[Freeipa-users] ipa-client-install error during ipa-replica-install
Marco Pizzoli
marco.pizzoli at gmail.com
Sun Mar 25 15:35:27 UTC 2012
Hi guys,
I'm still working with the beta version.
I tried the setup of another replica and this is what I'm getting:
[root at freeipa04 ~]# ipa-replica-install --setup-dns --no-forwarders
/var/lib/ipa/replica-info-freeipa04.unix.mydomain.it.gpg
Directory Manager (existing master) password:
Warning: Hostname (freeipa04.unix.mydomain.it) not found in DNS
Run connection check to master
Check connection from replica to remote master 'freeipa01.unix.mydomain.it':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos Kpasswd: TCP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK
The following list of ports use UDP protocol and would need to be
checked manually:
Kerberos KDC: UDP (88): SKIPPED
Kerberos Kpasswd: UDP (464): SKIPPED
Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
admin at UNIX.MYDOMAIN.IT password:
Execute check on remote master
admin at freeipa01.unix.mydomain.it's password:
Check connection from master to remote replica 'freeipa04.unix.mydomain.it':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos KDC: UDP (88): OK
Kerberos Kpasswd: TCP (464): OK
Kerberos Kpasswd: UDP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK
Connection from master to replica is OK.
Connection check OK
Configuring ntpd
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
done configuring ntpd.
Configuring directory server: Estimated time 1 minute
[1/30]: creating directory server user
[2/30]: creating directory server instance
[3/30]: adding default schema
[4/30]: enabling memberof plugin
[5/30]: enabling referential integrity plugin
[6/30]: enabling winsync plugin
[7/30]: configuring replication version plugin
[8/30]: enabling IPA enrollment plugin
[9/30]: enabling ldapi
[10/30]: configuring uniqueness plugin
[11/30]: configuring uuid plugin
[12/30]: configuring modrdn plugin
[13/30]: enabling entryUSN plugin
[14/30]: configuring lockout plugin
[15/30]: creating indices
[16/30]: configuring ssl for ds instance
[17/30]: configuring certmap.conf
[18/30]: configure autobind for root
[19/30]: configure new location for managed entries
[20/30]: restarting directory server
[21/30]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update succeeded
[22/30]: adding replication acis
[23/30]: setting Auto Member configuration
[24/30]: enabling S4U2Proxy delegation
[25/30]: initializing group membership
[26/30]: adding master entry
[27/30]: configuring Posix uid/gid generation
[28/30]: enabling compatibility plugin
[29/30]: tuning directory server
[30/30]: configuring directory to start on boot
done configuring dirsrv.
Configuring Kerberos KDC: Estimated time 30 seconds
[1/9]: adding sasl mappings to the directory
[2/9]: writing stash file from DS
[3/9]: configuring KDC
[4/9]: creating a keytab for the directory
[5/9]: creating a keytab for the machine
[6/9]: adding the password extension to the directory
[7/9]: enable GSSAPI for replication
[8/9]: starting the KDC
[9/9]: configuring KDC to start on boot
done configuring krb5kdc.
Configuring kadmin
[1/2]: starting kadmin
[2/2]: configuring kadmin to start on boot
done configuring kadmin.
Configuring ipa_memcached
[1/2]: starting ipa_memcached
[2/2]: configuring ipa_memcached to start on boot
done configuring ipa_memcached.
Configuring the web interface: Estimated time 1 minute
[1/13]: disabling mod_ssl in httpd
[2/13]: setting mod_nss port to 443
[3/13]: setting mod_nss password file
[4/13]: enabling mod_nss renegotiate
[5/13]: adding URL rewriting rules
[6/13]: configuring httpd
[7/13]: setting up ssl
[8/13]: publish CA cert
[9/13]: creating a keytab for httpd
[10/13]: clean up any existing httpd ccache
[11/13]: configuring SELinux for httpd
[12/13]: restarting httpd
[13/13]: configuring httpd to start on boot
done configuring httpd.
Applying LDAP updates
Restarting the directory server
Restarting the KDC
Restarting the web server
Using reverse zone 146.168.192.in-addr.arpa.
Configuring named:
[1/8]: adding NS record to the zone
[2/8]: setting up reverse zone
[3/8]: setting up our own record
[4/8]: setting up kerberos principal
[5/8]: setting up named.conf
[6/8]: restarting named
[7/8]: configuring named to start on boot
[8/8]: changing resolv.conf to point to ourselves
done configuring named.
Configuration of client side components failed!
ipa-client-install returned: Command '/usr/sbin/ipa-client-install
--on-master --unattended --domain unix.mydomain.it --server
freeipa04.unix.mydomain.it --realm UNIX.MYDOMAIN.IT' returned non-zero exit
status 1
creation of replica failed: Failed to configure the client
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
[root at freeipa04 ~]#
And these are my last lines of the file /var/log/ipaclient-install.log
[cut]
2012-03-25T15:13:40Z DEBUG stdout=Kerberos 5 version 1.9.3
2012-03-25T15:13:40Z DEBUG stderr=
2012-03-25T15:13:40Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/role.py'
2012-03-25T15:13:40Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py'
2012-03-25T15:13:40Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py'
2012-03-25T15:13:40Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/service.py'
2012-03-25T15:13:40Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py'
2012-03-25T15:13:40Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py'
2012-03-25T15:13:40Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py'
2012-03-25T15:13:40Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/user.py'
2012-03-25T15:13:40Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py'
2012-03-25T15:13:40Z DEBUG importing plugin module
'/usr/lib/python2.7/site-packages/ipalib/plugins/xmlclient.py'
2012-03-25T15:13:42Z DEBUG Backing up system configuration file
'/etc/sssd/sssd.conf'
2012-03-25T15:13:42Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2012-03-25T15:13:42Z DEBUG Unable to activate the SSH service in SSSD
config.
2012-03-25T15:13:42Z DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb -n
IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
2012-03-25T15:13:42Z DEBUG stdout=
2012-03-25T15:13:42Z DEBUG stderr=certutil: could not add certificate to
token or database: Error adding certificate to database.
I tried to manually execute the command "/usr/bin/certutil -A -d
/etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt"
[root at freeipa04 ~]# /usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t
CT,C,C -a -i /etc/ipa/ca.crt
[root at freeipa04 ~]# echo $?
0
Any help?
Thanks in advance as usual
Marco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120325/d73b2920/attachment.htm>
More information about the Freeipa-users
mailing list