[Freeipa-users] Server installation problem
Dan Scott
danieljamesscott at gmail.com
Fri Jun 24 18:18:38 UTC 2011
Hi,
On Fri, Jun 24, 2011 at 14:00, Rob Crittenden <rcritten at redhat.com> wrote:
> Dan Scott wrote:
>> I've just installed Fedora 15 onto a VM, configured networking and run
>> the ipa-server-install script - the installation fails with the error:
>>
>> Configuring ntpd
>> [1/4]: stopping ntpd
>> [2/4]: writing configuration
>> [3/4]: configuring ntpd to start on boot
>> [4/4]: starting ntpd
>> done configuring ntpd.
>> Configuring directory server for the CA: Estimated time 30 seconds
>> [1/3]: creating directory server user
>> [2/3]: creating directory server instance
>> root : CRITICAL failed to restart ds instance Command
>> '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmplNsX1T'
>> returned non-zero exit status 1
>> [3/3]: restarting directory server
>> root : CRITICAL Failed to restart the directory server. See the
>> installation log for details.
>>
>> Logfile is attached.
>>
>> Can anyone help with this? It looks like it's failing to
>> start/configure the dirsrv service. Is it possible that it's
>> conflicting with my existing FreeIPA 1.2.x servers elsewhere on the
>> network?
>>
>> Thanks,
>>
>> Dan Scott
>
> There has recently been an SELinux problem on F-15 that has affected 389-ds
> installation. Can you see if there are any AVCS for ns-slapd in
> /var/log/audit/audit.log?
>
> rob
>
That seems to be the problem, thanks.
[root at pc51 ~]# grep denied /var/log/audit/audit.log
type=AVC msg=audit(1308936867.797:102): avc: denied { read } for
pid=8274 comm="ns-slapd" name="lock" dev=dm-1 ino=1307
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
type=AVC msg=audit(1308937468.228:103): avc: denied { read } for
pid=8323 comm="ns-slapd" name="lock" dev=dm-1 ino=1307
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
[root at pc51 ~]# grep denied /var/log/audit/audit.log|audit2allow
#============= dirsrv_t ==============
allow dirsrv_t var_t:lnk_file read;
[root at pc51 ~]#
I had a quick look through bugzilla, and didn't find a bug related to
this. Do I need to file one? Or is it all OK?
Thanks,
Dan
More information about the Freeipa-users
mailing list