To elaborate further, the authentication request works on the secondary IPA server, but I am immediately greeted with this WSGI error screen.

On Thu, Jun 29, 2017 at 3:47 PM, Jason Hensley <> wrote:

  I have setup a pair of FreeIPA 4.5.2 servers.  One via ipa-server-install, the other via ipa-replica-install.  I have tried them both as trust controllers and I have tried them in a controller/agent setup.

  My problem is that no AD users can login to the self service UI on the secondary IPA server.  Is this by design, or is it merely a bug?  I can provide more details/logs/configs on request.