<div dir="ltr"><div>Following this guide: <a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html">https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html</a></div>
<div><br></div><div>STEP 4:</div><div>ipa-server-install --setup-dns -p '<password>' -a '<password>' -r MIOVISION.LINUX -n miovision.linux --hostname ipa1.miovision.linux --forwarder=10.0.0.2 --forwarder=10.0.0.5<br>
</div><div><br></div><div><div>Server host name [ipa1.miovision.linux]: </div><div><br></div><div>Warning: skipping DNS resolution of host ipa1.miovision.linux</div><div>Unable to resolve IP address for host name</div><div>
Please provide the IP address to be used for this host name: 10.0.6.3</div><div>Adding [10.0.6.3 ipa1.miovision.linux] to your /etc/hosts file</div><div>Do you want to configure the reverse zone? [yes]: </div><div>Please specify the reverse zone name [6.0.10.in-addr.arpa.]: </div>
<div>Using reverse zone 6.0.10.in-addr.arpa.</div><div><br></div><div>The IPA Master Server will be configured with:</div><div>Hostname: ipa1.miovision.linux</div><div>IP address: 10.0.6.3</div><div>Domain name: miovision.linux</div>
<div>Realm name: MIOVISION.LINUX</div><div><br></div><div>BIND DNS server will be configured to serve IPA domain with:</div><div>Forwarders: 10.0.0.2, 10.0.0.5</div><div>Reverse zone: 6.0.10.in-addr.arpa.</div><div>
<br></div><div>Continue to configure the system with these values? [no]: yes</div><div><br></div><div>The following operations may take some minutes to complete.</div><div>Please wait until the prompt is returned.</div><div>
<br></div><div>Configuring NTP daemon (ntpd)</div><div> [1/4]: stopping ntpd</div></div><div><br></div><div>...</div><div><br></div><div><div>Done configuring directory server (dirsrv).</div><div>Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds</div>
<div> [1/10]: adding sasl mappings to the directory</div><div> [2/10]: adding kerberos container to the directory</div><div> [3/10]: configuring KDC</div><div> [4/10]: initialize kerberos container</div><div>Failed to initialize the realm container</div>
<div> [5/10]: adding default ACIs</div><div> [6/10]: creating a keytab for the directory</div><div>Unexpected error - see /var/log/ipaserver-install.log for details:</div><div>CalledProcessError: Command 'kadmin.local -q addprinc -randkey ldap/ipa1.miovision.linux@MIOVISION.LINUX -x ipa-setup-override-restrictions' returned non-zero exit status 1</div>
</div><div><br></div><div><b>/var/log/ipaserver-install.log</b><br></div><div><br></div><div><div>add aci:</div><div> (target="ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=miovision,dc=linux")(targetattr="userCertificate")(version 3.0; acl "Modify CA Certificates for renewals"; allow(write) userdn = "ldap:///fqdn=ipa1.miovision.linux,cn=computers,cn=accounts,dc=miovision,dc=linux";)</div>
<div>modifying entry "cn=ipa,cn=etc,dc=miovision,dc=linux"</div><div>modify complete</div><div><br></div><div><br></div><div>2014-02-04T20:45:51Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-MIOVISION-LINUX.socket/??base )</div>
<div><br></div><div>2014-02-04T20:45:51Z DEBUG duration: 6 seconds</div><div>2014-02-04T20:45:51Z DEBUG [6/10]: creating a keytab for the directory</div><div>2014-02-04T20:45:51Z DEBUG args=kadmin.local -q addprinc -randkey ldap/ipa1.miovision.linux@MIOVISION.LINUX -x ipa-setup-override-restrictions</div>
<div>2014-02-04T20:45:51Z DEBUG stdout=Authenticating as principal root/admin@MIOVISION.LINUX with password.</div><div><br></div><div>2014-02-04T20:45:51Z DEBUG stderr=kadmin.local: No such entry in the database while initializing kadmin.local interface</div>
<div><br></div><div>2014-02-04T20:45:51Z INFO File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, in run_script</div><div> return_value = main_function()</div><div><br></div>
<div> File "/usr/sbin/ipa-server-install", line 1024, in main</div><div> subject_base=options.subject)</div><div><br></div><div> File "/usr/lib/python2.6/site-packages/ipaserver/install/krbinstance.py", line 183, in create_instance</div>
<div> self.start_creation(runtime=30)</div><div><br></div><div> File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 358, in start_creation</div><div> method()</div><div><br></div><div>
File "/usr/lib/python2.6/site-packages/ipaserver/install/krbinstance.py", line 386, in __create_ds_keytab</div><div> installutils.kadmin_addprinc(ldap_principal)</div><div><br></div><div> File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 369, in kadmin_addprinc</div>
<div> kadmin("addprinc -randkey " + principal)</div><div><br></div><div> File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 366, in kadmin</div><div> "-x", "ipa-setup-override-restrictions"])</div>
<div><br></div><div> File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 316, in run</div><div> raise CalledProcessError(p.returncode, args)</div><div><br></div><div>2014-02-04T20:45:51Z INFO The ipa-server-install command failed, exception: CalledProcessError: Command 'kadmin.local -q addprinc -randkey ldap/ipa1.miovision.linux@MIOVISION.LINUX -x ipa-setup-override-restrictions' returned non-zero exit status 1</div>
</div><div><br></div><br clear="all"><div><div dir="ltr"><span style="font-family:arial,sans-serif;font-size:16px"><strong>Steve Dainard </strong></span><span style="font-size:12px"></span><br>
<span style="font-family:arial,sans-serif;font-size:12px">IT Infrastructure Manager<br>
<a href="http://miovision.com/" target="_blank">Miovision</a> | <em>Rethink Traffic</em><br>
519-513-2407 ex.250<br>
877-646-8476 (toll-free)<br>
<br>
<strong style="font-family:arial,sans-serif;font-size:13px;color:rgb(153,153,153)"><a href="http://miovision.com/blog" target="_blank">Blog</a> | </strong><font color="#999999" style="font-family:arial,sans-serif;font-size:13px"><strong><a href="https://www.linkedin.com/company/miovision-technologies" target="_blank">LinkedIn</a> | <a href="https://twitter.com/miovision" target="_blank">Twitter</a> | <a href="https://www.facebook.com/miovision" target="_blank">Facebook</a></strong></font> </span>
<hr style="font-family:arial,sans-serif;font-size:13px;color:rgb(51,51,51);clear:both">
<div style="color:rgb(153,153,153);font-family:arial,sans-serif;font-size:13px;padding-top:5px">
<span style="font-family:arial,sans-serif;font-size:12px">Miovision Technologies Inc. | 148 Manitou Drive, Suite 101, Kitchener, ON, Canada | N2C 1L3</span><br>
<span style="font-family:arial,sans-serif;font-size:12px">This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.</span></div>
</div></div>
</div>