[Freeipa-users] Centos7/IPA4.2 : disable/enable hosts
Johan Vermeulen
jameslast29 at gmail.com
Wed Apr 12 12:26:48 UTC 2017
Hello Rob,
doing it this way indeed works.
Thanks for helping me out.
Greetings, J.
2017-04-11 16:54 GMT+02:00 Rob Crittenden <rcritten at redhat.com>:
> Johan Vermeulen wrote:
> > Rob,
> >
> > thanks for helping me out.
> > I support some 80 laptop users at the moment, all running Centos7.
> > The users are now in ldap, the laptops ( hosts) are not. I'm testing the
> > ability to add the laptops as hosts.
> >
> > Under "identity - hosts", when selecting a host, I go to "actions". The
> > only way I see to disable ( block) a host, what I would do when
> > a laptop is stolen for instance, is unprovision.
> > I then tried to re-provision it, I see no "provision" option. I tried to
> > "rebuild auto membership" and " new certificate" but that doesn't seem
> > to work.
> > I hope I'm making sense.
>
> In the case of a lost or stolen laptop then disabling the host seems
> like a good mechanism. It will revoke and certificates issued for the
> host and invalidate its keytab.
>
> Provisioning happens when ipa-client-install is run on the host [1].
> There is no facility for remote provisioning.
>
> rob
>
> [1] technically a host is provisioned when it has a keytab but this
> doesn't configure that host to actually use it and you potentially need
> to safely transfer this keytab to the host.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170412/c8bb24e4/attachment.htm>
More information about the Freeipa-users
mailing list