[Freeipa-users] Fedora 18 + FreeIPA 3.1
Dale Macartney
dale at themacartneyclan.com
Wed Jan 2 00:32:12 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/01/2013 11:42 PM, Rob Crittenden wrote:
> Dale Macartney wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> On 12/29/2012 06:38 PM, Rob Crittenden wrote:
>>> Dale Macartney wrote:
>>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Afternoon all
>>>>
>>>> using Fedora 18 Beta and attempting to install FreeIPA 3.1
>>>>
>>>> when running through the install of "ipa-server-install --setup-dns" I
>>>> end up with a failure with the below output
>>>>
>>>>
>>>> [root at ds01 ~]# ipa-server-install --setup-dns
>>>> .....
>>>> .....
>>>> Done configuring directory server (dirsrv).
>>>> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
>>>> 30 seconds
>>>> [1/20]: creating certificate server user
>>>> [2/20]: configuring certificate server instance
>>>> [3/20]: disabling nonces
>>>> [4/20]: creating RA agent certificate database
>>>> [5/20]: importing CA chain to RA certificate database
>>>> [6/20]: fixing RA database permissions
>>>> [7/20]: setting up signing cert profile
>>>> [8/20]: set up CRL publishing
>>>> [9/20]: set certificate subject base
>>>> [10/20]: enabling Subject Key Identifier
>>>> [11/20]: enabling CRL and OCSP extensions for certificates
>>>> [12/20]: setting audit signing renewal to 2 years
>>>> [13/20]: configuring certificate server to start on boot
>>>> [14/20]: restarting certificate server
>>>> [15/20]: requesting RA certificate from CA
>>>> [16/20]: issuing RA agent certificate
>>>> Unexpected error - see /var/log/ipaserver-install.log for details:
>>>> CalledProcessError: Command '/usr/bin/sslget -v -n ipa-ca-agent -p
>>>> XXXXXXXX -d /tmp/tmp-kUFAyN -r /ca/agent/ca/profileReview?requestId=7
>>>> ds01.domain.com:8443' returned non-zero exit status 6
>>>>
>>>>
>>>> there is absolutely nothing in any logs at all apart from a few selinux
>>>> audit logs (system running in permissive mode).
>>>>
>>>> Any thoughts?
>>>
>>> This usually means a problem with DNS.
>> Hmm... normally I set a dns forwarder of 10.0.0.254... This time I tried
>> it with no forwarder at all... Same error occurs...
>
> Not really sure. The errors out of sslget are not particularly helpful.
>
> I'd check /etc/hosts to be sure it is sane, and perhaps dig/host to be
sure that the forward and reverse entries match up.
that'll teach me for using non-kickstarted systems...
error is caused by mis or unconfigured /etc/hosts
>
> rob
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBAgAGBQJQ44ADAAoJEAJsWS61tB+qo9cP/RR+zhZ4tX7lSmeD5MOK1ACa
aci0s9HfROU2K/deiS8qLFKtxVdvm8itc2lda4TVwTHbhVompKi3mpp3KBlB8te/
6WLpuC2agQeSPSlxlaDi6+6ue9/5c0bLogf5EJDEjGae/hsC3AJfYiW661WgAnZg
qrU3X0rn00giy+sAOd0oFuqeBo+Hu/KZF3sDHF/YVK8fDMtajnZcj7C6zy1zOmdP
bWj7flqZSZA3LlsOyq0e77U0VW5aFnEGE87ywNyCiXvuZjI/02iOijpPKpppk1If
9zVLPncDDU2smyGbEBE4/aylNbwzXa4izWQ9KwjqU2kWLd+tIq/74/gu7dDVjeOP
dTnQuGWsSJlrEEuLlwks09BmOl2kIBr/EB/EZt1R31ldL+d1vK8aV3pBmXgptVsG
l3R8rAvhu5WoJCKG4gtQVGSn1HkoSPHjc5FGIw/UjXbANcZlIONwujh6gdNHm2vk
syk47+7ThamYTx3Hpq+dggxFcEekq+z1MWLP5gv5Odt/Vc810ziTn+QK97gY5UMM
OD1kR34QN1FQsjn5qsjX9TumU4xvtvnuqgpj+0RTWGFk+55HFfdcTr+8rJKLsxrW
g+Runt3DCu3YlUU+7Nc1FNLfwzjh227OzX1NxsMNTUYyCoOAHM85Ty6nGmFdkoBG
XJeYI5r3FYZ1e/9Jtysq
=TlwR
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc
Type: application/pgp-keys
Size: 8187 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130102/ea04b749/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc.sig
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130102/ea04b749/attachment.sig>
More information about the Freeipa-users
mailing list