[Freeipa-users] FreeIPA install fails on config. of certificate server with "Required parameter -client_token_name is not specified."

Andrew Wasielewski andrew at wasielewski.co.uk
Thu Jun 20 21:32:05 UTC 2013 

Hello everyone,

I am trying to install FreeIPA 2.2.2 on Fedora 17 (kernel 3.8.13-100.fc17.x86_64).  Each time it fails in step 2/17 of "Configuring certificate server".  The relevant portion of the log is appended below.  It looks like the specific cause of the error is "Required parameter -client_token_name is not specified."  I can't find anything on Google relating to this exact string so am requesting help here.

All necessary package installs, DNS config etc. have been done, so there are no error messages during the info gathering part of the script.  There has been no previous installation of Kerberos or any CA software.  I did do some work with OpenLDAP to set up a user management directory - before I found out about FreeIPA - but that used slapd which is now disabled to avoid conflict with 389 Directory Server.

Any advice much appreciated.

Regards,
Andrew


2013-06-20T21:12:27Z DEBUG stderr=
2013-06-20T21:12:27Z DEBUG   duration: 0 seconds
2013-06-20T21:12:27Z DEBUG done configuring pkids.
2013-06-20T21:12:27Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2013-06-20T21:12:27Z DEBUG Configuring certificate server: Estimated time 3 minutes 30 seconds
2013-06-20T21:12:27Z DEBUG   [1/17]: creating certificate server user
2013-06-20T21:12:27Z DEBUG ca user pkiuser exists
2013-06-20T21:12:27Z DEBUG   duration: 0 seconds
2013-06-20T21:12:27Z DEBUG   [2/17]: configuring certificate server instance
2013-06-20T21:12:27Z DEBUG args=/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname server.wasielewski.co.uk -cs_port 9445 -client_certdb_dir /tmp/tmp-YYL2Te -client_certdb_pwd XXXXXXXX -preop_pin 1JbX3OUn0
TgehavAiRWv -domain_name IPA -admin_user admin -admin_email root at localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-
ca-agent,O=WASIELEWSKI.CO.UK -ldap_host server.wasielewski.co.uk -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=WASIELEWSKI.CO.UK -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=WASIELEWSKI.CO.UK -ca_server_cert_subject_name CN=server.wasielewski.co.uk,O=WASIELEWSKI.CO.UK -ca_audit_signing_cert_subject_name CN=CA Audit,O=WASIELEWSKI.CO.UK -ca_sign_cert_subject_name CN=Certificate Authority,O=WASIELEWSKI.CO.UK -external false -clone false
2013-06-20T21:12:27Z DEBUG stdout=libpath=/usr/lib64
#######################################################################
Required parameter -client_token_name is not specified.
Use -help for help information

#######################################################################

2013-06-20T21:12:27Z DEBUG stderr=
2013-06-20T21:12:27Z CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname server.wasielewski.co.uk -cs_port 9445 -client_certdb_dir /tmp/tmp-YYL2Te -client_certdb_pwd XXXXXXXX -preop_pin 1JbX3OUn0TgehavAiRWv -domain_name IPA -admin_user admin -admin_email root at localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=WASIELEWSKI.CO.UK -ldap_host server.wasielewski.co.uk -ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=WASIELEWSKI.CO.UK -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=WASIELEWSKI.CO.UK -ca_server_cert_subject_name CN=server.wasielewski.co.uk,O=WASIELEWSKI.CO.UK -ca_audit_signing_cert_subject_name CN=CA Audit,O=WASIELEWSKI.CO.UK -ca_sign_cert_subject_name CN=Certificate Authority,O=WASIELEWSKI.CO.UK -external false -clone false' returned non-zero exit status 255
2013-06-20T21:12:27Z DEBUG Configuration of CA failed
  File "/usr/sbin/ipa-server-install", line 1100, in <module>
    rval = main()

  File "/usr/sbin/ipa-server-install", line 888, in main
    subject_base=options.subject)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 531, in configure_instance
    self.start_creation("Configuring certificate server", 210)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 257, in start_creation
    method()

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 667, in __configure_instance
    raise RuntimeError('Configuration of CA failed')

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130620/27df3609/attachment.htm>

More information about the Freeipa-users mailing list