[Freeipa-users] Centos7/IPA4.2 : disable/enable hosts
Rob Crittenden
rcritten at redhat.com
Tue Apr 11 14:54:16 UTC 2017
Johan Vermeulen wrote:
> Rob,
>
> thanks for helping me out.
> I support some 80 laptop users at the moment, all running Centos7.
> The users are now in ldap, the laptops ( hosts) are not. I'm testing the
> ability to add the laptops as hosts.
>
> Under "identity - hosts", when selecting a host, I go to "actions". The
> only way I see to disable ( block) a host, what I would do when
> a laptop is stolen for instance, is unprovision.
> I then tried to re-provision it, I see no "provision" option. I tried to
> "rebuild auto membership" and " new certificate" but that doesn't seem
> to work.
> I hope I'm making sense.
In the case of a lost or stolen laptop then disabling the host seems
like a good mechanism. It will revoke and certificates issued for the
host and invalidate its keytab.
Provisioning happens when ipa-client-install is run on the host [1].
There is no facility for remote provisioning.
rob
[1] technically a host is provisioned when it has a keytab but this
doesn't configure that host to actually use it and you potentially need
to safely transfer this keytab to the host.
More information about the Freeipa-users
mailing list