[Freeipa-users] ipa-server-install problem
Rob Crittenden
rcritten at redhat.com
Mon Dec 15 16:39:06 UTC 2008
Thomas Sailer wrote:
> Hi,
>
> I'm trying to install ipa-server using the ipa-server-install script on
> a freshly installed and uptodate Fedora 10 x86_64 machine (on bare
> metal). The script terminates with the following error:
>
> The following operations may take some minutes to complete.
> Please wait until the prompt is returned.
> Configuring ntpd
> [1/4]: stopping ntpd
> [2/4]: writing configuration
> [3/4]: configuring ntpd to start on boot
> [4/4]: starting ntpd
> done configuring ntpd.
> Configuring directory server:
> [1/17]: creating directory server user
> [2/17]: creating directory server instance
> [3/17]: adding default schema
> [4/17]: enabling memberof plugin
> [5/17]: enabling referential integrity plugin
> [6/17]: enabling distributed numeric assignment plugin
> [7/17]: enabling winsync plugin
> [8/17]: configuring uniqueness plugin
> [9/17]: creating indices
> [10/17]: configuring ssl for ds instance
> [11/17]: configuring certmap.conf
> [12/17]: restarting directory server
> [13/17]: adding default layout
> [14/17]: configuring Posix uid/gid generation as first master
> [15/17]: adding master entry as first master
> [16/17]: initializing group membership
> [17/17]: configuring directory to start on boot
> done configuring dirsrv.
> Configuring Kerberos KDC
> [1/13]: setting KDC account password
> [2/13]: adding sasl mappings to the directory
> root : CRITICAL failed to add Full Principal Sasl mapping
> Unexpected error - see ipaserver-install.log for details:
> local variable 'e' referenced before assignment
The root problem is the inability to add the SASL mapping because it
already exists. The local variable is a bug in the exception handling.
We are trying to add this entry:
cn=Full Principal,cn=mapping,cn=sasl,cn=config
objectclass: top
objectclass: nsSaslMapping
cn: Full Principal
nsSaslMapRegexString: \(.*\)@\(.*\)
nsSaslMapBaseDNTemplate: SUFFIX
nsSaslMapFilterTemplate: (krbPrincipalName=\1@\2)
Can you see if this entry already exists in your DS? I'm not sure how it
could.
% ldapsearch -x -D "cn=directory manager" -W -b "cn=Full
Principal,cn=mapping,cn=sasl,cn=config"
thanks
rob
> I also tried to upgrade to ipa 1.2.1-0 available in updates-testing, but
> I get the same error.
>
> DNS works. What's wrong?
>
> ipa-python-1.2.1-0.fc10.x86_64
> fedora-ds-base-1.1.3-6.fc10.x86_64
> ipa-admintools-1.2.1-0.fc10.x86_64
> ipa-server-selinux-1.2.1-0.fc10.x86_64
> ipa-server-1.2.1-0.fc10.x86_64
> ipa-client-1.2.1-0.fc10.x86_64
>
> Thanks,
> Tom
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list