Re: [Freeipa-users] IPA 4.4 CA Replications

Thu, 02 Mar 2017 06:25:47 -0800 

Thank you for the response Martin.  Server1 had no flags upon install
however CA, DNS were selected during the installation.  Server2 was joined
and then the 'ipa-replica-install --skip-conn-check' used to join it.
Manual tests of the ports showed all was good but not in the installation
so I had to use the '--skip-conn-check'.
Server1 -
  Maximum username length: 32
  Home directory base: /home
  Default shell: /bin/sh
  Default users group: ipausers
  Default e-mail domain: lci.devdomain.com
  Search time limit: 2
  Search size limit: 100
  User search fields: uid,givenname,sn,telephonenumber,ou,title
  Group search fields: cn,description
  Enable migration mode: FALSE
  Certificate Subject base: O=LCI.DEVDOMAIN.COM
  Password Expiration Notification (days): 4
  Password plugin features: AllowNThash
  SELinux user map order:
guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
  Default SELinux user: unconfined_u:s0-s0:c0.c1023
  Default PAC types: nfs:NONE, MS-PAC
  IPA masters: server1.lci.devdomain.com, server2.lci.devdomain.com
  IPA CA servers: server1.lci.devdomain.com
  IPA NTP servers: server1.lci.devdomain.com, server2.lci.devdomain.com
  IPA CA renewal master: server1.lci.devdomain.com



On Thu, Mar 2, 2017 at 12:39 AM Martin Basti <mba...@redhat.com> wrote:

>
>
> On 01.03.2017 22:00, Matt Wells wrote:
>
> I have two new IPA 4.4 servers on CentOS7 installed in a lab.  I built the
> first, joined the second and promoted it to be a master.  Thus far all went
> well.
>
> I then ran the ipa-ca-install and when I log back in I see that it has
> "domain,CA" attached to it.  However when I hit the main IPA page it
> informs me I only have one server in the CA role.
>  Drilling down into server2 I see it does not have that role assigned.
> I'm certain I missed an easy step but I've been unable to locate it.
>
> Any guidance would be greatly appreciated.
>
>
>
> Hello,
>
> can you provide more info? How did you install servers (options used), on
> which server you ran ipa-ca-install ?
>
>
> Martin
>
-- 
*Matt Wells*
*Lead Systems Architect*
<https://www.redhat.com/rhtapps/certification/badge/verify/V3WMPVPAQ6I67AJBGN6FZU6N2YAEQU3CUPSQX2KSDXT6RW46LQ3U7PJCSIXUILAFHEDCMJS26CYXW4U5NQYTCNA62RUWOCM34WWBUYQ=>
<https://www.bridgevine.com/>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to