[Freeipa-users] FreeIPA installation bug on F18 while "requesting RA certificate from CA"

Robert M. Albrecht lists at romal.de
Wed Feb 13 14:44:12 UTC 2013 

Hi,


Configuring NTP daemon (ntpd)
   [1/4]: stopping ntpd
   [2/4]: writing configuration
   [3/4]: configuring ntpd to start on boot
   [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
   [1/36]: creating directory server user
   [2/36]: creating directory server instance
   [3/36]: adding default schema
   [4/36]: enabling memberof plugin
   [5/36]: enabling winsync plugin
   [6/36]: configuring replication version plugin
   [7/36]: enabling IPA enrollment plugin
   [8/36]: enabling ldapi
   [9/36]: configuring uniqueness plugin
   [10/36]: configuring uuid plugin
   [11/36]: configuring modrdn plugin
   [12/36]: enabling entryUSN plugin
   [13/36]: configuring lockout plugin
   [14/36]: creating indices
   [15/36]: enabling referential integrity plugin
   [16/36]: configuring certmap.conf
   [17/36]: configure autobind for root
   [18/36]: configure new location for managed entries
   [19/36]: restarting directory server
   [20/36]: adding default layout
   [21/36]: adding delegation layout
   [22/36]: adding replication acis
   [23/36]: creating container for managed entries
   [24/36]: configuring user private groups
   [25/36]: configuring netgroups from hostgroups
   [26/36]: creating default Sudo bind user
   [27/36]: creating default Auto Member layout
   [28/36]: adding range check plugin
   [29/36]: creating default HBAC rule allow_all
   [30/36]: Upload CA cert to the directory
ipa         : CRITICAL Failed to load upload-cacert.ldif: Command
'/usr/bin/ldapmodify -v -f /tmp/tmpSkzd0p -H
ldap://gutenberg.vorlon.lan:389 -x -D cn=Directory Manager -y
/tmp/tmpVB45G5' returned non-zero exit status 247
   [31/36]: initializing group membership
   [32/36]: adding master entry
   [33/36]: configuring Posix uid/gid generation
   [34/36]: enabling compatibility plugin
   [35/36]: tuning directory server
   [36/36]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
30 seconds
   [1/20]: creating certificate server user
   [2/20]: configuring certificate server instance
   [3/20]: disabling nonces
   [4/20]: creating RA agent certificate database
   [5/20]: importing CA chain to RA certificate database
   [6/20]: fixing RA database permissions
   [7/20]: setting up signing cert profile
   [8/20]: set up CRL publishing
   [9/20]: set certificate subject base
   [10/20]: enabling Subject Key Identifier
   [11/20]: enabling CRL and OCSP extensions for certificates
   [12/20]: setting audit signing renewal to 2 years
   [13/20]: configuring certificate server to start on boot
   [14/20]: restarting certificate server
   [15/20]: requesting RA certificate from CA
Unexpected error - see /var/log/ipaserver-install.log for details:
IndexError: list index out of range
[root at gutenberg ~]#

from /var/log/ipaserver-install.log

2013-02-13T14:38:15Z DEBUG stderr=
2013-02-13T14:38:15Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2013-02-13T14:38:15Z DEBUG   duration: 0 seconds
2013-02-13T14:38:15Z DEBUG   [14/20]: restarting certificate server
2013-02-13T14:38:15Z DEBUG Starting external process
2013-02-13T14:38:15Z DEBUG args=/bin/systemctl restart
pki-tomcatd at pki-tomcat.service
2013-02-13T14:38:19Z DEBUG Process finished, return code=0
2013-02-13T14:38:19Z DEBUG stdout=
2013-02-13T14:38:19Z DEBUG stderr=
2013-02-13T14:38:19Z DEBUG Starting external process
2013-02-13T14:38:19Z DEBUG args=/bin/systemctl is-active
pki-tomcatd at pki-tomcat.service
2013-02-13T14:38:19Z DEBUG Process finished, return code=0
2013-02-13T14:38:19Z DEBUG stdout=active

2013-02-13T14:38:19Z DEBUG stderr=
2013-02-13T14:38:19Z DEBUG wait_for_open_ports: localhost [8080, 8443]
timeout 120
2013-02-13T14:38:25Z DEBUG The httpd proxy is not installed, skipping
wait for CA
2013-02-13T14:38:25Z DEBUG   duration: 9 seconds
2013-02-13T14:38:25Z DEBUG   [15/20]: requesting RA certificate from CA
2013-02-13T14:38:25Z DEBUG Starting external process
2013-02-13T14:38:25Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f
XXXXXXXX -R -k rsa -g 2048 -s CN=IPA RA,O=VORLON.LAN -z /tmp/tmpQoA4BN -a
2013-02-13T14:38:31Z DEBUG Process finished, return code=0
2013-02-13T14:38:31Z DEBUG
stdout=^X^\<FB><ED>5^@^@^@^X^\<FB><ED>5^@^@^@^P<FD><81>^A^@^@^@^@^P<FD><81>^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@<B0>^@^@^@^@^@^@^@!^F^@^@^@^@^@^@<98>^W<FB><ED>5^@^@^@<A0><F9><81>^A^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@<80><8D><81>^A^@^@^@^@^@^@^@^@^@^@^@^@^@^A^@^@^@^@^@^@P^@^@^@^@^@^@^@^P^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@`^B^@^@^@^@^@^@^P^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
2013-02-13T14:38:31Z DEBUG stderr=

Generating key.  This may take a few moments...


2013-02-13T14:38:47Z INFO   File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 617, in run_script
     return_value = main_function()

   File "/sbin/ipa-server-install", line 986, in main
     dm_password, subject_base=options.subject)

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
621, in configure_instance
     self.start_creation(runtime=210)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 358, in start_creation
     method()

   File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
1219, in __request_ra_certificate
     self.requestId = item_node[0].childNodes[0].data

2013-02-13T14:38:47Z INFO The ipa-server-install command failed,
exception: IndexError: list index out of range
(END)


There are no special charters in any password.

Any ideas ?

cu romal

More information about the Freeipa-users mailing list