On ti, 25 tammi 2022, Brian J. Murrell via FreeIPA-users wrote:
On Tue, 2022-01-25 at 09:18 -0500, Rob Crittenden wrote:
So this was formerly a server and you ran ipa-server-install --uninstall.
Correct.
Did you also run ipa server-del?
No. I thought ipa-server-install --uninstall would do all of the work.
So that's the issue. It is documented in RHEL documentation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
------------------------------------------- To uninstall server.example.com:
On another server, use the ipa server-del command to delete server.example.com from the topology:
[root@another_server ~]# ipa server-del server.example.com
On server.example.com, use the ipa-server-install --uninstall command:
[root@server ~]# ipa-server-install --uninstall
Make sure all name server (NS) DNS records pointing to server.example.com are deleted from your DNS zones. This applies regardless of whether you use integrated DNS managed by IdM or external DNS.
-------------------------------------------
Was this server running additional, non-IPA services?
Yes.
Then you ran ipa-client-install?
Correct, as a prerequisite for running ipa-replica-install.
You didn't have any issues with this host is already enrolled?
No, it's enrolled right now and happily providing gssapi-authenticated services.
How are you trying to remove the ldap service principal?
In the GUI. Clicking on ldap/server.example.com@EXAMPLE.COM and then clicking the delete button there.
Does using a raw LDAP delete help?
ldapdelete -D cn=directory\ manager -W krbprincipalname=ldap/server.example.com@EXAMPLE.COM,cn=services,cn=accounts,dc=example,dc=com
?
If not, you might need to temporarily fix the LDAP entry schema consistency before deleting the object. It means you'd need to add krbPrincipalName attribute back.
Is there something special about the client config that you can't uninstall the client to ensure the host and service entries for it are cleaned up?
The client has been uninstalled (as a result of ipa-replica-install -- or maybe it's ipa-server-install you are told to do when ipa-replica- install fails) --uninstall and re-installed (as a prerequisite to ipa- replica-install, per https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm..., but I am also now seeing https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm... but the first link was how I set up the server I am now trying to replicate from).
Honestly though, I don't care which process I use. I was just using what had worked before.
Cheers, b. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure