I have setup a pair of FreeIPA 4.5.2 servers. One via ipa-server-install, the other via ipa-replica-install. I have tried them both as trust controllers and I have tried them in a controller/agent setup.
My problem is that no AD users can login to the self service UI on the secondary IPA server. Is this by design, or is it merely a bug? I can provide more details/logs/configs on request.