It Works!!!

You are incredible

[root@server~]# pki-server sd-subsystem-add --subsystem CA --hostname
 ipa.example.test   --secure-port 443 "CA   ipa.example.test   443"
[root@server~]# pki-server sd-subsystem-find
  Subsystem ID: CA   ipa.example.test   443
  Hostname:   ipa.example.test
  Secure Port: 443
  Domain Manager: FALSE
  Clone: FALSE

#ipa-replica-install --setup-dns --forwarder 1.1.1.1 --forwarder 9.9.9.9
--setup-ca  --verbose
Restart of ipa.service complete
Created connection context.ldap2_5646545465456465
flushing ldapi://%2Frun%2Fslapd-EXAMPLE-TEST.socket from SchemaCache
retrieving schema for SchemaCache
url=ldapi://%2Frun%2Fslapd-EXAMPLE-TEST.socket
conn=<ldap.ldapobject.SimpleLDAPObject object at 0x7f4c3860e3d0>
Destroyed connection context.ldap2_55656989899899

*The ipa-replica-install command was successful*
Thank you, I appreciate it.

Last question, Was I doing something wrong?

Regards


El jue, 29 may 2025 a las 13:50, Rob Crittenden (<rcrit...@redhat.com>)
escribió:

> Try this:
> $ pki-server sd-subsystem-find
>
> You should get basically nothing because we know its empty.
>
> Populate it with your server:
> $ pki-server sd-subsystem-add --subsystem CA --hostname ipa.example.test
>     --secure-port 443 "CA ipa.example.test 443"
>
> Be sure to replace both instances of 'ipa.example.test' with your CA
> hostname.
>
> Then try your replica install again.
>
> rob
>
> John Tor via FreeIPA-users wrote:
> > [root@server ~]#  ipa server-role-find --status enabled
> > ----------------------
> > 2 server roles matched
> > ----------------------
> >   Server name: ipa.example.test
> >   Role name: CA server
> >   Role status: enabled
> >
> >   Server name: ipa.example.test
> >   Role name: DNS server
> >   Role status: enabled
> > ----------------------------
> > Number of entries returned 2
> > ----------------------------
> > [root@server ~]# ldapsearch -x -D 'cn=directory manager' -W -b
> "ou=Security Domain,o=ipaca"
> > Enter LDAP Password:
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <ou=Security Domain,o=ipaca> with scope subtree
> > # filter: (objectclass=*)
> > # requesting: ALL
> > #
> >
> > # Security Domain, ipaca
> > dn: ou=Security Domain,o=ipaca
> > objectClass: top
> > objectClass: pkiSecurityDomain
> > name: IPA
> > ou: Security Domain
> >
> > # CAList, Security Domain, ipaca
> > dn: cn=CAList,ou=Security Domain,o=ipaca
> > objectClass: top
> > objectClass: pkiSecurityGroup
> > cn: CAList
> >
> > # OCSPList, Security Domain, ipaca
> > dn: cn=OCSPList,ou=Security Domain,o=ipaca
> > objectClass: top
> > objectClass: pkiSecurityGroup
> > cn: OCSPList
> >
> > # KRAList, Security Domain, ipaca
> > dn: cn=KRAList,ou=Security Domain,o=ipaca
> > objectClass: top
> > objectClass: pkiSecurityGroup
> > cn: KRAList
> >
> > # RAList, Security Domain, ipaca
> > dn: cn=RAList,ou=Security Domain,o=ipaca
> > objectClass: top
> > objectClass: pkiSecurityGroup
> > cn: RAList
> >
> > # TKSList, Security Domain, ipaca
> > dn: cn=TKSList,ou=Security Domain,o=ipaca
> > objectClass: top
> > objectClass: pkiSecurityGroup
> > cn: TKSList
> >
> > # TPSList, Security Domain, ipaca
> > dn: cn=TPSList,ou=Security Domain,o=ipaca
> > objectClass: top
> > objectClass: pkiSecurityGroup
> > cn: TPSList
> >
> > # search result
> > search: 2
> > result: 0 Success
> >
> > # numResponses: 8
> > # numEntries: 7
> > [root@srvad01 ~]#
> >
>
>

-- 
Jhon Albert Torres H.
-- 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to