<HTML> <HEAD> <TITLE>Re: [Freeipa-users] Difficulty installing freeipa</TITLE> </HEAD> <BODY> I continue to work with performance issues. I went into the krb5.conf and changed dns_lookup_kdc from true to false. Kinit now responds immediately. It’s cut the time on “ipa-finduser admin” from 2m30s down to 18-20s. How fast “should” this respond? -Brian On 6/6/11 12:31 PM, "Brian Stamper" <<a href="brian.p.stamper@nasa.gov">brian.p.stamper@nasa.gov</a>> wrote: <BLOCKQUOTE>This is what I get. I’m not sure which logfiles would be useful at this point. -brian time ipa-finduser -v admin Connecting to IPA server: <a href="https://freeipa.arc.nasa.gov/ipa/xml">https://freeipa.arc.nasa.gov/ipa/xml</a> Connecting to IPA server: <a href="https://freeipa.arc.nasa.gov/ipa/xml">https://freeipa.arc.nasa.gov/ipa/xml</a> send: "POST /ipa/xml HTTP/1.1\r\nHost: freeipa.arc.nasa.gov\r\nAccept-Encoding: gzip\r\nAuthorization: negotiate YIIFCAYJKoZIhvcSAQICAQBuggT3MIIE86ADAgEFoQMCAQ6iBwMFACAAAACjggFeYYIBWjCCAVagAwIBBaEOGwxBUkMuTkFTQS5HT1aiJzAloAMCAQOhHjAcGwRIVFRQGxRmcmVlaXBhLmFyYy5uYXNhLmdvdqOCARQwggEQoAMCARKhAwIBAqKCAQIEgf9q+QJ59aomNKqyY70zeReIT3azmhvBUenVUlqCtdUChD1EKroAUMynyQTHH7c4WQHoY3GqUDtQOUutqaZiOIpO/j2Hirn+c6v3sXg7214KUNfZ2MIZ2vpNwwNtpOGqnmQ5rwGKnyVA8aB4cK/TOqdu7r0nPmADviKplvdFst68lqzSunZ7OwrUxOa0rGVdbJS5fmCVwOPDHtDJy3j3kARCZUa+jJA4ZmAb4Wn4lvYckoHDxhc/R1mXTSr4NXjqnphoKCR1XcU9b4ng0h336yzlq4d9YwRSR/oBL6ZB1LAgZJrXpWSXAxnCXljOWx4mbnpcD9EFblyH2Mzx7jR56nykggN6MIIDdqADAgESooIDbQSCA2mDC1egtsyNS30+guxSWB4HfXVr5RneyGkI+fb6WttuAaPA2XQwZSY8M52SCH8eEfmtycHwZdcfurVpfYGpLTZuJQ/yRlw2meGOtf2NggwqyPyUiYhZ7s+6gg3rvvDSDsg/Mr4txHZ/V30Zk4cjTrQRmUqzWfMf+0ZtmzGo19oRn1vijXbs3CIsiwER3Zi28qYZYgViqFQghIHm5DKoyIQglR0rjt7iEDJtBF8nxVm7lzXuz7lqKIl/QXAbTVzm6gqwtzjPIb2hLtKdF3QY2q7Kba8LbqV2AOrPPPjh/QsU2cGdxZBTiGR05ggSr3D8PPBqlfQxwvnu2b0QgiWWFEgavawTIE7DDkMZDD8C7I/gmQUHV/0kAHizivGNbuHmklXg/KRUkVS5p7AlnJSv5kYtIjMLbXxX7tKxIy9zzPPrliJDp2fr3ER7iKDVALdLPZ5Htlin0ZnD5H6g6qx3kDPV4PeVAx30qqv0UG/45x/uJEC9/3H3Alt7pF/d0xPOWTXho+tGwRcO1gkb0ygIndDIleDEo9CQh+aNsvUxa4UhgzftpACPIwp39nGk+V+7ajY2Tzb2qaKrt6L2q8lqeFxYZ8bcSxDvNgem3ENpL/6FWb+oi86w5JV5OQm7ECJ7js0PJ4DDqgTsyOcDrKhW1l8xHiJkOgxjg0F3+JwCXY0AWIYPNTNdEoXS5T1yGbCLqSL8PevL/obMUHWZiQxzCiN0oA5NQHWoPZ9l7ScHHpxwds5S6Ze1OLV+JRk0aU7Hj7VSJx9irDaAHkXB4PPwyUCOmLl/cF3hxvsYXoEe8j3yQlEE0GV7a3LIhH1mH66byATeSkDv8Ji6LATdtmVUZYI0KLb6oaZKAjn6Pg19mn1hW7GC6WZSzJvSt01uO7XFjsgDz45hKGMevls3GKEM8wAkiiuVaZ/Oq8zkRaf84DmzyYtOHnoyYUzZ9t4FyG4PcU+DVotcBiFLFk5Q9+BxGRVHZGV2K0tz2UyaI8PtIb2AyMdhyj9dCQrFPbZ5d5iOVeMGhutwGQjC8goPP2Bcz2o28hLv+d7qH5PXlcUeeeRTTk1hvkzAv7dtXIoTxWqaot5qNclXsFf7kiYy6I2dWjMKbjL3Nwyyuf3LO+AVRfB3+qhqKAAquQ0IkRL1lblKVEXvufqKF5Z3YPA=\r\nUser-Agent: xmlrpclib.py/1.0.1 (by www.pythonware.com)\r\nContent-Type: text/xml\r\nContent-Length: 515\r\n\r\n<?xml version='1.0'?