Re: [Freeipa-users] FreeIPA4.2: Recovering from an IPA master server failure
Hello, comments inline On 01.06.2016 20:34, Michael Rainey (Contractor) wrote: My apologies for the duplicate thread, but from my vantage point I did not see any signs of my message making it to the mailing list. My original message was not posted back to me, nor was your reply posted to me. Ok, no problem Now back to your reply. I did try the command you suggested and it does appear to have removed the last remnants of my first server. Are there any additional steps I should perform to verify things are as they once were? You can try ipa-replica-manage list, ipa-csreplica-manage list, list-ruv, and ipa-replica-manage list -v to see if there are some leftovers Martin I did notice some of the systems on the network will not carry my kerberos credentials over to another machine when using SSH. The working systems log me in with no problems when using ssh . While other systems will prompt me for a password. Has anyone had similar problems and what did they do to fix the problem? *Michael Rainey* On 05/31/2016 11:10 PM, Martin Basti wrote: On 31.05.2016 17:36, Michael Rainey (Contractor) wrote: Greetings community, I've run into an interesting problem which may be old hat to all of you. I was working to bring down my IPA master server and did it improperly. It was a rookie mistake, but I'm willing to view it as an exercise in recovering from a massive system failure. The original master server is gone with no way of recovering and I have managed to replace the server by promoting one of my replicas, but I find myself in a situation where I cannot remove the original master server from the LDAP directory. It is still seen as a master server and the webUI will not let me delete the system from directory server. Is there a process somewhere that will walk me through demoting the old server so I can delete it from the directory and officially promote its replacement? For reference, I followed the steps located at this link. Centos 7.2 / freeIPA 4.2 Your help is greatly appreciated. -- *Michael Rainey* Hello, can you next time please continue with just one thread please? You haven't replied if this works for you https://www.redhat.com/archives/freeipa-users/2016-May/msg00521.html regards, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA4.2: Recovering from an IPA master server failure
My apologies for the duplicate thread, but from my vantage point I did not see any signs of my message making it to the mailing list. My original message was not posted back to me, nor was your reply posted to me. Now back to your reply. I did try the command you suggested and it does appear to have removed the last remnants of my first server. Are there any additional steps I should perform to verify things are as they once were? I did notice some of the systems on the network will not carry my kerberos credentials over to another machine when using SSH. The working systems log me in with no problems when using ssh . While other systems will prompt me for a password. Has anyone had similar problems and what did they do to fix the problem? *Michael Rainey* On 05/31/2016 11:10 PM, Martin Basti wrote: On 31.05.2016 17:36, Michael Rainey (Contractor) wrote: Greetings community, I've run into an interesting problem which may be old hat to all of you. I was working to bring down my IPA master server and did it improperly. It was a rookie mistake, but I'm willing to view it as an exercise in recovering from a massive system failure. The original master server is gone with no way of recovering and I have managed to replace the server by promoting one of my replicas, but I find myself in a situation where I cannot remove the original master server from the LDAP directory. It is still seen as a master server and the webUI will not let me delete the system from directory server. Is there a process somewhere that will walk me through demoting the old server so I can delete it from the directory and officially promote its replacement? For reference, I followed the steps located at this link. Centos 7.2 / freeIPA 4.2 Your help is greatly appreciated. -- *Michael Rainey* Hello, can you next time please continue with just one thread please? You haven't replied if this works for you https://www.redhat.com/archives/freeipa-users/2016-May/msg00521.html regards, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA4.2: Recovering from an IPA master server failure
On 31.05.2016 17:36, Michael Rainey (Contractor) wrote: Greetings community, I've run into an interesting problem which may be old hat to all of you. I was working to bring down my IPA master server and did it improperly. It was a rookie mistake, but I'm willing to view it as an exercise in recovering from a massive system failure. The original master server is gone with no way of recovering and I have managed to replace the server by promoting one of my replicas, but I find myself in a situation where I cannot remove the original master server from the LDAP directory. It is still seen as a master server and the webUI will not let me delete the system from directory server. Is there a process somewhere that will walk me through demoting the old server so I can delete it from the directory and officially promote its replacement? For reference, I followed the steps located at this link. Centos 7.2 / freeIPA 4.2 Your help is greatly appreciated. -- *Michael Rainey* Hello, can you next time please continue with just one thread please? You haven't replied if this works for you https://www.redhat.com/archives/freeipa-users/2016-May/msg00521.html regards, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] FreeIPA4.2: Recovering from an IPA master server failure
Greetings community, I've run into an interesting problem which may be old hat to all of you. I was working to bring down my IPA master server and did it improperly. It was a rookie mistake, but I'm willing to view it as an exercise in recovering from a massive system failure. The original master server is gone with no way of recovering and I have managed to replace the server by promoting one of my replicas, but I find myself in a situation where I cannot remove the original master server from the LDAP directory. It is still seen as a master server and the webUI will not let me delete the system from directory server. Is there a process somewhere that will walk me through demoting the old server so I can delete it from the directory and officially promote its replacement? For reference, I followed the steps located at this link. Centos 7.2 / freeIPA 4.2 Your help is greatly appreciated. -- *Michael Rainey* -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
