[Freeipa-devel] ipa-server-install Unable to set admin password
Rob Crittenden
rcritten at redhat.com
Thu Jan 7 15:10:09 UTC 2010
tatiana philippova wrote:
> Hi , I have an issue with freeipa v 1.9.0.pre1 on Fedora12 (virtual)
> ..actually - not just one issue, a couple of them.
>
> freeipa rpms were built from tarball (downloaded from official site)
> ipa-server-1.9.0.pre1-0.fc12.x86_64
> ipa-client-1.9.0.pre1-0.fc12.x86_64
> ipa-server-selinux-1.9.0.pre1-0.fc12.x86_64
> ipa-python-1.9.0.pre1-0.fc12.x86_64
> ipa-admintools-1.9.0.pre1-0.fc12.x86_64
>
>
> the first issue appears during server setup:
> #ipa-server-install -N
> ..
> Applying LDAP updates
> restarting the directory server
> restarting the KDC
> Sample zone file for bind has been created in /tmp/sample.zone.xe_hlt.db
> Unable to set admin password Command '/usr/lib64/mozldap/ldappasswd -D
> cn=Directory Manager -w pass1 -P
> /etc/dirsrv/slapd-INTERNAL-MYNET-COM//cert8.db -ZZZ -s pass2
> uid=admin,cn=users,cn=accounts,dc=internal,dc=mynet,dc=com' returned
> non-zero exit status 1
> ..
>
> when I start ldappasswd manually with the same parametres -
> ldap_simple_bind: No such object
Can you provide a log snippet from the 389ds access log
(/var/log/slapd-INTERNAL-MYNET-COM/access) showing these?
>
> output from ldapsearch:
>
> ldapsearch -x -D "cn=Directory Manager" -w pass1 -b
> cn=users,cn=accounts,dc=internal,dc=mynet,dc=com
> krbprincipalname=admin krbPrincipalKey
> # extended LDIF
> #
> # LDAPv3
> # base <cn=users,cn=accounts,dc=internal,dc=mynet,dc=com> with scope subtree
> # filter: krbprincipalname=admin
> # requesting: krbPrincipalKey
> #
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 1
The krbprinicpalname would be admin at INTERNAL.MYNET.COM
>
> the second issue:
> The password for this file is in
> /etc/dirsrv/slapd-INTERNAL-MYNET-COM/pwdfile.txt
>
> but in log file
> 2010-01-07 21:36:44,054 INFO pk12util: PKCS12 EXPORT SUCCESSFUL
> 2010-01-07 21:36:44,103 INFO certutil: Could not find: CA certificate
> : security library: bad database.
Can you see what certificates exist in the database?
certutil -L -d /etc/dirsrv/slapd-INTERNAL-MYNET-COM/
>
> and my password file pwdfile.txt is empty
We weren't setting a password on the 389-ds NSS database, this has been
changed since the alpha release.
rob
>
>
> Could somebody kindly help my with these problems?
>
>
>
> Many thanks in advance
> Tatiana
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
More information about the Freeipa-devel
mailing list