It Works!!! You are incredible
[root@server~]# pki-server sd-subsystem-add --subsystem CA --hostname ipa.example.test --secure-port 443 "CA ipa.example.test 443" [root@server~]# pki-server sd-subsystem-find Subsystem ID: CA ipa.example.test 443 Hostname: ipa.example.test Secure Port: 443 Domain Manager: FALSE Clone: FALSE #ipa-replica-install --setup-dns --forwarder 1.1.1.1 --forwarder 9.9.9.9 --setup-ca --verbose Restart of ipa.service complete Created connection context.ldap2_5646545465456465 flushing ldapi://%2Frun%2Fslapd-EXAMPLE-TEST.socket from SchemaCache retrieving schema for SchemaCache url=ldapi://%2Frun%2Fslapd-EXAMPLE-TEST.socket conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f4c3860e3d0> Destroyed connection context.ldap2_55656989899899 *The ipa-replica-install command was successful* Thank you, I appreciate it. Last question, Was I doing something wrong? Regards El jue, 29 may 2025 a las 13:50, Rob Crittenden (<rcrit...@redhat.com>) escribió: > Try this: > $ pki-server sd-subsystem-find > > You should get basically nothing because we know its empty. > > Populate it with your server: > $ pki-server sd-subsystem-add --subsystem CA --hostname ipa.example.test > --secure-port 443 "CA ipa.example.test 443" > > Be sure to replace both instances of 'ipa.example.test' with your CA > hostname. > > Then try your replica install again. > > rob > > John Tor via FreeIPA-users wrote: > > [root@server ~]# ipa server-role-find --status enabled > > ---------------------- > > 2 server roles matched > > ---------------------- > > Server name: ipa.example.test > > Role name: CA server > > Role status: enabled > > > > Server name: ipa.example.test > > Role name: DNS server > > Role status: enabled > > ---------------------------- > > Number of entries returned 2 > > ---------------------------- > > [root@server ~]# ldapsearch -x -D 'cn=directory manager' -W -b > "ou=Security Domain,o=ipaca" > > Enter LDAP Password: > > # extended LDIF > > # > > # LDAPv3 > > # base <ou=Security Domain,o=ipaca> with scope subtree > > # filter: (objectclass=*) > > # requesting: ALL > > # > > > > # Security Domain, ipaca > > dn: ou=Security Domain,o=ipaca > > objectClass: top > > objectClass: pkiSecurityDomain > > name: IPA > > ou: Security Domain > > > > # CAList, Security Domain, ipaca > > dn: cn=CAList,ou=Security Domain,o=ipaca > > objectClass: top > > objectClass: pkiSecurityGroup > > cn: CAList > > > > # OCSPList, Security Domain, ipaca > > dn: cn=OCSPList,ou=Security Domain,o=ipaca > > objectClass: top > > objectClass: pkiSecurityGroup > > cn: OCSPList > > > > # KRAList, Security Domain, ipaca > > dn: cn=KRAList,ou=Security Domain,o=ipaca > > objectClass: top > > objectClass: pkiSecurityGroup > > cn: KRAList > > > > # RAList, Security Domain, ipaca > > dn: cn=RAList,ou=Security Domain,o=ipaca > > objectClass: top > > objectClass: pkiSecurityGroup > > cn: RAList > > > > # TKSList, Security Domain, ipaca > > dn: cn=TKSList,ou=Security Domain,o=ipaca > > objectClass: top > > objectClass: pkiSecurityGroup > > cn: TKSList > > > > # TPSList, Security Domain, ipaca > > dn: cn=TPSList,ou=Security Domain,o=ipaca > > objectClass: top > > objectClass: pkiSecurityGroup > > cn: TPSList > > > > # search result > > search: 2 > > result: 0 Success > > > > # numResponses: 8 > > # numEntries: 7 > > [root@srvad01 ~]# > > > > -- Jhon Albert Torres H.
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue