[Freeipa-users] IPA 4.4 CA Replications
Martin Basti
mbasti at redhat.com
Thu Mar 2 14:22:41 UTC 2017
Did you run ipa-ca-install on server2 ?
On 02.03.2017 15:20, Matt Wells wrote:
> Thank you for the response Martin. Server1 had no flags upon install
> however CA, DNS were selected during the installation. Server2 was
> joined and then the 'ipa-replica-install --skip-conn-check' used to
> join it. Manual tests of the ports showed all was good but not in the
> installation so I had to use the '--skip-conn-check'.
> Server1 -
> Maximum username length: 32
> Home directory base: /home
> Default shell: /bin/sh
> Default users group: ipausers
> Default e-mail domain: lci.devdomain.com <http://lci.devdomain.com>
> Search time limit: 2
> Search size limit: 100
> User search fields: uid,givenname,sn,telephonenumber,ou,title
> Group search fields: cn,description
> Enable migration mode: FALSE
> Certificate Subject base: O=LCI.DEVDOMAIN.COM <http://LCI.DEVDOMAIN.COM>
> Password Expiration Notification (days): 4
> Password plugin features: AllowNThash
> SELinux user map order:
> guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
> Default SELinux user: unconfined_u:s0-s0:c0.c1023
> Default PAC types: nfs:NONE, MS-PAC
> IPA masters: server1.lci.devdomain.com
> <http://server1.lci.devdomain.com>, server2.lci.devdomain.com
> <http://server2.lci.devdomain.com>
> IPA CA servers: server1.lci.devdomain.com
> <http://server1.lci.devdomain.com>
> IPA NTP servers: server1.lci.devdomain.com
> <http://server1.lci.devdomain.com>, server2.lci.devdomain.com
> <http://server2.lci.devdomain.com>
> IPA CA renewal master: server1.lci.devdomain.com
> <http://server1.lci.devdomain.com>
>
>
>
> On Thu, Mar 2, 2017 at 12:39 AM Martin Basti <mbasti at redhat.com
> <mailto:mbasti at redhat.com>> wrote:
>
>
>
> On 01.03.2017 22:00, Matt Wells wrote:
>> I have two new IPA 4.4 servers on CentOS7 installed in a lab. I
>> built the first, joined the second and promoted it to be a
>> master. Thus far all went well.
>>
>> I then ran the ipa-ca-install and when I log back in I see that
>> it has "domain,CA" attached to it. However when I hit the main
>> IPA page it informs me I only have one server in the CA role.
>> Drilling down into server2 I see it does not have that role
>> assigned.
>> I'm certain I missed an easy step but I've been unable to locate
>> it.
>>
>> Any guidance would be greatly appreciated.
>>
>>
>
> Hello,
>
> can you provide more info? How did you install servers (options
> used), on which server you ran ipa-ca-install ?
>
>
> Martin
>
> --
> *Matt Wells*
> *Lead Systems Architect*
> <https://www.redhat.com/rhtapps/certification/badge/verify/V3WMPVPAQ6I67AJBGN6FZU6N2YAEQU3CUPSQX2KSDXT6RW46LQ3U7PJCSIXUILAFHEDCMJS26CYXW4U5NQYTCNA62RUWOCM34WWBUYQ=>
> <https://www.bridgevine.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170302/c185387e/attachment.htm>
More information about the Freeipa-users
mailing list