[Freeipa-users] ipa-server-install fails

Corey Hemminger heco0701 at stcloudstate.edu
Tue Jan 18 21:32:37 UTC 2011 

How do I add the updates-devel repo to fedora. I'm having issues with fedora 14 and ipa 2.0 beta 1 installing. I added the bleeding edge repo for ipa and updates-testing for fedora but I still get errors during the ca authority portion of the install. 

Corey

On Jan 18, 2011, at 11:00 AM, "freeipa-users-request at redhat.com" <freeipa-users-request at redhat.com> wrote:

> Send Freeipa-users mailing list submissions to
>    freeipa-users at redhat.com
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    https://www.redhat.com/mailman/listinfo/freeipa-users
> or, via email, send a message with subject or body 'help' to
>    freeipa-users-request at redhat.com
> 
> You can reach the person managing the list at
>    freeipa-users-owner at redhat.com
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeipa-users digest..."
> 
> 
> Today's Topics:
> 
>   1. Re: Unable to change Admin password (Simo Sorce)
>   2. Re: certificate verify failed - WinSync strangeness -
>      ipa-server-1.2.2-0 (Simo Sorce)
>   3. Re: ipa-server-install fails (Geerten Schram)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Mon, 17 Jan 2011 14:10:37 -0500
> From: Simo Sorce <ssorce at redhat.com>
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Unable to change Admin password
> Message-ID: <20110117141037.2d8993f7 at willson.li.ssimo.org>
> Content-Type: text/plain; charset=US-ASCII
> 
> On Wed, 12 Jan 2011 20:02:14 +0000
> ide4you at gmail.com wrote:
> 
>> Yes ipa_kpasswd is running.
>> 
>> 
>> Sent on the TELUS Mobility network with BlackBerry
> 
> Can you check it was able to bind to udp ports ?
> 
> I just noticed it wasn't able to in my fedora 14, and posted a patch.
> 
> Simo.
> 
> -- 
> Simo Sorce * Red Hat, Inc * New York
> 
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Mon, 17 Jan 2011 14:13:14 -0500
> From: Simo Sorce <ssorce at redhat.com>
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] certificate verify failed - WinSync
>    strangeness - ipa-server-1.2.2-0
> Message-ID: <20110117141314.2a80a513 at willson.li.ssimo.org>
> Content-Type: text/plain; charset=US-ASCII
> 
> On Wed, 12 Jan 2011 12:03:59 -0600
> "dont at killbrad.com" <dont at killbrad.com> wrote:
> 
>> Ok, so the ipa-server-certinstall script seems to be where things did
>> not work as I perhaps expected them to.
>> 
>> I manually put the certificates in the dirsrv cert db, and the web
>> interface cert db.  The ipa-replica-manage uses replication.py, which
>> is declaring
>> 
>> CACERT="/usr/share/ipa/html/ca.crt"
>> 
>> It looks like this is where the error is being caused.  The
>> certification there is still the original "IPA Test Certificate
>> Authority".  If I point it to the DigiCertCA.crt (which should work),
>> OR the AD-ca.crt file, I get the same error as originally mentioned
>> when running 'ipa-replica-manage list'. If I comment out the CACERT
>> variable it does as expected:  unexpected error: global name 'CACERT'
>> is not defined
>> 
>> So, can someone give me some advice about where else it may be
>> reading the certificate from, or how I can do things "the proper way"
>> for IPA?
> 
> /etc/ipa/ca.crt is another place where the cert can be found.
> 
> but for winsync you can pass the cacert on the command line, have you
> tried that ?
> 
> Simo.
> 
> -- 
> Simo Sorce * Red Hat, Inc * New York
> 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Tue, 18 Jan 2011 00:47:33 +0100
> From: Geerten Schram <geerten at schram.name>
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] ipa-server-install fails
> Message-ID: <201101180047.34231.geerten at schram.name>
> Content-Type: Text/Plain;  charset="iso-8859-1"
> 
> On Thursday 13 January 2011 04:17:11 Dmitri Pal wrote:
>> Dmitri Pal wrote:
>>> Geerten Schram wrote:
>>>> Hi All,
>>>> 
>>>> When running ipa-server-install from ipa-server-2.0.0.pre1-0.fc14.x86_64
>>>> I get an error (see list1 and ipserver-install.log). I just don't get
>>>> it. When I run the pkisilent command by hand I get
>>>> 
>>>> "#######################################################################
>>>> Unrecognized argument: Manager
>>>> Use -help for help information
>>>> 
>>>> #######################################################################"
>>>> 
>>>> The only "Manager" comes from the build in bind_dn, so I gues that's not
>>>> the problem. Does someone has a clue?
>>>> 
>>>> Regards,
>>> 
>>> This is the same issue I was hitting when I was testing beta and the
>>> workaround with the links to java jars described in the release notes
>>> fixed this issue.
>>> The latest devel repository has this fixed. You might try installing
>>> from there.
>>> http://jdennis.fedorapeople.org/ipa-devel/
>>> Make sure you also have updates testing enabled since some other
>>> packages we depend on have been fixed in the recent weeks.
>>> 
>>> Just started package install will take a while since many packages
>>> changed in last couple weeks.
>>> Will let you know if I see any issues with the today's build.
>> 
>> Yes it installed fine with all defaults.
>> I will play with it more later today.
> 
> Indeed it does. Works very nicely with the ipa-devel + update-devel repos.
> Thank you for your help!
> 
>> 
>>> Thanks
>>> Dmitri
>>> 
> 
> Regards,
> 
> Geerten
> 
> 
> 
> ------------------------------
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> End of Freeipa-users Digest, Vol 30, Issue 9
> ********************************************

More information about the Freeipa-users mailing list