[Freeipa-users] FreeIPA4.2: Recovering from an IPA master server failure

Martin Basti mbasti at redhat.com
Thu Jun 2 06:51:41 UTC 2016 

Hello, comments inline


On 01.06.2016 20:34, Michael Rainey (Contractor) wrote:
>
> My apologies for the duplicate thread, but from my vantage point I did 
> not see any signs of my message making it to the mailing list.  My 
> original message was not posted back to me, nor was your reply posted 
> to me.
>
Ok, no problem

> Now back to your reply.  I did try the command you suggested and it 
> does appear to have removed the last remnants of my first server.  Are 
> there any additional steps I should perform to verify things are as 
> they once were?
>
You can try ipa-replica-manage list, ipa-csreplica-manage list, 
list-ruv, and ipa-replica-manage list -v <hostname>
to see if there are some leftovers

Martin
>
> I did notice some of the systems on the network will not carry my 
> kerberos credentials over to another machine when using SSH. The 
> working systems log me in with no problems when using ssh <hostname>.  
> While other systems will prompt me for a password.  Has anyone had 
> similar problems and what did they do to fix the problem?
>
> *Michael Rainey*
>
> On 05/31/2016 11:10 PM, Martin Basti wrote:
>>
>>
>>
>> On 31.05.2016 17:36, Michael Rainey (Contractor) wrote:
>>>
>>> Greetings community,
>>>
>>> I've run into an interesting problem which may be old hat to all of 
>>> you.  I was working to bring down my IPA master server and did it 
>>> improperly.  It was a rookie mistake, but I'm willing to view it as 
>>> an exercise in recovering from a massive system failure.
>>>
>>> The original master server is gone with no way of recovering and I 
>>> have managed to replace the server by promoting one of my replicas, 
>>> but I find myself in a situation where I cannot remove the original 
>>> master server from the LDAP directory.  It is still seen as a master 
>>> server and the webUI will not let me delete the system from 
>>> directory server.  Is there a process somewhere that will walk me 
>>> through demoting the old server so I can delete it from the 
>>> directory and officially promote its replacement?
>>>
>>> For reference, I followed the steps located at this link.
>>>
>>> Centos 7.2 / freeIPA 4.2
>>>
>>> Your help is greatly appreciated.
>>>
>>> -- 
>>> *Michael Rainey*
>>>
>>>
>>
>> Hello,
>>
>> can you next time please continue with just one thread please?
>>
>> You haven't replied if this works for you 
>> https://www.redhat.com/archives/freeipa-users/2016-May/msg00521.html
>>
>> regards,
>> Martin
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160602/83b5b42d/attachment.htm>

More information about the Freeipa-users mailing list