<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 08/28/2013 10:16 AM, Bret Wortman wrote:
<blockquote
cite="mid:CACWq_ZmjuNKBKNvTzBxRHed3UKr4K3JmXbP6nkM54FwC-pfF+w@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr">Ugh. Well that certainly hurts, but I just
don't see an alternative. I hope Puppet can at least make
the re-enrollment a bit easier.
<div><br>
</div>
<div>I'm still hand-copying some of the configuration and
user group details and crafting the load scripts so if
anyone has a bright idea in the next few hours, I'd love
to hear it!</div>
</div>
<div class="gmail_extra">
<div class="im"><br clear="all">
<div>
<div dir="ltr">
<div><br>
</div>
<div><u><br>
</u></div>
<div><b>Bret Wortman</b></div>
<div><img moz-do-not-send="true"
src="http://damascusgrp.com/item/51f7de33e4b08d2bdb8b4860?format=1500w"
height="53" width="200"><br>
</div>
<div><a moz-do-not-send="true"
href="http://damascusgrp.com/" target="_blank">http://damascusgrp.com/</a><br>
</div>
<div><a moz-do-not-send="true"
href="http://about.me/wortmanbret" target="_blank">http://about.me/wortmanbret</a><br>
</div>
</div>
</div>
<br>
<br>
</div>
<div>
<div class="h5">
<div class="gmail_quote">On Wed, Aug 28, 2013 at 9:56
AM, Rob Crittenden <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204,
204); padding-left: 1ex;">
<div>Bret Wortman wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0
0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
Today, I'm going to wipe my master, install f18
from scratch, then<br>
install the freeipa-server RPMs again and
manually load all our hosts,<br>
dns entries, and users from scratch (I'm
building scripts to do this for<br>
me using the command line tools). We'll then do
the same for each<br>
replica so that our system will basically be
starting clean again.<br>
<br>
Are there any files that I really ought to back
up and restore as part<br>
of this effort, like certificates, that might
make it easier for clients<br>
to deal with us after the master comes back on
line? Or am I safe to<br>
just nuke the box and start clean?<br>
</blockquote>
<br>
</div>
You'll end up with a new CA so you'll need to
re-enroll any client machines. Browsers will see the
most grief as there will be a different CA with the
same subject.<br>
<br>
Depending on how you are migrating your users they
will all likely need to reset their passwords, or go
through the migration step.<span><font
color="#888888"><br>
</font></span></blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
And migration step means you carry forward user data as if you
migrated from an LDAP server. In this case you can complete
migration using either a migration web page or just using SSSD. If
the migration is enabled and you migrated LDAP password attributes
from the older IPA then SSSD and/or migration page would be able to
capture user password and create kerberos hashes completing the
migration. This at least would not require people to change the
passwords.<br>
<br>
<blockquote
cite="mid:CACWq_ZmjuNKBKNvTzBxRHed3UKr4K3JmXbP6nkM54FwC-pfF+w@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_quote">
<div class="gmail_extra">
<div>
<div class="h5">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><span><font
color="#888888">
<br>
rob<br>
</font></span></blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>