[Freeipa-users] ipa-client-install certutil failure
Rob Crittenden
rcritten at redhat.com
Tue Mar 5 15:06:46 UTC 2013
Bittner Jakub wrote:
> On 5.3.2013 14:43, Rob Crittenden wrote:
>> Jakub Bittner wrote:
>>> Hello,
>>>
>>> I am using IPA version 3.0 on server and if I want to install on ubuntu
>>> with ipa-client-install certutil in the end this command
>>> "/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i
>>> /etc/ipa/ca.crt" fails.
>>>
>>> If I try it manually it says:
>>>
>>> certutil: function failed: The certificate/key database is in an old,
>>> unsupported format.
>>>
>>> I dont know for what I need nssdb. Is there a way how to recreate this
>>> nssdb file?
>>
>> Is it safe to assume that there is no NSS database in /etc/pki/nssdb
>> (the certutil error msgs are horrible)? There should be 3 .db files,
>> keyX.db, certY.db and secmod.db.
>>
>> To create an empty one do:
>>
>> certutil -N -d /etc/pki/nssdb
>>
>> You can set no password on this by pressing ENTER twice at the password
>> prompts.
>>
>> These files are typically root:root mode 644.
>>
>> rob
>>
>
> Thank you for reply, I overcome this issue, but I have problem with
> changing password on Ubuntu. I can log in, I can see GID, UIG and so,
> but I can not change password.
How are you trying to change the password? What output do you get when
it fails?
Is there anything in system logs related to this? /var/log/secure,
/var/log/messages.
Does password change work on other clients (e.g. if you have a Fedora
client, does that work?)
rob
More information about the Freeipa-users
mailing list