Hello Rob,

doing it this way indeed works.
Thanks for helping me out.

Greetings, J.

2017-04-11 16:54 GMT+02:00 Rob Crittenden <rcrit...@redhat.com>:

> Johan Vermeulen wrote:
> > Rob,
> >
> > thanks for helping me out.
> > I support some 80 laptop users at the moment, all running Centos7.
> > The users are now in ldap, the laptops ( hosts) are not. I'm testing the
> > ability to add the laptops as hosts.
> >
> > Under "identity - hosts", when selecting a host, I go to "actions". The
> > only way I see to disable ( block) a host, what I would do when
> > a laptop is stolen for instance, is unprovision.
> > I then tried to re-provision it, I see no "provision" option. I tried to
> > "rebuild auto membership" and " new certificate" but that doesn't seem
> > to work.
> > I hope I'm making sense.
>
> In the case of a lost or stolen laptop then disabling the host seems
> like a good mechanism. It will revoke and certificates issued for the
> host and invalidate its keytab.
>
> Provisioning happens when ipa-client-install is run on the host [1].
> There is no facility for remote provisioning.
>
> rob
>
> [1] technically a host is provisioned when it has a keytab but this
> doesn't configure that host to actually use it and you potentially need
> to safely transfer this keytab to the host.
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to