Hello,
I am fairly new to freeipa. Sorry for that.
I have a freeipa installation with 1 master in domain bxl.mydomain and a replica in ams.mydomain. At this stage I have lost the master. I did not install the master and replica myself, but from the documentation I learned that the master should be the CA for the system. However when I look for the configs on the master that should determine the CA I can find any that make sense. freeipa version of master and replica are 3.0.0. on Centos 6 both running in lxc container on different Proxmox hypervisors.
the ipa config-show output from the master looked like.
Maximum username length: 32 Home directory base: /users_roaming/ Default shell: /bin/bash Default users group: prod-users Default e-mail domain: bxl.mydomain Search time limit: 2 Search size limit: 100 User search fields: uid,givenname,sn,telephonenumber,ou,title Group search fields: cn,description Enable migration mode: FALSE Certificate Subject base: O= BXL.MYDOMAIN Password Expiration Notification (days): 4 Password plugin features: AllowNThash SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 Default SELinux user: unconfined_u:s0-s0:c0.c1023 Default PAC types: MS-PAC
I want to know if I need to promote the replica and how to proceed. I have a great part of the master in the backup including the /etc, /var/lib/ /var/log/ and /root directories
Rob van Halteren via FreeIPA-users wrote:
Hello,
I am fairly new to freeipa. Sorry for that.
I have a freeipa installation with 1 master in domain bxl.mydomain and a replica in ams.mydomain. At this stage I have lost the master. I did not install the master and replica myself, but from the documentation I learned that the master should be the CA for the system. However when I look for the configs on the master that should determine the CA I can find any that make sense. freeipa version of master and replica are 3.0.0. on Centos 6 both running in lxc container on different Proxmox hypervisors.
the ipa config-show output from the master looked like.
Maximum username length: 32 Home directory base: /users_roaming/ Default shell: /bin/bash Default users group: prod-users Default e-mail domain: bxl.mydomain Search time limit: 2 Search size limit: 100 User search fields: uid,givenname,sn,telephonenumber,ou,title Group search fields: cn,description Enable migration mode: FALSE Certificate Subject base: O= BXL.MYDOMAIN Password Expiration Notification (days): 4 Password plugin features: AllowNThash SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 Default SELinux user: unconfined_u:s0-s0:c0.c1023 Default PAC types: MS-PAC
I want to know if I need to promote the replica and how to proceed. I have a great part of the master in the backup including the /etc, /var/lib/ /var/log/ and /root directories
The key question is: does your working master have a CA installed on it?
rob
freeipa-users@lists.fedorahosted.org