Hi Rob
I checked ipaclient-install.log.
I think this part is the problem. I attached the pic.
My dns server name have token two domain "shs.dc" i dont know why!
On Mon, 10 Jun 2019, 18:04 Elhamsadat Azarian, <elhamsadat.az(a)gmail.com>
wrote:
Really thanks for ur quick response.
Rob i will search log file tomorrow and i will report you.
On Mon, 10 Jun 2019, 17:46 Rob Crittenden, <rcritten(a)redhat.com> wrote:
> Elhamsadat Azarian wrote:
> > Hi Rob
> > Thanks for your email.
> > But i installed Ipa-server. I dont know why it try to install client
> > components!
>
> The client installer is needed because sssd, etc needs to be configured
> on a server as well.
>
> The error you are seeing is because the client installation failed the
> server installation is not complete.
>
> > Client hostname is set to ipa server hostname and i dont know when i
> > give it client hostname and how can i change it.
>
> A separate hostname is not needed. The server is a client of itself.
>
> rob
>
> >
> > On Mon, 10 Jun 2019, 16:56 Rob Crittenden, <rcritten(a)redhat.com
> > <mailto:rcritten@redhat.com>> wrote:
> >
> > Elhamsadat Azarian via FreeIPA-users wrote:
> > > Dear friends
> > > I instalked freeIPA on centos 7 with external DNS and internal CA
> > server.
> > > It finished successfuly but with a failed message about installing
> > client components!
> > > Anyway i open a web browser and browse freeipa page. It showed and
> > i add exeption for certificate.
> > > Then login page appeared. I inserted admin user and pasdword but
> > it showed error. "Invalid CA renewal master. All masters must have
> > CA server role enabled"
> >
> > It didn't install successfully if the client configuration failed.
> > You'll need to look at /var/log/ipaclient-install.log to see why it
> > failed.
> >
> > rob
> >
>
>