[Freeipa-users] FreeIPA v2.0 alpha4 replica installation problems

Rob Crittenden rcritten at redhat.com
Mon Aug 16 17:31:44 UTC 2010 

I fat-fingered this moderated message and it went into the bit bucket, 
here it is revived.

Subject: FreeIPA v2.0 alpha4 replica installation problems
From: "Hemminger, Corey Lee. [heco0701 at stcloudstate.edu]" 
<heco0701 at stcloudstate.edu>
Date: Mon, 16 Aug 2010 10:32:14 -0500
To: "freeipa-users at redhat.com" <freeipa-users at redhat.com>

Hi,
I'm a student admin for St. Cloud State University's Business Computing 
Research Lab, and we run our own seperate network inside the campus 
network with dedicated internet feeds and hardware for professors 
research as well as masters and bachelors student research and labs. We 
have many computers setup for workstations, clusters, clouds, etc... and 
I'm trying to set up a redundant FreeIPA v2.0 in virtual box to help 
manage the systems and control access to machines. I have setup the 
master with no problems, but when creating the replica I run the command 
"ipa-replica-install -N --setup-dns 
/var/lib/ipa/replica-file-from-master" and I get this error output. It 
created the directory fine but is having trouble with the certs. I have 
disabled the firewalls on both and selinux hoping they would help but 
still same problem.

[root at earth bcrl]# ipa-replica-install 
/var/lib/ipa/replica-info-earth.bcrl.stcloudstate.edu.gpg -N --setup-dns 
--no-forwarders

An existing Directory Server has been detected.
Do you wish to remove it and create a new one? [no]: yes
Directory Manager (existing master) password:

Warning: Hostname (earth.bcrl.stcloudstate.edu) not found in DNS
Configuring directory server for the CA:
   [1/4]: creating directory server user
   [2/4]: creating directory server instance
   [3/4]: configuring directory to start on boot
   [4/4]: restarting directory server
done configuring pkids.
Configuring certificate server:
   [1/9]: creating certificate server user
   [2/9]: configuring certificate server instance
root        : CRITICAL failed to restart ca instance Command 
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname 
earth.bcrl.stcloudstate.edu -cs_port 9445 -client_certdb_dir 
/tmp/tmp-vemQSV -client_certdb_pwd XXXXXXXX -preop_pin 
yhiJojW06gxaPrkvOJOK -domain_name IPA -admin_user admin -admin_email 
root at localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent 
-agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
"CN=ipa-ca-agent,O=IPA" -ldap_host earth.bcrl.stcloudstate.edu 
-ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password XXXXXXXX 
-base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -save_p12 
true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal 
-ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IPA" 
-ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=IPA" 
-ca_server_cert_subject_name "CN=earth.bcrl.stcloudstate.edu,O=IPA" 
-ca_audit_signing_cert_subject_name "CN=CA Audit,O=IPA" 
-ca_sign_cert_subject_name "CN=Certificate Autho!
  rity,O=IPA" -external false -clone true -clone_p12_file ca.p12 
-clone_p12_password XXXXXXXX -sd_hostname zeus.bcrl.stcloudstate.edu 
-sd_admin_port 9445 -sd_admin_name admin -sd_admin_password XXXXXXXX 
-clone_uri https://zeus.bcrl.stcloudstate.edu:9444' returned non-zero 
exit status 255
   [3/9]: creating RA agent certificate database
   [4/9]: importing CA chain to RA certificate database
creation of replica failed: Unable to retrieve CA chain: Retrieving CA 
cert chain failed: Error: Failed to get certificate chain.

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

Thanks for any help,
Corey

More information about the Freeipa-users mailing list