Thank you for the response Martin. Server1 had no flags upon install
however CA, DNS were selected during the installation. Server2 was joined
and then the 'ipa-replica-install --skip-conn-check' used to join it.
Manual tests of the ports showed all was good but not in the installation
so I had to use the '--skip-conn-check'.
Maximum username length: 32
Home directory base: /home
Default shell: /bin/sh
Default users group: ipausers
Default e-mail domain: lci.devdomain.com
Search time limit: 2
Search size limit: 100
User search fields: uid,givenname,sn,telephonenumber,ou,title
Group search fields: cn,description
Enable migration mode: FALSE
Certificate Subject base: O=LCI.DEVDOMAIN.COM
Password Expiration Notification (days): 4
Password plugin features: AllowNThash
SELinux user map order:
Default SELinux user: unconfined_u:s0-s0:c0.c1023
Default PAC types: nfs:NONE, MS-PAC
IPA masters: server1.lci.devdomain.com, server2.lci.devdomain.com
IPA CA servers: server1.lci.devdomain.com
IPA NTP servers: server1.lci.devdomain.com, server2.lci.devdomain.com
IPA CA renewal master: server1.lci.devdomain.com
On Thu, Mar 2, 2017 at 12:39 AM Martin Basti <mba...@redhat.com> wrote:
> On 01.03.2017 22:00, Matt Wells wrote:
> I have two new IPA 4.4 servers on CentOS7 installed in a lab. I built the
> first, joined the second and promoted it to be a master. Thus far all went
> I then ran the ipa-ca-install and when I log back in I see that it has
> "domain,CA" attached to it. However when I hit the main IPA page it
> informs me I only have one server in the CA role.
> Drilling down into server2 I see it does not have that role assigned.
> I'm certain I missed an easy step but I've been unable to locate it.
> Any guidance would be greatly appreciated.
> can you provide more info? How did you install servers (options used), on
> which server you ran ipa-ca-install ?
*Lead Systems Architect*
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project