<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 06/03/2011 05:09 PM, Stamper, Brian P. (ARC-D)[Logyx LLC] wrote:
<blockquote cite="mid:CA0E9BA2.109F7%25brian.p.stamper@nasa.gov"
type="cite">
<title>Difficulty installing freeipa</title>
<font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size: 11pt;">I initially started testing with
FreeIPA on Fedora 15, using ipa 2.x. The server install went
smoothly, however I was unable to add clients due to lack of
backward compatibility, since ipa 2.x isn’t available for most
of the systems I manage.<br>
<br>
I decided to rebuild the test ipa server. I build a fresh
Fedora 13 system and installed the yum packages. Initially
the ipa server installed without errors. However they were
some issues. It hadn’t configured httpd to autostart, and
when I did start httpd, I was unable to get to the management
UI. Attempting to kinit would pause for ~10-15 seconds before
requesting a password. I was able to get the ticket.
Attempting to then reach the website, after configuring
firefox and importing the certs, resulted in the “Service
temporarily unavailable” error. All of this seemed to
indicate a problem with the hosts file, but checking it
multiple times, as well as checking all variations of name
resolution indicated nothing.<br>
<br>
I decided to reinstall to try to fix the kerb oddness and
hopefully get to the website gui. I ran ipa-server-install
—uninstall and attempted to reinstall, and got the following
error:<br>
<br>
CRITICAL Failed to load bootstrap-template.ldif: Command<br>
'/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager
-w password –f /tmp/tmpe1aE3t' returned non-zero exit status
32<br>
<br>
Which led me to this bug, which was reported fixed in 2008:<br>
<a moz-do-not-send="true"
href="https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=448287">https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=448287</a><br>
<br>
Here is an excerpt from the install log:<br>
<br>
2011-06-02 12:40:02,619 DEBUG calling setup-ds.pl<br>
2011-06-02 12:40:09,869 INFO [11/06/02:12:40:09] - [Setup]
Info Could not import LDIF file '/var/lib/dirsrv/boot.ldif'.
Error: 59648. Output: importing data ...<br>
[02/Jun/2011:12:40:03 -0700] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed
to access the database<br>
[02/Jun/2011:12:40:03 -0700] - check_and_set_import_cache:
pagesize: 4096, pages: 997331, procpages: 49464<br>
[02/Jun/2011:12:40:03 -0700] - Import allocates 1595728KB
import cache.<br>
[02/Jun/2011:12:40:03 -0700] - import userRoot: Beginning
import job...<br>
[02/Jun/2011:12:40:03 -0700] - import userRoot: Index
buffering enabled with bucket size 100<br>
[02/Jun/2011:12:40:04 -0700] - import userRoot: Could not open
LDIF file "/var/lib/dirsrv/boot.ldif", errno 13 (Permission
denied)<br>
[02/Jun/2011:12:40:04 -0700] - import userRoot: Aborting all
Import threads...<br>
[02/Jun/2011:12:40:09 -0700] - import userRoot: Import threads
aborted.<br>
[02/Jun/2011:12:40:09 -0700] - import userRoot: Closing
files...<br>
/var/lib/dirsrv/slapd-ARC-NASA-GOV/db/userRoot: No such file
or directory<br>
[02/Jun/2011:12:40:09 -0700] - All database threads now
stopped<br>
[02/Jun/2011:12:40:09 -0700] - import userRoot: Import failed.<br>
<br>
Could not import LDIF file '/var/lib/dirsrv/boot.ldif'.
Error: 59648. Output: importing data ...<br>
[02/Jun/2011:12:40:03 -0700] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed
to access the database<br>
[02/Jun/2011:12:40:03 -0700] - check_and_set_import_cache:
pagesize: 4096, pages: 997331, procpages: 49464<br>
[02/Jun/2011:12:40:03 -0700] - Import allocates 1595728KB
import cache.<br>
[02/Jun/2011:12:40:03 -0700] - import userRoot: Beginning
import job...<br>
[02/Jun/2011:12:40:03 -0700] - import userRoot: Index
buffering enabled with bucket size 100<br>
[02/Jun/2011:12:40:04 -0700] - import userRoot: Could not open
LDIF file "/var/lib/dirsrv/boot.ldif", errno 13 (Permission
denied)<br>
[02/Jun/2011:12:40:04 -0700] - import userRoot: Aborting all
Import threads...<br>
[02/Jun/2011:12:40:09 -0700] - import userRoot: Import threads
aborted.<br>
[02/Jun/2011:12:40:09 -0700] - import userRoot: Closing
files...<br>
/var/lib/dirsrv/slapd-ARC-NASA-GOV/db/userRoot: No such file
or directory<br>
[02/Jun/2011:12:40:09 -0700] - All database threads now
stopped<br>
[02/Jun/2011:12:40:09 -0700] - import userRoot: Import failed.<br>
<br>
[11/06/02:12:40:09] - [Setup] Fatal Error: Could not create
directory server instance 'ARC-NASA-GOV'.<br>
Error: Could not create directory server instance
'ARC-NASA-GOV'.<br>
[11/06/02:12:40:09] - [Setup] Fatal Exiting . . .<br>
Log file is '-'<br>
<br>
Exiting . . .<br>
Log file is '-'<br>
<br>
2011-06-02 12:40:09,870 INFO<br>
2011-06-02 12:40:09,870 CRITICAL failed to restart ds instance
Command '/usr/sbin/setup-ds.pl --silent --logfile - -f
/tmp/tmpLtRn9j' returned non-zero exit status 1<br>
2011-06-02 12:40:09,870 DEBUG restarting ds instance<br>
2011-06-02 12:40:12,030 INFO Shutting down dirsrv:<br>
ARC-NASA-GOV... server already stopped[FAILED]<br>
*** Error: 1 instance(s) unsuccessfully stopped[FAILED]<br>
Starting dirsrv:<br>
ARC-NASA-GOV...[ OK ]<br>
<br>
All my attempts to re-install ipa-server now fail. I’ve tried
removing all 51 packages associated with ipa-server and
re-installing them. I’ve removed all 51 packages and deleted
every file I could find associated with nscd, 389, ipa, sssd,
etc. I have been unable to return the system to a state that
will allow a reinstall of ipa-server. I upgraded the OS on
the test system to Fedora 14 and reinstalled the packages, no
change. <br>
<br>
Any advice would be appreciated.<br>
</span></font></blockquote>
Is it all on F13?<br>
The IPA v2 can't be built on F13 as there are many dependencies
missing that we rely on. There are two many parts this is why we had
to move to the later versions of F15. We just did not have any
options. So the server you built might in fact be completely broken.
I do not know how to fix it. It looks like you have some instances
of the DS left over in a misconfigured state.<br>
<br>
You can try running ipa-server-install --uninstall 4-5 times. That
might clear things a bit.<br>
<br>
But let us get back to the original problem.<br>
Freeipa can be used with the LDAP+Kerberos configuration on the
clients. You do not need to have latest and greatest.<br>
There was a nice article referenced in some of the earlier threads
on the list: <br>
<pre wrap=""><a class="moz-txt-link-freetext" href="http://www.aput.net/%7Ejheiss/krbldap/howto.html">http://www.aput.net/~jheiss/krbldap/howto.html</a>
You can configure very old clients to use IPA as NIS server.
Let us know how else we can help.
</pre>
Thanks<br>
Dmitri<br>
<br>
<blockquote cite="mid:CA0E9BA2.109F7%25brian.p.stamper@nasa.gov"
type="cite"><font face="Calibri, Verdana, Helvetica, Arial"><span
style="font-size: 11pt;">
<br>
-Brian</span></font>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>