Hi, which is the correct way to add a replication segment between two server (just one of them has CA role)?
I tried with "ipa topologysegment-add" and dragging it in the UI, but I got "right node does not support suffix 'ca'".
Thanks in advance, Giulio
On 4/8/19 11:35 AM, Giulio Casella via FreeIPA-users wrote:
Hi, which is the correct way to add a replication segment between two server (just one of them has CA role)?
I tried with "ipa topologysegment-add" and dragging it in the UI, but I got "right node does not support suffix 'ca'".
Thanks in advance, Giulio _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hi Giulio,
you need to run the CA install on the replica:
(replica)$ kinit admin (replica)$ ipa-ca-install
For more information, please see the man page for ipa-ca-install(1): -----8<----- In a domain at domain level 1, ipa-ca-install can be used to upgrade from CA-less to CA-full or to install the CA service on a replica, and does not require any replica file. ----->8-----
HTH, flo
freeipa-users@lists.fedorahosted.org