[Freeipa-users] IPA 4.4 CA Replications
Matt Wells
matt.wells at bridgevine.com
Thu Mar 2 14:20:38 UTC 2017
Thank you for the response Martin. Server1 had no flags upon install
however CA, DNS were selected during the installation. Server2 was joined
and then the 'ipa-replica-install --skip-conn-check' used to join it.
Manual tests of the ports showed all was good but not in the installation
so I had to use the '--skip-conn-check'.
Server1 -
Maximum username length: 32
Home directory base: /home
Default shell: /bin/sh
Default users group: ipausers
Default e-mail domain: lci.devdomain.com
Search time limit: 2
Search size limit: 100
User search fields: uid,givenname,sn,telephonenumber,ou,title
Group search fields: cn,description
Enable migration mode: FALSE
Certificate Subject base: O=LCI.DEVDOMAIN.COM
Password Expiration Notification (days): 4
Password plugin features: AllowNThash
SELinux user map order:
guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
Default SELinux user: unconfined_u:s0-s0:c0.c1023
Default PAC types: nfs:NONE, MS-PAC
IPA masters: server1.lci.devdomain.com, server2.lci.devdomain.com
IPA CA servers: server1.lci.devdomain.com
IPA NTP servers: server1.lci.devdomain.com, server2.lci.devdomain.com
IPA CA renewal master: server1.lci.devdomain.com
On Thu, Mar 2, 2017 at 12:39 AM Martin Basti <mbasti at redhat.com> wrote:
>
>
> On 01.03.2017 22:00, Matt Wells wrote:
>
> I have two new IPA 4.4 servers on CentOS7 installed in a lab. I built the
> first, joined the second and promoted it to be a master. Thus far all went
> well.
>
> I then ran the ipa-ca-install and when I log back in I see that it has
> "domain,CA" attached to it. However when I hit the main IPA page it
> informs me I only have one server in the CA role.
> Drilling down into server2 I see it does not have that role assigned.
> I'm certain I missed an easy step but I've been unable to locate it.
>
> Any guidance would be greatly appreciated.
>
>
>
> Hello,
>
> can you provide more info? How did you install servers (options used), on
> which server you ran ipa-ca-install ?
>
>
> Martin
>
--
*Matt Wells*
*Lead Systems Architect*
<https://www.redhat.com/rhtapps/certification/badge/verify/V3WMPVPAQ6I67AJBGN6FZU6N2YAEQU3CUPSQX2KSDXT6RW46LQ3U7PJCSIXUILAFHEDCMJS26CYXW4U5NQYTCNA62RUWOCM34WWBUYQ=>
<https://www.bridgevine.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170302/0bb6265b/attachment.htm>
More information about the Freeipa-users
mailing list