>\n<methodCall>\n<methodName>find_users</methodName>\n<params>\n<param>\n<value><string>admin</string></value>\n</param>\n<param>\n<value><array><data>\n<value><string>uid</string></value>\n<value><string>givenname</string></value>\n<value><string>sn</string></value>\n<value><string>homeDirectory</string></value>\n<value><string>loginshell</string></value>\n</data></array></value>\n</param>\n<param>\n<value><int>-1</int></value>\n</param>\n<param>\n<value><int>-1</int></value>\n</param>\n</params>\n</methodCall>\n" reply: 'HTTP/1.1 200 OK\r\n' header: Date: Mon, 06 Jun 2011 19:25:47 GMT header: Server: Apache/2.2.17 (Fedora) header: WWW-Authenticate: Negotiate YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvgT/A5n14nLzBVzpFQFm8lIUc1dZmoma0UuzN9dxD7ykRe/S6rTZJnlroYZG9cmHK9WmIZX5eg/zThvgz/QVvVufnzTbihT3lUDFa4ING9mtCpigZoTnLWGcIRLKddjFHammKG6SjMU29YgwHIZ2D header: Content-Length: 650 header: Connection: close header: Content-Type: text/xml body: "<?xml version='1.0'?>\n<methodResponse>\n<params>\n<param>\n<value><array><data>\n<value><int>1</int></value>\n<value><struct>\n<member>\n<name>dn</name>\n<value><string>uid=admin,cn=users,cn=accounts,dc=arc,dc=nasa,dc=gov</string></value>\n</member>\n<member>\n<name>loginshell</name>\n<value><string>/bin/bash</string></value>\n</member>\n<member>\n<name>uid</name>\n<value><string>admin</string></value>\n</member>\n<member>\n<name>sn</name>\n<value><string>Administrator</string></value>\n</member>\n<member>\n<name>homedirectory</name>\n<value><string>/home/admin</string></value>\n</member>\n</struct></value>\n</data></array></value>\n</param>\n</params>\n</methodResponse>\n" Connecting to IPA server: <a href="https://freeipa.arc.nasa.gov/ipa/xml">https://freeipa.arc.nasa.gov/ipa/xml</a> send: "POST /ipa/xml HTTP/1.1\r\nHost: freeipa.arc.nasa.gov\r\nAccept-Encoding: gzip\r\nAuthorization: negotiate YIIFCAYJKoZIhvcSAQICAQBuggT3MIIE86ADAgEFoQMCAQ6iBwMFACAAAACjggFeYYIBWjCCAVagAwIBBaEOGwxBUkMuTkFTQS5HT1aiJzAloAMCAQOhHjAcGwRIVFRQGxRmcmVlaXBhLmFyYy5uYXNhLmdvdqOCARQwggEQoAMCARKhAwIBAqKCAQIEgf9q+QJ59aomNKqyY70zeReIT3azmhvBUenVUlqCtdUChD1EKroAUMynyQTHH7c4WQHoY3GqUDtQOUutqaZiOIpO/j2Hirn+c6v3sXg7214KUNfZ2MIZ2vpNwwNtpOGqnmQ5rwGKnyVA8aB4cK/TOqdu7r0nPmADviKplvdFst68lqzSunZ7OwrUxOa0rGVdbJS5fmCVwOPDHtDJy3j3kARCZUa+jJA4ZmAb4Wn4lvYckoHDxhc/R1mXTSr4NXjqnphoKCR1XcU9b4ng0h336yzlq4d9YwRSR/oBL6ZB1LAgZJrXpWSXAxnCXljOWx4mbnpcD9EFblyH2Mzx7jR56nykggN6MIIDdqADAgESooIDbQSCA2k1cPNHqqzr20sQC7iXZ6xc2wfb2DYmkqQBNTrXT33fcXYjo1Bw/Z/jc3pj4ohHrLbnkBe9fYNzaKRy7UXjnydOjKeZv3/7FgxJabRb907+4JojogcUxHR+14wQSW0TBPRvaqBrgkYfbfLXsfJm+yTUIH+GlI2VCkerZM2mbpTD3OU2traM2P8NDYfuJ6Bj23rgMg5Bo8+419npiUtFzOL/6bUeY9WmqDYwHsP4YT47vetLraoLeQckNqZ2D5eZwoUV9dNL485v40OZNInte4UwZoQ3xEygxvAM4Wf26CBzTToo+4hAbd7AhJXGTGguEdi7fx7lQqBSYWjkykFNwGndHWTpxm0Y2k3hU+GDoUzMIgFzMmZjALe1oJQFt0Hpv5Qx1NINDAevbYbdSYtajPQnF4//zwOdC5DGkCDqRyztpU0/4esushEXQkTgGVKZTigcahXtYBRX7qZGkveFhq2nBxIZwlqsv+uu5+GwrLNmm/tiH9ahW+9eyCu6uzQzXp4RqmnFGbjrCdVzDsH8nb2d/ul+l/vVUXguglfkEaRCDYhqusFIAvEVHiVeSD0Lmgoew87XvJ/kKNH3zen0tCofGrNtZ6tc62HOi2pod+TGezOp/f6HBeDKG4csuj3OM+/Li2LvwwfurogJW+N/CU0ilrLt5UaKiaeN+Pw81GQCrZ4575SzN8Y3RUFWPLxvVH/vGiaEHG9Nv3KdnpDREAJDAGSEwLSJYtAFcwMnqsezkrYtFd7DmNvb1DyjAXpOfe6SjYLa0DBHLM2RJ/Ico8HJ1LyXUSex3v4hp8ap0JMdc4nUKzsSFrG0TsPKu/+89tphlQkCN91THQ+QNr03kbGUfsf1LpeeYgf+7lFKU5hrsuUJZgBtAVT6l3KQEco0xe9IDNlJLogeKL9X9cPCa3e4XAUVCJdg8pNVScubTXo41EK6zzPAnvPxxgNprZzrhQtkBEedLYNHNICBsutH9ELtZcSDDYxwFyLFKrOb0p9maZL0Z9VmaqBl43h4QcqLXOJcOmjk0jkXufM5VMJdvjHlkXBS9bkAjRKpdq8jXu4gVdh7nxCAxdw9mLww1VvFLbGB6DxQNNP9ZmSgjbJ1LxvxEqguZh9fAhzY3kEQrjPHa7mT6Vc0xosMAux31K07E7uUcylW38V3+Og=\r\nUser-Agent: xmlrpclib.py/1.0.1 (by www.pythonware.com)\r\nContent-Type: text/xml\r\nContent-Length: 331\r\n\r\n<?xml version='1.0'?