Thank you for your reply! I have already performed `setenforce 0` and the selinux mode is already permissive, but the problem still exists.<br><br><div><sign signid="0"><div style="color:#909090;font-family:Arial Narrow;font-size:12px"><br><br><br><br>------------------</div><div style="font-size:14px;font-family:Verdana;color:#000;">祝：<br>    工作顺利！生活愉快！<br><span style="text-decoration: underline;"></span>--------------------------<br>长沙研发中心 郑磊 <br>电话：18684703229<br>邮箱：zhenglei@kylinos.cn<br>公司：天津麒麟信息技术有限公司<br>地址：湖南长沙市开福区三一大道工美大厦十四楼<br>
</div></sign></div><div> </div><div><includetail><div> </div><div> </div><div style="font:Verdana normal 14px;color:#000;"><div style="FONT-SIZE: 12px;FONT-FAMILY: Arial Narrow;padding:2px 0 2px 0;">------------------ Original ------------------</div><div style="FONT-SIZE: 12px;background:#efefef;padding:8px;"><div id="menu_sender"><b>From: </b> "Fraser Tweedale"<ftweedal@redhat.com>;</div><div><b>Date: </b> Tue, Nov 8, 2016 10:37 AM</div><div><b>To: </b> "郑磊"<zhenglei@kylinos.cn>; <wbr></div><div><b>Cc: </b> "freeipa-devel"<freeipa-devel@redhat.com>; <wbr></div><div><b>Subject: </b> Re: [Freeipa-devel] Configuring ipa-otpd error when selinux is enable</div></div><div> </div>On Tue, Nov 08, 2016 at 10:29:29AM +0800, 郑磊 wrote:<br>> Hello everyone,<br>> <br>> I have successfully set up the FreeIPA environment on Ubuntu when selinux is disable. But when selinux is enable, there is a configuring ipa-otpd error occurred. <br>> <br>> The ipaserver-install.log shows following informations:<br>> 2016-11-08T01:55:18Z DEBUG   [1/2]: starting ipa-otpd<br>> 2016-11-08T01:55:18Z DEBUG Starting external process<br>> 2016-11-08T01:55:18Z DEBUG args=/bin/systemctl is-active ipa-otpd.socket<br>> 2016-11-08T01:55:18Z DEBUG Process finished, return code=3<br>> 2016-11-08T01:55:18Z DEBUG stdout=inactive<br>> <br>> 2016-11-08T01:55:18Z DEBUG stderr=<br>> 2016-11-08T01:55:18Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'<br>> 2016-11-08T01:55:18Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'<br>> 2016-11-08T01:55:18Z DEBUG Starting external process<br>> 2016-11-08T01:55:18Z DEBUG args=/bin/systemctl restart ipa-otpd.socket<br>> 2016-11-08T01:55:18Z DEBUG Process finished, return code=1<br>> 2016-11-08T01:55:18Z DEBUG stdout=<br>> 2016-11-08T01:55:18Z DEBUG stderr=Job for ipa-otpd.socket failed. See "systemctl status ipa-otpd.socket" and "journalctl -xe" for details.<br>> <br>> 2016-11-08T01:55:18Z DEBUG Traceback (most recent call last):<br>>   File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 447, in start_creation<br>>     run_step(full_msg, method)<br>>   File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 437, in run_step<br>>     method()<br>>   File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 585, in __start<br>>     self.restart()<br>>   File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 347, in restart<br>>     self.service.restart(instance_name, capture_output=capture_output, wait=wait)<br>>   File "/usr/lib/python2.7/dist-packages/ipaplatform/base/services.py", line 301, in restart<br>>     skip_output=not capture_output)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 479, in run<br>>     raise CalledProcessError(p.returncode, arg_string, str(output))<br>> CalledProcessError: Command '/bin/systemctl restart ipa-otpd.socket' returned non-zero exit status 1<br>> <br>> 2016-11-08T01:55:18Z DEBUG   [error] CalledProcessError: Command '/bin/systemctl restart ipa-otpd.socket' returned non-zero exit status 1<br>> 2016-11-08T01:55:18Z DEBUG   File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in execute<br>>     return_value = self.run()<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py", line 318, in run<br>>     cfgr.run()<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 310, in run<br>>     self.execute()<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 332, in execute<br>>     for nothing in self._executor():<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 372, in __runner<br>>     self._handle_exception(exc_info)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394, in _handle_exception<br>>     six.reraise(*exc_info)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 362, in __runner<br>>     step()<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 359, in <lambda><br>>     step = lambda: next(self.