[Freeipa-devel] rawhide's ipa-server-install fails to configure directory server
Jim Meyering
jim at meyering.net
Mon Mar 10 21:39:55 UTC 2008
Hello,
I'm a total freeipa newbie and have only just subscribed to this list.
Sorry if anything here is a FAQ.
On a rawhide-based system, updated a day or two ago, I ran
ipa-server-install, and dir-server steps 4..9 each got
CRITICAL failures, before it bailed out:
# rpm -q ipa-server
ipa-server-0.99-11.fc9.i386
Note that I already have a kerberos principal set up,
and it's not the "MEYERING.NET" I used in this process.
Does that matter?
Here's the tail of it's output:
Please wait until the prompt is returned.
Configuring ntpd
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
done configuring ntpd.
Configuring directory server:
[1/16]: creating directory server user
[2/16]: creating directory server instance
[3/16]: adding default schema
[4/16]: enabling memberof plugin
root : CRITICAL Failed to load memberof-conf.ldif: Command
'/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w xxx -f /usr/share/ipa/memberof-conf.ldif' returned non-zero exit status 49
[5/16]: enabling referential integrity plugin
root : CRITICAL Failed to load referint-conf.ldif: Command
'/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w xxx -f /usr/share/ipa/referint-conf.ldif' returned non-zero exit status 49
[6/16]: enabling distributed numeric assignment plugin
root : CRITICAL Failed to load dna-conf.ldif: Command '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w xxx -f /usr/share/ipa/dna-conf.ldif' returned non-zero exit status 49
[7/16]: configuring uniqueness plugin
root : CRITICAL Failed to load unique-attributes.ldif: Command '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w xxx -f /dev/shm/tmp4dWkvF' returned non-zero exit status 49
[8/16]: creating indices
root : CRITICAL Failed to load indices.ldif: Command '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w xxx -f /usr/share/ipa/indices.ldif' returned non-zero exit status 49
[9/16]: configuring ssl for ds instance
Unexpected error - see ipaserver-install.log for details:
{'desc': 'Invalid credentials'}
--------------------------
When I ran that ldapmodify command manually, it did this:
root at iota# ldapmodify -h 127.0.0.1 -xv -D 'cn=Directory Manager' \
-w xxx -f /usr/share/ipa/memberof-conf.ldif
ldap_initialize( ldap://127.0.0.1 )
ldap_bind: Invalid credentials (49)
[Exit 49]
-------------------------------------
Here's the ipaserver-install.log file ipa-server-install created:
2008-03-10 21:16:01,362 INFO Shutting down dirsrv:
MEYERING-NET...[60G[[0;32m OK [0;39m]
2008-03-10 21:16:01,363 INFO
2008-03-10 21:17:49,038 DEBUG Configuring ntpd
2008-03-10 21:17:49,039 DEBUG [1/4]: stopping ntpd
2008-03-10 21:17:49,280 INFO ntpd (pid 8143) is running...
2008-03-10 21:17:49,281 INFO
2008-03-10 21:17:49,282 DEBUG Loading StateFile from '/var/cache/ipa/sysrestore.state'
2008-03-10 21:17:49,285 DEBUG Saving StateFile to '/var/cache/ipa/sysrestore.state'
2008-03-10 21:17:49,552 INFO Shutting down ntpd: [60G[[0;32m OK [0;39m]
2008-03-10 21:17:49,552 INFO
2008-03-10 21:17:49,552 DEBUG [2/4]: writing configuration
2008-03-10 21:17:49,553 DEBUG Backing up system configuration file '/etc/ntp.conf'
2008-03-10 21:17:49,554 DEBUG -> Not backing up - already have a copy of '/etc/ntp.conf'
2008-03-10 21:17:49,554 DEBUG Backing up system configuration file '/etc/sysconfig/ntpd'
2008-03-10 21:17:49,554 DEBUG -> Not backing up - already have a copy of '/etc/sysconfig/ntpd'
2008-03-10 21:17:49,555 DEBUG [3/4]: configuring ntpd to start on boot
2008-03-10 21:17:49,565 INFO ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
2008-03-10 21:17:49,566 INFO
2008-03-10 21:17:49,566 DEBUG Loading StateFile from '/var/cache/ipa/sysrestore.state'
2008-03-10 21:17:49,567 DEBUG Saving StateFile to '/var/cache/ipa/sysrestore.state'
2008-03-10 21:17:49,819 INFO
2008-03-10 21:17:49,820 INFO
2008-03-10 21:17:49,820 DEBUG [4/4]: starting ntpd
2008-03-10 21:17:49,890 INFO Starting ntpd: [60G[[0;32m OK [0;39m]
2008-03-10 21:17:49,891 INFO
2008-03-10 21:17:49,891 DEBUG done configuring ntpd.
