[Freeipa-users] IPA 4.4 CA Replications

Martin Basti mbasti at redhat.com
Thu Mar 2 14:22:41 UTC 2017 

Did you run ipa-ca-install on server2 ?


On 02.03.2017 15:20, Matt Wells wrote:
> Thank you for the response Martin.  Server1 had no flags upon install
> however CA, DNS were selected during the installation.  Server2 was
> joined and then the 'ipa-replica-install --skip-conn-check' used to
> join it.  Manual tests of the ports showed all was good but not in the
> installation so I had to use the '--skip-conn-check'.
> Server1 - 
>   Maximum username length: 32
>   Home directory base: /home
>   Default shell: /bin/sh
>   Default users group: ipausers
>   Default e-mail domain: lci.devdomain.com <http://lci.devdomain.com>
>   Search time limit: 2
>   Search size limit: 100
>   User search fields: uid,givenname,sn,telephonenumber,ou,title
>   Group search fields: cn,description
>   Enable migration mode: FALSE
>   Certificate Subject base: O=LCI.DEVDOMAIN.COM <http://LCI.DEVDOMAIN.COM>
>   Password Expiration Notification (days): 4
>   Password plugin features: AllowNThash
>   SELinux user map order:
> guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
>   Default SELinux user: unconfined_u:s0-s0:c0.c1023
>   Default PAC types: nfs:NONE, MS-PAC
>   IPA masters: server1.lci.devdomain.com
> <http://server1.lci.devdomain.com>, server2.lci.devdomain.com
> <http://server2.lci.devdomain.com>
>   IPA CA servers: server1.lci.devdomain.com
> <http://server1.lci.devdomain.com>
>   IPA NTP servers: server1.lci.devdomain.com
> <http://server1.lci.devdomain.com>, server2.lci.devdomain.com
> <http://server2.lci.devdomain.com>
>   IPA CA renewal master: server1.lci.devdomain.com
> <http://server1.lci.devdomain.com>
>
>
>
> On Thu, Mar 2, 2017 at 12:39 AM Martin Basti <mbasti at redhat.com
> <mailto:mbasti at redhat.com>> wrote:
>
>
>
>     On 01.03.2017 22:00, Matt Wells wrote:
>>     I have two new IPA 4.4 servers on CentOS7 installed in a lab.  I
>>     built the first, joined the second and promoted it to be a
>>     master.  Thus far all went well.  
>>
>>     I then ran the ipa-ca-install and when I log back in I see that
>>     it has "domain,CA" attached to it.  However when I hit the main
>>     IPA page it informs me I only have one server in the CA role. 
>>      Drilling down into server2 I see it does not have that role
>>     assigned.  
>>     I'm certain I missed an easy step but I've been unable to locate
>>     it.  
>>
>>     Any guidance would be greatly appreciated. 
>>
>>
>
>     Hello,
>
>     can you provide more info? How did you install servers (options
>     used), on which server you ran ipa-ca-install ?
>
>
>     Martin
>
> -- 
> *Matt Wells*
> *Lead Systems Architect*
> <https://www.redhat.com/rhtapps/certification/badge/verify/V3WMPVPAQ6I67AJBGN6FZU6N2YAEQU3CUPSQX2KSDXT6RW46LQ3U7PJCSIXUILAFHEDCMJS26CYXW4U5NQYTCNA62RUWOCM34WWBUYQ=>
> <https://www.bridgevine.com/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170302/c185387e/attachment.htm>

More information about the Freeipa-users mailing list