__gen)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from<br>>     six.reraise(*exc_info)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from<br>>     value = gen.send(prev_value)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 586, in _configure<br>>     next(executor)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 372, in __runner<br>>     self._handle_exception(exc_info)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 449, in _handle_exception<br>>     self.__parent._handle_exception(exc_info)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394, in _handle_exception<br>>     six.reraise(*exc_info)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 446, in _handle_exception<br>>     super(ComponentBase, self)._handle_exception(exc_info)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 394, in _handle_exception<br>>     six.reraise(*exc_info)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 362, in __runner<br>>     step()<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py", line 359, in <lambda><br>>     step = lambda: next(self.__gen)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from<br>>     six.reraise(*exc_info)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from<br>>     value = gen.send(prev_value)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/install/common.py", line 63, in _install<br>>     for nothing in self._installer(self.parent):<br>>   File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py", line 1513, in main<br>>     install(self)<br>>   File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py", line 267, in decorated<br>>     func(installer)<br>>   File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py", line 944, in install<br>>     ipautil.realm_to_suffix(realm_name))<br>>   File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 579, in create_instance<br>>     self.start_creation("Configuring %s" % self.service_name)<br>>   File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 447, in start_creation<br>>     run_step(full_msg, method)<br>>   File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 437, in run_step<br>>     method()<br>>   File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 585, in __start<br>>     self.restart()<br>>   File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 347, in restart<br>>     self.service.restart(instance_name, capture_output=capture_output, wait=wait)<br>>   File "/usr/lib/python2.7/dist-packages/ipaplatform/base/services.py", line 301, in restart<br>>     skip_output=not capture_output)<br>>   File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 479, in run<br>>     raise CalledProcessError(p.returncode, arg_string, str(output))<br>> <br>> 2016-11-08T01:55:18Z DEBUG The ipa-server-install command failed, exception: CalledProcessError: Command '/bin/systemctl restart ipa-otpd.socket' returned non-zero exit status 1<br>> 2016-11-08T01:55:18Z ERROR Command '/bin/systemctl restart ipa-otpd.socket' returned non-zero exit status 1<br>> 2016-11-08T01:55:18Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information<br>> <br>> the ipa-otpd.socket status is as follows:<br>> root@ipaserver:~# systemctl status ipa-otpd.socket<br>> ● ipa-otpd.socket - ipa-otpd socket<br>>    Loaded: loaded (/lib/systemd/system/ipa-otpd.socket; disabled; vendor preset: enabled)<br>>    Active: failed (Result: exit-code) since 二 2016-11-08 09:55:18 CST; 26min ago<br>>    Listen: /var/run/krb5kdc/DEFAULT.socket (Stream)<br>>  Accepted: 0; Connected: 0<br>>   Process: 19864 ExecStopPre=/usr/bin/unlink /var/run/krb5kdc/DEFAULT.socket (code=exited, status=1/FAILURE)<br>> <br>> 11月 08 09:55:18 ipaserver.test.com systemd[1]: Starting ipa-otpd socket.<br>> 11月 08 09:55:18 ipaserver.test.com unlink[19864]: /usr/bin/unlink: Unable to remove '/var/run/krb5kdc/DEFAULT.socket' links: no such files or directories <br>> 11月 08 09:55:18 ipaserver.test.com systemd[1]: ipa-otpd.socket: Control process exited, code=exited status=1<br>> 11月 08 09:55:18 ipaserver.test.com systemd[1]: Failed to listen on ipa-otpd socket.<br>> 11月 08 09:55:18 ipaserver.test.com systemd[1]: ipa-otpd.socket: Unit entered failed state.<br>> I found that the file or directory is automatically created when ipa-otpd.socket is started.<br>> <br>> Is there anyone help me?<br>> <br>> Thank you!<br>> <br>Thanks for reporting.  It is a known issue.  There is a ticket<br>against selinux-policy-targeted:<br>https://bugzilla.redhat.com/show_bug.cgi?id=1384872<br><br>Until it is resolved, you will have to `setenforce 0`.<br><br>Cheers,<br>Fraser</div><!--<![endif]--></includetail></div>