob, doing it this way indeed works. Thanks for helping me out.
Greetings, J. 2017-04-11 16:54 GMT+02:00 Rob Crittenden <rcrit...@redhat.com>: > Johan Vermeulen wrote: > > Rob, > > > > thanks for helping me out. > > I support some 80 laptop users at the moment, all running Centos7. > > The users are now in ldap, the laptops ( hosts) are not. I'm testing the > > ability to add the laptops as hosts. > > > > Under "identity - hosts", when selecting a host, I go to "actions". The > > only way I see to disable ( block) a host, what I would do when > > a laptop is stolen for instance, is unprovision. > > I then tried to re-provision it, I see no "provision" option. I tried to > > "rebuild auto membership" and " new certificate" but that doesn't seem > > to work. > > I hope I'm making sense. > > In the case of a lost or stolen laptop then disabling the host seems > like a good mechanism. It will revoke and certificates issued for the > host and invalidate its keytab. > > Provisioning happens when ipa-client-install is run on the host . > There is no facility for remote provisioning. > > rob > >  technically a host is provisioned when it has a keytab but this > doesn't configure that host to actually use it and you potentially need > to safely transfer this keytab to the host. >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project