[Freeipa-users] IPA3 beta - CA will not install

Rob Crittenden rcritten at redhat.com
Tue Jul 24 14:21:26 UTC 2012 

Petr Viktorin wrote:
> On 07/24/2012 03:57 PM, Michael Mercier wrote:
>> Hello,
>>
>> I am attempting to install the IPA 3.x beta on Fedora 17 and running
>> into some difficulty.
>>
>> I performed the following steps attempting the install (following
>> setup instructions for FreeIPA 2.2):
>>
>> 1. Download Fedora 17
>> 2. Install Fedora 17 with VMWare
>> 3. add hostname to /etc/hosts  - 172.16.112.10  ipaserver.beta.local
>> ipaserver
>> 4. yum update
>> 5. open the following ports on the firewall  tcp
>> 80,443,389,636,88,464,53,7839 udp 88,464,53,123
>>
>> iptables -L
>> ACCEPT     tcp  --  anywhere             anywhere             state
>> NEW tcp dpt:ssh
>> ACCEPT     tcp  --  anywhere             anywhere             state
>> NEW tcp dpt:http
>> ACCEPT     tcp  --  anywhere             anywhere             state
>> NEW tcp dpt:https
>> ACCEPT     tcp  --  anywhere             anywhere             state
>> NEW tcp dpt:ldap
>> ACCEPT     tcp  --  anywhere             anywhere             state
>> NEW tcp dpt:ldaps
>> ACCEPT     tcp  --  anywhere             anywhere             state
>> NEW tcp dpt:kerberos
>> ACCEPT     tcp  --  anywhere             anywhere             state
>> NEW tcp dpt:kpasswd
>> ACCEPT     tcp  --  anywhere             anywhere             state
>> NEW tcp dpt:domain
>> ACCEPT     tcp  --  anywhere             anywhere             state
>> NEW tcp dpt:7389
>> ACCEPT     udp  --  anywhere             anywhere             state
>> NEW udp dpt:kerberos
>> ACCEPT     udp  --  anywhere             anywhere             state
>> NEW udp dpt:kpasswd
>> ACCEPT     udp  --  anywhere             anywhere             state
>> NEW udp dpt:domain
>> ACCEPT     udp  --  anywhere             anywhere             state
>> NEW udp dpt:ntp
>>
>> 6. Disable NetworkManger and enable network
>> 7. reboot
>> 8. add freeipa repository
>> baseurl=http://freeipa.com/downloads/devel/rpms/F$releasever/$basearch
>> 9. yum install freeipa-server bind bind-dyndb-ldap
>> 10. ipa-server-install
>>
>> Attached is the log file.
>>
>> Thanks,
>> Mike
>>
>>
>
> This was reported a while ago, see
> https://www.redhat.com/archives/freeipa-users/2012-July/msg00167.html
> for the workaround.
>
>

Or try updating the pki-* packages to 9.0.21, the packages are in 
updates-testing. The dogtag team fixed an SELinux issue introduced in a 
recently selinux-policy update.

rob

More information about the Freeipa-users mailing list