2008-03-10 21:17:49,891 DEBUG Configuring directory server:
2008-03-10 21:17:49,892 DEBUG [1/16]: creating directory server user
2008-03-10 21:17:49,892 DEBUG ds user dirsrv exists
2008-03-10 21:17:49,892 DEBUG Loading StateFile from '/var/cache/ipa/sysrestore.state'
2008-03-10 21:17:49,893 DEBUG Saving StateFile to '/var/cache/ipa/sysrestore.state'
2008-03-10 21:17:49,893 DEBUG Loading StateFile from '/var/cache/ipa/sysrestore.state'
2008-03-10 21:17:49,895 DEBUG Saving StateFile to '/var/cache/ipa/sysrestore.state'
2008-03-10 21:17:49,896 DEBUG [2/16]: creating directory server instance
2008-03-10 21:17:49,963 INFO
2008-03-10 21:17:49,964 INFO
2008-03-10 21:17:49,964 DEBUG Loading StateFile from '/var/cache/ipa/sysrestore.state'
2008-03-10 21:17:49,964 DEBUG Saving StateFile to '/var/cache/ipa/sysrestore.state'
2008-03-10 21:17:49,965 DEBUG Loading StateFile from '/var/cache/ipa/sysrestore.state'
2008-03-10 21:17:49,966 DEBUG Saving StateFile to '/var/cache/ipa/sysrestore.state'
2008-03-10 21:17:49,966 DEBUG writing inf template
2008-03-10 21:17:49,968 DEBUG
[General]
FullMachineName= iota.meyering.net
SuiteSpotUserID= dirsrv
ServerRoot= /usr/lib/dirsrv
[slapd]
ServerPort= 389
ServerIdentifier= MEYERING-NET
Suffix= dc=meyering,dc=net
RootDN= cn=Directory Manager
2008-03-10 21:17:49,968 DEBUG calling setup-ds.pl
2008-03-10 21:17:53,753 INFO [08/03/10:21:17:53] - [Setup] Info Your new DS instance 'MEYERING-NET' was successfully created.
Your new DS instance 'MEYERING-NET' was successfully created.
[08/03/10:21:17:53] - [Setup] Success Exiting . . .
Log file is '-'
Exiting . . .
Log file is '-'
2008-03-10 21:17:53,754 INFO
2008-03-10 21:17:53,754 DEBUG completed creating ds instance
2008-03-10 21:17:53,755 DEBUG restarting ds instance
2008-03-10 21:17:56,624 INFO Shutting down dirsrv:
MEYERING-NET...[60G[[0;32m OK [0;39m]
Starting dirsrv:
MEYERING-NET...[60G[[0;32m OK [0;39m]
2008-03-10 21:17:56,626 INFO
2008-03-10 21:17:56,627 DEBUG done restarting ds instance
2008-03-10 21:17:56,628 DEBUG [3/16]: adding default schema
2008-03-10 21:17:56,637 DEBUG [4/16]: enabling memberof plugin
2008-03-10 21:17:56,664 INFO
2008-03-10 21:17:56,665 INFO ldap_initialize( ldap://127.0.0.1 )
ldap_bind: Invalid credentials (49)
2008-03-10 21:17:56,666 CRITICAL Failed to load memberof-conf.ldif:
Command '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w
xxx -f /usr/share/ipa/memberof-conf.ldif' returned non-zero exit status 49
2008-03-10 21:17:56,669 DEBUG [5/16]: enabling referential integrity plugin
2008-03-10 21:17:56,696 INFO
2008-03-10 21:17:56,698 INFO ldap_initialize( ldap://127.0.0.1 )
ldap_bind: Invalid credentials (49)
2008-03-10 21:17:56,698 CRITICAL Failed to load referint-conf.ldif: Command '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w xxx -f /usr/share/ipa/referint-conf.ldif' returned non-zero exit status 49
2008-03-10 21:17:56,700 DEBUG [6/16]: enabling distributed numeric assignment plugin
2008-03-10 21:17:56,728 INFO
2008-03-10 21:17:56,729 INFO ldap_initialize( ldap://127.0.0.1 )
ldap_bind: Invalid credentials (49)
2008-03-10 21:17:56,730 CRITICAL Failed to load dna-conf.ldif: Command '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w xxx -f /usr/share/ipa/dna-conf.ldif' returned non-zero exit status 49
