[Freeipa-users] Fedora 18 + FreeIPA 3.1
Rob Crittenden
rcritten at redhat.com
Sat Dec 29 18:38:38 UTC 2012
Dale Macartney wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Afternoon all
>
> using Fedora 18 Beta and attempting to install FreeIPA 3.1
>
> when running through the install of "ipa-server-install --setup-dns" I
> end up with a failure with the below output
>
>
> [root at ds01 ~]# ipa-server-install --setup-dns
> .....
> .....
> Done configuring directory server (dirsrv).
> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
> 30 seconds
> [1/20]: creating certificate server user
> [2/20]: configuring certificate server instance
> [3/20]: disabling nonces
> [4/20]: creating RA agent certificate database
> [5/20]: importing CA chain to RA certificate database
> [6/20]: fixing RA database permissions
> [7/20]: setting up signing cert profile
> [8/20]: set up CRL publishing
> [9/20]: set certificate subject base
> [10/20]: enabling Subject Key Identifier
> [11/20]: enabling CRL and OCSP extensions for certificates
> [12/20]: setting audit signing renewal to 2 years
> [13/20]: configuring certificate server to start on boot
> [14/20]: restarting certificate server
> [15/20]: requesting RA certificate from CA
> [16/20]: issuing RA agent certificate
> Unexpected error - see /var/log/ipaserver-install.log for details:
> CalledProcessError: Command '/usr/bin/sslget -v -n ipa-ca-agent -p
> XXXXXXXX -d /tmp/tmp-kUFAyN -r /ca/agent/ca/profileReview?requestId=7
> ds01.domain.com:8443' returned non-zero exit status 6
>
>
> there is absolutely nothing in any logs at all apart from a few selinux
> audit logs (system running in permissive mode).
>
> Any thoughts?
This usually means a problem with DNS.
rob
More information about the Freeipa-users
mailing list