[Freeipa-devel] ipa-server-install Unable to set admin password

Rob Crittenden rcritten at redhat.com
Thu Jan 7 15:10:09 UTC 2010 

tatiana philippova wrote:
> Hi , I have an issue with freeipa v 1.9.0.pre1 on Fedora12 (virtual)
> ..actually - not just one issue, a couple of them.
> 
> freeipa rpms were built from tarball (downloaded from official site)
> ipa-server-1.9.0.pre1-0.fc12.x86_64
> ipa-client-1.9.0.pre1-0.fc12.x86_64
> ipa-server-selinux-1.9.0.pre1-0.fc12.x86_64
> ipa-python-1.9.0.pre1-0.fc12.x86_64
> ipa-admintools-1.9.0.pre1-0.fc12.x86_64
> 
> 
> the first issue appears during server setup:
> #ipa-server-install -N
> ..
> Applying LDAP updates
> restarting the directory server
> restarting the KDC
> Sample zone file for bind has been created in /tmp/sample.zone.xe_hlt.db
> Unable to set admin password Command '/usr/lib64/mozldap/ldappasswd -D
> cn=Directory Manager -w pass1 -P
> /etc/dirsrv/slapd-INTERNAL-MYNET-COM//cert8.db -ZZZ -s pass2
> uid=admin,cn=users,cn=accounts,dc=internal,dc=mynet,dc=com' returned
> non-zero exit status 1
> ..
> 
> when I start ldappasswd manually with the same parametres  -
> ldap_simple_bind: No such object

Can you provide a log snippet from the 389ds access log 
(/var/log/slapd-INTERNAL-MYNET-COM/access) showing these?

> 
> output from ldapsearch:
> 
> ldapsearch -x -D "cn=Directory Manager" -w pass1 -b
> cn=users,cn=accounts,dc=internal,dc=mynet,dc=com
> krbprincipalname=admin krbPrincipalKey
> # extended LDIF
> #
> # LDAPv3
> # base <cn=users,cn=accounts,dc=internal,dc=mynet,dc=com> with scope subtree
> # filter: krbprincipalname=admin
> # requesting: krbPrincipalKey
> #
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 1

The krbprinicpalname would be admin at INTERNAL.MYNET.COM

> 
> the second issue:
> The password for this file is in
> /etc/dirsrv/slapd-INTERNAL-MYNET-COM/pwdfile.txt
> 
> but in log file
> 2010-01-07 21:36:44,054 INFO pk12util: PKCS12 EXPORT SUCCESSFUL
> 2010-01-07 21:36:44,103 INFO certutil: Could not find: CA certificate
> : security library: bad database.

Can you see what certificates exist in the database?

certutil -L -d /etc/dirsrv/slapd-INTERNAL-MYNET-COM/

> 
> and my password file pwdfile.txt is empty

We weren't setting a password on the 389-ds NSS database, this has been 
changed since the alpha release.

rob

> 
> 
> Could somebody kindly help my with these problems?
> 
> 
> 
> Many thanks in advance
> Tatiana
> 
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

More information about the Freeipa-devel mailing list