>\n<methodCall>\n<methodName>attrs_to_labels</methodName>\n<params>\n<param>\n<value><array><data>\n<value><string>homedirectory</string></value>\n<value><string>loginshell</string></value>\n<value><string>sn</string></value>\n<value><string>uid</string></value>\n</data></array></value>\n</param>\n</params>\n</methodCall>\n" reply: 'HTTP/1.1 200 OK\r\n' header: Date: Mon, 06 Jun 2011 19:26:18 GMT header: Server: Apache/2.2.17 (Fedora) header: WWW-Authenticate: Negotiate YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv14HufxqWTyNzhsD9xAxrBN5L7jejiqPqHum3FjYTKc2xIrC1ONAloxDyxcOV0isynFIw6/NwpXJKHfzfDbiFPiYjF3xrOakeGDiiVSCL7G12ZNdqErNfP1GVBU5yVg+vIDI+HxfzRa29Gl9eIu1J header: Content-Length: 458 header: Connection: close header: Content-Type: text/xml body: "<?xml version='1.0'?>\n<methodResponse>\n<params>\n<param>\n<value><struct>\n<member>\n<name>loginshell</name>\n<value><string>Login Shell</string></value>\n</member>\n<member>\n<name>homedirectory</name>\n<value><string>Home Directory</string></value>\n</member>\n<member>\n<name>uid</name>\n<value><string>Login</string></value>\n</member>\n<member>\n<name>sn</name>\n<value><string>Last Name</string></value>\n</member>\n</struct></value>\n</param>\n</params>\n</methodResponse>\n" Home Directory: /home/admin Login Shell: /bin/bash Last Name: Administrator Login: admin real 1m50.460s user 0m0.083s sys 0m0.017s [root@freeipa ~]# time wget <a href="https://freeipa.arc.nasa.gov/ipa/xml">https://freeipa.arc.nasa.gov/ipa/xml</a> --2011-06-06 12:29:40-- <a href="https://freeipa.arc.nasa.gov/ipa/xml">https://freeipa.arc.nasa.gov/ipa/xml</a> Resolving freeipa.arc.nasa.gov... 143.232.152.197 Connecting to freeipa.arc.nasa.gov|143.232.152.197|:443... connected. ERROR: cannot verify freeipa.arc.nasa.gov’s certificate, issued by “/CN=IPA Test Certificate Authority”: Self-signed certificate encountered. To connect to freeipa.arc.nasa.gov insecurely, use ‘--no-check-certificate’. real 0m0.015s user 0m0.011s sys 0m0.002s [root@freeipa ~]# On 6/6/11 7:56 AM, "Rob Crittenden" <<a href="rcritten@redhat.com">rcritten@redhat.com</a>> wrote: <BLOCKQUOTE>Stamper, Brian P. (ARC-D)[Logyx LLC] wrote: > > I’m closer. I was able to get logged into the UI. It wasn’t that I was > running firefox from root, but that I had inited as root. Same problem > really. Dropping back to my own shell and initing I was able to reach > the GUI. The next problem I need to tackle is the slowness. Ipa-finduser > admin does return results, but it takes 2m43s. Definitely getting hung up somewhere. I'd try the -v option to ipa-finduser to get a bit more detail on the request. The client will attempt to find the right IPA Apache server to connect to, make a kerberos connection. Apache will then handle the request and collect any data needed from 389-ds and return it. There are a lot of places things can break down. By examining the server logs you may be able to discern where the logjam is. rob > > [root@freeipa ~]# egrep "freeipa|local" /etc/hosts > 127.0.0.1 localhost.localdomain localhost > ::1 localhost6.localdomain6 localhost6 > 1.2.3.4 freeipa.arc.nasa.gov freeipa > > [root@freeipa ~]# grep host /etc/nsswitch.conf > #hosts: db files nisplus nis dns > hosts: files dns > > [root@freeipa ~]# ifconfig eth0 > eth0 Link