2008-03-10 21:17:56,732 DEBUG [7/16]: configuring uniqueness plugin
2008-03-10 21:17:56,759 INFO
2008-03-10 21:17:56,760 INFO ldap_initialize( ldap://127.0.0.1 )
ldap_bind: Invalid credentials (49)
2008-03-10 21:17:56,761 CRITICAL Failed to load unique-attributes.ldif: Command '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w xxx -f /dev/shm/tmp4dWkvF' returned non-zero exit status 49
2008-03-10 21:17:56,763 DEBUG [8/16]: creating indices
2008-03-10 21:17:56,791 INFO
2008-03-10 21:17:56,792 INFO ldap_initialize( ldap://127.0.0.1 )
ldap_bind: Invalid credentials (49)
2008-03-10 21:17:56,793 CRITICAL Failed to load indices.ldif: Command '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w xxx -f /usr/share/ipa/indices.ldif' returned non-zero exit status 49
2008-03-10 21:17:56,796 DEBUG [9/16]: configuring ssl for ds instance
2008-03-10 21:17:56,854 INFO
2008-03-10 21:17:56,855 INFO
2008-03-10 21:17:57,414 INFO
2008-03-10 21:17:57,415 INFO
Generating key. This may take a few moments...
2008-03-10 21:17:57,916 INFO
2008-03-10 21:17:57,917 INFO
Generating key. This may take a few moments...
2008-03-10 21:17:57,933 INFO
2008-03-10 21:17:57,934 INFO
2008-03-10 21:17:57,955 INFO pk12util: PKCS12 EXPORT SUCCESSFUL
2008-03-10 21:17:57,955 INFO
2008-03-10 21:17:58,207 INFO
2008-03-10 21:17:58,208 INFO
Generating key. This may take a few moments...
2008-03-10 21:17:58,253 INFO
2008-03-10 21:17:58,254 INFO
2008-03-10 21:17:58,261 DEBUG {'desc': 'Invalid credentials'}
File "/usr/sbin/ipa-server-install", line 542, in <module>
main()
File "/usr/sbin/ipa-server-install", line 459, in main
ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password)
File "/usr/lib/python2.5/site-packages/ipaserver/dsinstance.py", line 146, in create_instance
self.start_creation("Configuring directory server:")
File "/usr/lib/python2.5/site-packages/ipaserver/service.py", line 134, in start_creation
method()
File "/usr/lib/python2.5/site-packages/ipaserver/dsinstance.py", line 272, in __enable_ssl
conn.simple_bind_s("cn=directory manager", self.dm_password)
File "/usr/lib/python2.5/site-packages/ipaserver/ipaldap.py", line 175, in inner
return f(*args, **kargs)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 199, in simple_bind_s
return self.result(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.5/site-packages/ipaserver/ipaldap.py", line 152, in inner
type, data = f(*args, **kargs)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 428, in result
res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
File "/usr/lib/python2.5/site-packages/ipaserver/ipaldap.py", line 175, in inner
return f(*args, **kargs)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 432, in result2
res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
File "/usr/lib/python2.5/site-packages/ipaserver/ipaldap.py", line 175, in inner
return f(*args, **kargs)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 438, in result3
rtype, rdata, rmsgid, serverctrls = self._ldap_call(self._l.result3,msgid,all,timeout)
File "/usr/lib/python2.5/site-packages/ipaserver/ipaldap.py", line 175, in inner
return f(*args, **kargs)
File "/usr/lib/python2.5/site-packages/ldap/ldapobject.py", line 97, in _ldap_call
result = func(*args,**kwargs)
More information about the Freeipa-devel
mailing list