On ti, 25 tammi 2022, Brian J. Murrell via FreeIPA-users wrote:
On Tue, 2022-01-25 at 09:18 -0500, Rob Crittenden wrote:
>
> So this was formerly a server and you ran ipa-server-install
> --uninstall.
Correct.
> Did you also run ipa server-del?
No. I thought ipa-server-install --uninstall would do all of the work.
So that's the issue. It is documented in RHEL documentation:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
-------------------------------------------
To uninstall
server.example.com:
On another server, use the ipa server-del command to delete
server.example.com from the topology:
[root@another_server ~]# ipa server-del
server.example.com
On
server.example.com, use the ipa-server-install --uninstall command:
[root@server ~]# ipa-server-install --uninstall
Make sure all name server (NS) DNS records pointing to
server.example.com are deleted from your DNS zones. This applies
regardless of whether you use integrated DNS managed by IdM or
external DNS.
-------------------------------------------
> Was this
> server running additional, non-IPA services?
Yes.
> Then you ran ipa-client-install?
Correct, as a prerequisite for running ipa-replica-install.
> You didn't have any issues with this
> host is already enrolled?
No, it's enrolled right now and happily providing gssapi-authenticated
services.
> How are you trying to remove the ldap service principal?
In the GUI. Clicking on ldap/server.example.com(a)EXAMPLE.COM and then
clicking the delete button there.
Does using a raw LDAP delete help?
ldapdelete -D cn=directory\ manager -W
krbprincipalname=ldap/server.example.com(a)EXAMPLE.COM,cn=services,cn=accounts,dc=example,dc=com
?
If not, you might need to temporarily fix the LDAP entry schema
consistency before deleting the object. It means you'd need to add
krbPrincipalName attribute back.
> Is there something special about the client config that you can't
> uninstall the client to ensure the host and service entries for it are
> cleaned up?
The client has been uninstalled (as a result of ipa-replica-install --
or maybe it's ipa-server-install you are told to do when ipa-replica-
install fails) --uninstall and re-installed (as a prerequisite to ipa-
replica-install, per
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...,
but I am also now seeing
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
but the first link was how I set up the server I am now trying to
replicate from).
Honestly though, I don't care which process I use. I was just using
what had worked before.
Cheers,
b.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland