On ti, 16 huhti 2019, fujisan wrote:
and then re-install each client with --server=new-server.my.domain?
No. You don't need to reinstall anything. Looks like you didn't install
any replica before?
Instructions are here for a replica installation:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
Instructions are here for a server removal:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
Old server name might be mentioned in three configuration files on the
clients if you deployed them with --server option to ipa-client-install
instead of using auto-discovery.
- /etc/sssd/sssd.conf might have a direct reference to IPA master
instead of _srv_ label. If it has both, make sure you keep _srv_
first and replace old server name by the new one there. On IPA masters
itself there should be no _srv_ label.
- /etc/ipa/default.conf has name of the master this server was enrolled
into. It can be updated to a new server without any trouble if old
server will be decommissioned.
- /etc/krb5.conf can have a reference to the old server as a KDC. It can
also be updated without any issue.
On Tue, Apr 16, 2019 at 11:42 AM Alexander Bokovoy
<abokovoy(a)redhat.com>
wrote:
> On ti, 16 huhti 2019, fujisan via FreeIPA-users wrote:
> >Hello,
> >
> >I just got a new server on which I'd like to install a FreeIPA server.
> >Today it is installed on the old server.
> >
> >I just tried to install it with ipa-server-install but of course it
> >complained saying the DNS domain is handled by the old server.
> >
> >What is the best way to install FreeIPA on the new server without
> >disturbing the users too much?
> Add a new server as a replica.
>
>
> --
> / Alexander Bokovoy
> Sr. Principal Software Engineer
> Security / Identity Management Engineering
> Red Hat Limited, Finland
>
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland