Hi Rob, When I perform step 1 I use, e.g.: ipa server-del --ignore-topology-disconnect ipa0.<domain> for id in $(ipa cert-find --sizelimit=0 --status=VALID --subject=ipa0.<domain> | grep "Serial number:" | sed "s/^\ *Serial number: //"); do ipa cert-revoke $id --revocation-reason=5; done ipa-replica-manage del ipa0.<domain>
It occurred to me that perhaps the ipa server-del command is overly aggressive and causing the last authentication timestamps to be deleted. Should I drop that step? Would I then need to un-join ipa0 from the domain after the ipa-replica-manage command? If the process for this sort of in situ upgrade is documented someplace then feel free to simply point me there. I searched but didn't find it. Thank you, Shane
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
