<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Did you run ipa-ca-install on server2 ?<br>
</p>
<br>
<div class="moz-cite-prefix">On 02.03.2017 15:20, Matt Wells wrote:<br>
</div>
<blockquote
cite="mid:CAGOvb9SOm5Aqkt2CijfM1EsaK6NqU4+QxkvQ-fvJBa2rfQmq0Q@mail.gmail.com"
type="cite">
<div dir="ltr">Thank you for the response Martin. Server1 had no
flags upon install however CA, DNS were selected during the
installation. Server2 was joined and then the
'ipa-replica-install --skip-conn-check' used to join it. Manual
tests of the ports showed all was good but not in the
installation so I had to use the '--skip-conn-check'.
<div>Server1 - </div>
<div>
<div> Maximum username length: 32</div>
<div> Home directory base: /home</div>
<div> Default shell: /bin/sh</div>
<div> Default users group: ipausers</div>
<div> Default e-mail domain: <a moz-do-not-send="true"
href="http://lci.devdomain.com">lci.devdomain.com</a></div>
<div> Search time limit: 2</div>
<div> Search size limit: 100</div>
<div> User search fields:
uid,givenname,sn,telephonenumber,ou,title</div>
<div> Group search fields: cn,description</div>
<div> Enable migration mode: FALSE</div>
<div> Certificate Subject base: O=<a moz-do-not-send="true"
href="http://LCI.DEVDOMAIN.COM">LCI.DEVDOMAIN.COM</a></div>
<div> Password Expiration Notification (days): 4</div>
<div> Password plugin features: AllowNThash</div>
<div> SELinux user map order:
guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023</div>
<div> Default SELinux user: unconfined_u:s0-s0:c0.c1023</div>
<div> Default PAC types: nfs:NONE, MS-PAC</div>
<div> IPA masters: <a moz-do-not-send="true"
href="http://server1.lci.devdomain.com">server1.lci.devdomain.com</a>,
<a moz-do-not-send="true"
href="http://server2.lci.devdomain.com">server2.lci.devdomain.com</a></div>
<div> IPA CA servers: <a moz-do-not-send="true"
href="http://server1.lci.devdomain.com">server1.lci.devdomain.com</a></div>
<div> IPA NTP servers: <a moz-do-not-send="true"
href="http://server1.lci.devdomain.com">server1.lci.devdomain.com</a>,
<a moz-do-not-send="true"
href="http://server2.lci.devdomain.com">server2.lci.devdomain.com</a></div>
<div> IPA CA renewal master: <a moz-do-not-send="true"
href="http://server1.lci.devdomain.com">server1.lci.devdomain.com</a></div>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Thu, Mar 2, 2017 at 12:39 AM Martin Basti <<a
moz-do-not-send="true" href="mailto:mbasti@redhat.com">mbasti@redhat.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">
<p class="gmail_msg"><br class="gmail_msg">
</p>
<br class="gmail_msg">
<div class="m_4674723430626567125moz-cite-prefix gmail_msg">On
01.03.2017 22:00, Matt Wells wrote:<br class="gmail_msg">
</div>
<blockquote type="cite" class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div class="m_4674723430626567125gmail_signature
gmail_msg" data-smartmail="gmail_signature">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">I have two new IPA 4.4
servers on CentOS7 installed in a lab. I built
the first, joined the second and promoted it to
be a master. Thus far all went well. </div>
<div class="gmail_msg"><br class="gmail_msg">
</div>
<div class="gmail_msg">I then ran the
ipa-ca-install and when I log back in I see that
it has "domain,CA" attached to it. However when
I hit the main IPA page it informs me I only
have one server in the CA role. </div>
<div class="gmail_msg"> Drilling down into server2
I see it does not have that role assigned. <br
class="gmail_msg">
</div>
<div class="gmail_msg">I'm certain I missed an
easy step but I've been unable to locate it. </div>
<div class="gmail_msg"><br class="gmail_msg">
</div>
<div class="gmail_msg">Any guidance would be
greatly appreciated. </div>
</div>
</div>
</div>
</div>
<br class="gmail_msg">
<fieldset class="m_4674723430626567125mimeAttachmentHeader
gmail_msg"></fieldset>
<br class="gmail_msg">
</blockquote>
<br class="gmail_msg">
</div>
<div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">
Hello,<br class="gmail_msg">
<br class="gmail_msg">
can you provide more info? How did you install servers
(options used), on which server you ran ipa-ca-install ?</div>
<div bgcolor="#FFFFFF" text="#000000" class="gmail_msg"><br
class="gmail_msg">
<br class="gmail_msg">
Martin<br class="gmail_msg">
</div>
</blockquote>
</div>
<div dir="ltr">-- <br>
</div>
<div data-smartmail="gmail_signature">
<div dir="ltr"><b
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">Matt
Wells</b>
<div
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><a
moz-do-not-send="true"
href="https://www.redhat.com/rhtapps/certification/badge/verify/V3WMPVPAQ6I67AJBGN6FZU6N2YAEQU3CUPSQX2KSDXT6RW46LQ3U7PJCSIXUILAFHEDCMJS26CYXW4U5NQYTCNA62RUWOCM34WWBUYQ="
target="_blank"><b>Lead Systems Architect</b></a></div>
<div
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><a
moz-do-not-send="true" href="https://www.bridgevine.com/"
target="_blank"><img moz-do-not-send="true"
src="https://docs.google.com/uc?export=download&id=0B3TGGx2GMVt1TDMtT3huTEVHNDA&revid=0B3TGGx2GMVt1TkwxQ0ozSlMrRFFzTW04cWdSUzA0aEl4b1pZPQ"
height="24" width="96"></a></div>
</div>
</div>
</blockquote>
<br>
</body>
</html>