encap:Ethernet HWaddr 00:10:18:2D:E6:93 > inet addr:1.2.3.4 > > I don’t see any issues with the configuration there. There are no > conflicting “freeipa” hosts in dns. Looks pretty much in compliance with > the guide: > > */Configuring /etc/hosts > /*/You need to ensure that your ///etc/hosts file is configured > correctly, or the *ipa-** commands may not work correctly. > > The /etc/hosts file should list the FQDN for your IPA server before any > aliases. You should also ensure that the hostname is not part of the > localhost entry. The following is an example of a valid hosts file: > 127.0.0.1 localhost.localdomain localhost > ::1 localhost6.localdomain6 localhost6 > 192.168.1.1 ipaserver.example.com ipaserver > / > > -Brian > > > > On 6/3/11 3:58 PM, "Dmitri Pal" <<a href="dpal@redhat.com">dpal@redhat.com</a>> wrote: > > On 06/03/2011 06:44 PM, Stamper, Brian P. (ARC-D)[Logyx LLC] wrote: > > Re: [Freeipa-users] Difficulty installing freeipa > I have resolved the install issue. > > > Great! > > > > The installer is a bit sloppy and makes some bad assumptions. > The problem turns out to be that the directory server setup > seems to be running as dirsrv, not root. Ipa-server-install > (more specifically dsinstance.py) writes out the file > /var/lib/dirsrv/boot.ldif. But it does so as root, using root’s > umask. It doesn’t do a check to make sure dirsrv can read this > file before spawning an external process to create the directory > server. Part of security best practices recommended by the CIS > group as well as others is to set root’s umask to 0077. With > this setting in place, dirsrv is unable to read > /var/lib/dirsrv/boot.ldif, which causes setup-ds.pl to fail when > executed from ipa-server-install. I modified dsinstance.py to > not remove the file and checked it after a failed install. It > was written properly, so I changed the permission on it to 666 > and re-ran the install. It succeeded. > > > Opened <a href="https://fedorahosted.org/freeipa/ticket/1282">https://fedorahosted.org/freeipa/ticket/1282</a> > > > > I’m now back to where I started, which is a partly working ipa > install. Kinit takes 75 seconds to complete. > > > Seems like a DNS timeout or something related to the name resolution. > > > I still can’t get to the UI. I’m now going to uninstall again, > change root’s umask to 022, and see if that fixes any more of > the problems. > > > The UI does not start for me if you try to run FF from the root > shell. I forget about this frequently and just upgraded to F15 and > hit it again. > > If you have a normal user shell, kinit from that shell as admin and > start browser from it you should have all the right context to > access UI. > > > > > -Brian > > > > On 6/3/11 3:14 PM, "Brian Stamper" <<a href="brian.p.stamper@nasa.gov">brian.p.stamper@nasa.gov</a>> wrote: > > > > Yes, I mentioned in the first email I had attempted that. I > just ran the uninstall 10 times in a row. Same errors: > > Configuring directory server: > [1/17]: creating directory server user > [2/17]: creating directory server instance > root : CRITICAL failed to restart ds instance Command > '/usr/sbin/setup-ds.pl --silent --logfile - -f > /tmp/tmpYwtW2p' returned non-zero exit status 1 > [3/17]: adding default schema > [4/17]: enabling memberof plugin > [5/17]: enabling referential integrity plugin > [6/17]: enabling distributed numeric assignment plugin > [7/17]: enabling winsync plugin > [8/17]: configuring uniqueness plugin > [9/17]: creating indices > [10/17]: configuring ssl for ds instance > [11/17]: configuring certmap.conf > [12/17]: restarting directory server > [13/17]: adding default layout > root : CRITICAL Failed to load bootstrap-template.ldif: > Command '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D > cn=Directory Manager -y /tmp/tmp0AROuy -f /tmp/tmpPC4048' > returned non-zero exit status 32 > [14/17]: configuring Posix uid/gid generation as first master > [15/17]: adding master entry as first master > root : CRITICAL Failed to load master-entry.ldif: Command > '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory > Manager -y /tmp/tmpwyqeVF -f /tmp/tmp1dDTjN' returned > non-zero exit status 32 > [16/17]: initializing group membership > [17/17]: configuring directory to start on boot > done configuring dirsrv. > > As a test I’ve manually run setup-ds.pl accepting all of the > defaults. It works fine and installs successfully, creating > the slapd-freeipa (which is the hostname) instance. I then > ran remove-ds.pl on the slapd-freeipa instance and re-ran > the ipa uninstall. When I attempted to reinstall ipa, it > detected an existing ds. I did a locate for dirsrv and found > logfiles from an instance called slapd-ARC-NASA-GOV, which > should be my default freeipa dirsrv instance. To try to > clean this up, I ran setup-ds.pl and chose custom and > created a slapd-ARC-NASA-GOV instance, and then immediately > removed it with remove-ds.pl. I then re-ran > ipa-server-install, which this time did not detect an > existing directory server. However, the ipa-server-install > again failed in the same location. > > [2/17]: creating directory server instance > root : CRITICAL failed to restart ds instance Command > '/usr/sbin/setup-ds.pl --silent --logfile - -f > /tmp/tmp77JJv1' returned non-zero exit status 1 > > > And from the log: > > 2011-06-03 15:12:41,540 DEBUG Configuring directory server: > 2011-06-03 15:12:41,541 DEBUG [1/17]: creating directory > server user > 2011-06-03 15:12:41,541 DEBUG ds user dirsrv exists > 2011-06-03 15:12:41,541 DEBUG Saving StateFile to > '/var/lib/ipa/sysrestore/sysrestore.state' > 2011-06-03 15:12:41,541 DEBUG Saving StateFile to > '/var/lib/ipa/sysrestore/sysrestore.state' > 2011-06-03 15:12:41,542 DEBUG [2/17]: creating directory > server instance > 2011-06-03 15:12:41,567 INFO *** Error: no dirsrv instances > configured > > 2011-06-03 15:12:41,567 INFO > 2011-06-03 15:12:41,567 DEBUG Saving StateFile to > '/var/lib/ipa/sysrestore/sysrestore.state' > 2011-06-03 15:12:41,568 DEBUG Saving StateFile to > '/var/lib/ipa/sysrestore/sysrestore.state' > 2011-06-03 15:12:41,568 DEBUG > dn: dc=arc,dc=nasa,dc=gov > objectClass: top > objectClass: domain > objectClass: pilotObject > dc: arc > info: IPA V1.0 > > 2011-06-03 15:12:41,569 DEBUG writing inf template > 2011-06-03 15:12:41,570 DEBUG > [General] > FullMachineName= freeipa.arc.nasa.gov > SuiteSpotUserID= dirsrv > ServerRoot= /usr/lib64/dirsrv > [slapd] > ServerPort= 389 > ServerIdentifier= ARC-NASA-GOV > Suffix= dc=arc,dc=nasa,dc=gov > RootDN= cn=Directory Manager > InstallLdifFile= /var/lib/dirsrv/boot.ldif > > 2011-06-03 15:12:41,570 DEBUG calling setup-ds.pl > 2011-06-03 15:12:48,633 INFO [11/06/03:15:12:48] - [Setup] > Info Could not import LDIF file '/var/lib/dirsrv/boot.ldif'. > Error: 59648. Output: importing data ... > [03/Jun/2011:15:12:41 -0700] - WARNING: Import is running > with nsslapd-db-private-import-mem on; No other process is > allowed to access the database > [03/Jun/2011:15:12:42 -0700] - check_and_set_import_cache: > pagesize: 4096, pages: 997331, procpages: 48998 > [03/Jun/2011:15:12:42 -0700] - Import allocates 1595728KB > import cache. > [03/Jun/2011:15:12:42 -0700] - import userRoot: Beginning > import job... > [03/Jun/2011:15:12:42 -0700] - import userRoot: Index > buffering enabled with bucket size 100 > [03/Jun/2011:15:12:42 -0700] - import userRoot: Could not > open LDIF file "/var/lib/dirsrv/boot.ldif", errno 13 > (Permission denied) > [03/Jun/2011:15:12:42 -0700] - import userRoot: Aborting all > Import threads.. > [03/Jun/2011:15:12:48 -0700] - import userRoot: Import > threads aborted. > [03/Jun/2011:15:12:48 -0700] - import userRoot: Closing files... > /var/lib/dirsrv/slapd-ARC-NASA-GOV/db/userRoot: No such file > or directory > [03/Jun/2011:15:12:48 -0700] - All database threads now stopped > [03/Jun/2011:15:12:48 -0700] - import userRoot: Import failed. > > Could not import LDIF file '/var/lib/dirsrv/boot.ldif'. > Error: 59648. Output: importing data ... > [03/Jun/2011:15:12:41 -0700] - WARNING: Import is running > with nsslapd-db-private-import-mem on; No other process is > allowed to access the database > [03/Jun/2011:15:12:42 -0700] - check_and_set_import_cache: > pagesize: 4096, pages: 997331, procpages: 48998 > [03/Jun/2011:15:12:42 -0700] - Import allocates 1595728KB > import cache. > [03/Jun/2011:15:12:42 -0700] - import userRoot: Beginning > import job... > [03/Jun/2011:15:12:42 -0700] - import userRoot: Index > buffering enabled with bucket size 100 > [03/Jun/2011:15:12:42 -0700] - import userRoot: Could not > open LDIF file "/var/lib/dirsrv/boot.ldif", errno 13 > (Permission denied) > [03/Jun/2011:15:12:42 -0700] - import userRoot: Aborting all > Import threads.. > [03/Jun/2011:15:12:48 -0700] - import userRoot: Import > threads aborted. > [03/Jun/2011:15:12:48 -0700] - import userRoot: Closing files... > /var/lib/dirsrv/slapd-ARC-NASA-GOV/db/userRoot: No such file > or directory > [03/Jun/2011:15:12:48 -0700] - All database threads now stopped > [03/Jun/2011:15:12:48 -0700] - import userRoot: Import failed. > > [11/06/03:15:12:48] - [Setup] Fatal Error: Could not create > directory server instance 'ARC-NASA-GOV'. > Error: Could not create directory server instance > 'ARC-NASA-GOV'. > [11/06/03:15:12:48] - [Setup] Fatal Exiting . . . > > > -Brian > > On 6/3/11 2:53 PM, "Dmitri Pal" <<a href="dpal@redhat.com">dpal@redhat.com</a>> wrote: > > > On 06/03/2011 05:38 PM, Stamper, Brian P. (ARC-D)[Logyx > LLC] wrote: > > Re: [Freeipa-users] Difficulty installing freeipa > I’ve given up on freeipa v2 due to lack of > compatibility with hosts I manage. This is all on > freeipa v1. The server started as Fedora 13, and I > upgraded to Fedora 14 in an attempt to fix the problems. > > [root@freeipa ~]# uname -r > 2.6.35.13-91.fc14.x86_64 > [root@freeipa ~]# rpm -qa 'ipa*' > ipa-client-1.2.2-6.fc14.x86_64 > ipa-server-selinux-1.2.2-6.fc14.x86_64 > ipa-python-1.2.2-6.fc14.x86_64 > ipa-admintools-1.2.2-6.fc14.x86_64 > ipa-server-1.2.2-6.fc14.x86_64 > [root@freeipa ~]# > > I’m not doing anything special at this point. I’m > not even trying to get clients added. I’m trying to > do a basic install of ipa-server, with no extra > arguments. That claimed to succeed but wouldn’t > work, I tried to fix it, uninstalled, any attempts > to reinstall failed. So right now I’m simply trying > to get the ipa service back to any kind of > functioning status without re-installing the OS. > > > > > Ah this is all old 1.2 IPA. > Have you tried > ipa-server-install --uninstall > > Might require several attempts until all the errors are > cleared. > > > > -Brian > > On 6/3/11 2:30 PM, "Dmitri Pal" <<a href="dpal@redhat.com">dpal@redhat.com</a>> wrote: > > > > > > > > Is it all on F13? > The IPA v2 can't be built on F13 as there are > many dependencies missing that we rely on. There > are two many parts this is why we had to move to > the later versions of F15. We just did not have > any options. So the server you built might in > fact be completely broken. I do not know how to > fix it. It looks like you have some instances of > the DS left over in a misconfigured state. > > You can try running ipa-server-install > --uninstall 4-5 times. That might clear things a > bit. > > But let us get back to the original problem. > Freeipa can be used with the LDAP+Kerberos > configuration on the clients. You do not need to > have latest and greatest. > There was a nice article referenced in some of > the earlier threads on the list: > > <a href="http://www.aput.net/~jheiss/krbldap/howto.html">http://www.aput.net/~jheiss/krbldap/howto.html</a> > <<a href="http://www.aput.net/%7Ejheiss/krbldap/howto.html">http://www.aput.net/%7Ejheiss/krbldap/howto.html</a>> > <<a href="http://www.aput.net/%7Ejheiss/krbldap/howto.html">http://www.aput.net/%7Ejheiss/krbldap/howto.html</a>> > <<a href="http://www.aput.net/%7Ejheiss/krbldap/howto.html">http://www.aput.net/%7Ejheiss/krbldap/howto.html</a>> > > You can configure very old clients to use IPA as > NIS server. > Let us know how else we can help. > Thanks > Dmitri > > > > > > -Brian > > > _______________________________________________ > Freeipa-users mailing list > <a href="Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> > <a href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a> > > > > > > > > > > > > _______________________________________________ > Freeipa-users mailing list > <a href="Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> > <a href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a> > > > > > > > > > > > > _______________________________________________ > Freeipa-users mailing list > <a href="Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> > <a href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a> > > > > > > > _______________________________________________ > Freeipa-users mailing list > <a href="Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> > <a href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a> </BLOCKQUOTE> </BLOCKQUOTE> </BODY> </HTML>