Thank you for the response Martin. Server1 had no flags upon install however CA, DNS were selected during the installation. Server2 was joined and then the 'ipa-replica-install --skip-conn-check' used to join it. Manual tests of the ports showed all was good but not in the installation so I had to use the '--skip-conn-check'. Server1 - Maximum username length: 32 Home directory base: /home Default shell: /bin/sh Default users group: ipausers Default e-mail domain: lci.devdomain.com Search time limit: 2 Search size limit: 100 User search fields: uid,givenname,sn,telephonenumber,ou,title Group search fields: cn,description Enable migration mode: FALSE Certificate Subject base: O=LCI.DEVDOMAIN.COM Password Expiration Notification (days): 4 Password plugin features: AllowNThash SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 Default SELinux user: unconfined_u:s0-s0:c0.c1023 Default PAC types: nfs:NONE, MS-PAC IPA masters: server1.lci.devdomain.com, server2.lci.devdomain.com IPA CA servers: server1.lci.devdomain.com IPA NTP servers: server1.lci.devdomain.com, server2.lci.devdomain.com IPA CA renewal master: server1.lci.devdomain.com
On Thu, Mar 2, 2017 at 12:39 AM Martin Basti <mba...@redhat.com> wrote: > > > On 01.03.2017 22:00, Matt Wells wrote: > > I have two new IPA 4.4 servers on CentOS7 installed in a lab. I built the > first, joined the second and promoted it to be a master. Thus far all went > well. > > I then ran the ipa-ca-install and when I log back in I see that it has > "domain,CA" attached to it. However when I hit the main IPA page it > informs me I only have one server in the CA role. > Drilling down into server2 I see it does not have that role assigned. > I'm certain I missed an easy step but I've been unable to locate it. > > Any guidance would be greatly appreciated. > > > > Hello, > > can you provide more info? How did you install servers (options used), on > which server you ran ipa-ca-install ? > > > Martin > -- *Matt Wells* *Lead Systems Architect* <https://www.redhat.com/rhtapps/certification/badge/verify/V3WMPVPAQ6I67AJBGN6FZU6N2YAEQU3CUPSQX2KSDXT6RW46LQ3U7PJCSIXUILAFHEDCMJS26CYXW4U5NQYTCNA62RUWOCM34WWBUYQ=> <https://www.bridgevine.com/>
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project