[Freeipa-users] ipa-server-install fails

Geerten Schram geerten at schram.name
Wed Jan 12 22:45:21 UTC 2011 

Hi All,

When running ipa-server-install from ipa-server-2.0.0.pre1-0.fc14.x86_64 I get 
an error (see list1 and ipserver-install.log). I just don't get it. When I run 
the pkisilent command by hand I get 

"#######################################################################
Unrecognized argument: Manager
Use -help for help information

#######################################################################"

The only "Manager" comes from the build in bind_dn, so I gues that's not the 
problem. Does someone has a clue?

Regards,

Geerten Schram
-------------- next part --------------
[root at freeipa ~]# ipa-server-install 

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the FreeIPA Server.

This includes:
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)

To accept the default shown in brackets, press the Enter key.

Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.


Server host name [freeipa.schram.name]: 

The domain name has been calculated based on the host name.

Please confirm the domain name [schram.name]: 

The IPA Master Server will be configured with
Hostname:    freeipa.schram.name
IP address:  10.1.128.52
Domain name: schram.name

The server must run as a specific user in a specific group.
It is strongly recommended that this user should have no privileges
on the computer (i.e. a non-root user).  The set up procedure
will give this user/group some permissions in specific paths/files
to perform server-specific operations.

The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.

Please provide a realm name [SCHRAM.NAME]: 
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.

Directory Manager password: 
Password (confirm): 

The IPA server requires an administrative user, named 'admin'.
This user is a regular system account used for IPA server administration.

IPA admin password: 
Password (confirm): 


The following operations may take some minutes to complete.
Please wait until the prompt is returned.

Configuring ntpd
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
done configuring ntpd.
Configuring directory server for the CA: Estimated time 30 seconds
  [1/3]: creating directory server user
  [2/3]: creating directory server instance
  [3/3]: restarting directory server
done configuring pkids.
Configuring certificate server: Estimated time 6 minutes
  [1/16]: creating certificate server user
  [2/16]: creating pki-ca instance
  [3/16]: restarting certificate server
  [4/16]: configuring certificate server instance
root        : CRITICAL failed to restart ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname freeipa.schram.name -cs_port 9445 -client_certdb_dir /tmp/tmp-OWsgTC -client_certdb_pwd 'XXXXXXXX' -preop_pin RETsCSZH3uQHqlnk1GYU -domain_name IPA -admin_user admin -admin_email root at localhost -admin_password 'XXXXXXXX' -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=SCHRAM.NAME" -ldap_host freeipa.schram.name -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password 'XXXXXXXX' -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd 'XXXXXXXX' -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=SCHRAM.NAME" -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=SCHRAM.NAME" -ca_server_cert_subject_name "CN=freeipa.schram.name,O=SCHRAM.NAME" -ca_audit_signing_cert_subject_name "CN=CA Audit,O=SCHRAM.NAME" -ca_sign_cert_subject_name "CN=Certificate Authority,O=SCHRAM.NAME" -external false -clone false' returned non-zero exit status 255
Unexpected error - see ipaserver-install.log for details:
 Configuration of CA failed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipaserver-install.log
Type: text/x-log
Size: 18894 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110112/0d83c101/attachment.bin>

More information about the Freeipa-users mailing list