[Freeipa-users] ipa-server-install fails (RHEL 6.5)

Steve Dainard sdainard at miovision.com
Tue Feb 4 20:59:44 UTC 2014 

Following this guide:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html

STEP 4:
ipa-server-install --setup-dns -p '<password>' -a '<password>' -r
MIOVISION.LINUX -n miovision.linux --hostname ipa1.miovision.linux
--forwarder=10.0.0.2 --forwarder=10.0.0.5

Server host name [ipa1.miovision.linux]:

Warning: skipping DNS resolution of host ipa1.miovision.linux
Unable to resolve IP address for host name
Please provide the IP address to be used for this host name: 10.0.6.3
Adding [10.0.6.3 ipa1.miovision.linux] to your /etc/hosts file
Do you want to configure the reverse zone? [yes]:
Please specify the reverse zone name [6.0.10.in-addr.arpa.]:
Using reverse zone 6.0.10.in-addr.arpa.

The IPA Master Server will be configured with:
Hostname:      ipa1.miovision.linux
IP address:    10.0.6.3
Domain name:   miovision.linux
Realm name:    MIOVISION.LINUX

BIND DNS server will be configured to serve IPA domain with:
Forwarders:    10.0.0.2, 10.0.0.5
Reverse zone:  6.0.10.in-addr.arpa.

Continue to configure the system with these values? [no]: yes

The following operations may take some minutes to complete.
Please wait until the prompt is returned.

Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd

...

Done configuring directory server (dirsrv).
Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds
  [1/10]: adding sasl mappings to the directory
  [2/10]: adding kerberos container to the directory
  [3/10]: configuring KDC
  [4/10]: initialize kerberos container
Failed to initialize the realm container
  [5/10]: adding default ACIs
  [6/10]: creating a keytab for the directory
Unexpected error - see /var/log/ipaserver-install.log for details:
CalledProcessError: Command 'kadmin.local -q addprinc -randkey
ldap/ipa1.miovision.linux at MIOVISION.LINUX -x
ipa-setup-override-restrictions' returned non-zero exit status 1

*/var/log/ipaserver-install.log*

add aci:

(target="ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=miovision,dc=linux")(targetattr="userCertificate")(version
3.0; acl "Modify CA Certificates for renewals"; allow(write) userdn =
"ldap:///fqdn=ipa1.miovision.linux,cn=computers,cn=accounts,dc=miovision,dc=linux";)
modifying entry "cn=ipa,cn=etc,dc=miovision,dc=linux"
modify complete


2014-02-04T20:45:51Z DEBUG stderr=ldap_initialize(
ldapi://%2Fvar%2Frun%2Fslapd-MIOVISION-LINUX.socket/??base )

2014-02-04T20:45:51Z DEBUG   duration: 6 seconds
2014-02-04T20:45:51Z DEBUG   [6/10]: creating a keytab for the directory
2014-02-04T20:45:51Z DEBUG args=kadmin.local -q addprinc -randkey
ldap/ipa1.miovision.linux at MIOVISION.LINUX -x ipa-setup-override-restrictions
2014-02-04T20:45:51Z DEBUG stdout=Authenticating as principal
root/admin at MIOVISION.LINUX with password.

2014-02-04T20:45:51Z DEBUG stderr=kadmin.local: No such entry in the
database while initializing kadmin.local interface

2014-02-04T20:45:51Z INFO   File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line
614, in run_script
    return_value = main_function()

  File "/usr/sbin/ipa-server-install", line 1024, in main
    subject_base=options.subject)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/krbinstance.py",
line 183, in create_instance
    self.start_creation(runtime=30)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py",
line 358, in start_creation
    method()

  File "/usr/lib/python2.6/site-packages/ipaserver/install/krbinstance.py",
line 386, in __create_ds_keytab
    installutils.kadmin_addprinc(ldap_principal)

  File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line
369, in kadmin_addprinc
    kadmin("addprinc -randkey " + principal)

  File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line
366, in kadmin
    "-x", "ipa-setup-override-restrictions"])

  File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 316,
in run
    raise CalledProcessError(p.returncode, args)

2014-02-04T20:45:51Z INFO The ipa-server-install command failed, exception:
CalledProcessError: Command 'kadmin.local -q addprinc -randkey
ldap/ipa1.miovision.linux at MIOVISION.LINUX -x
ipa-setup-override-restrictions' returned non-zero exit status 1


*Steve Dainard *
IT Infrastructure Manager
Miovision <http://miovision.com/> | *Rethink Traffic*
519-513-2407 ex.250
877-646-8476 (toll-free)

*Blog <http://miovision.com/blog>  |  **LinkedIn
<https://www.linkedin.com/company/miovision-technologies>  |  Twitter
<https://twitter.com/miovision>  |  Facebook
<https://www.facebook.com/miovision>*
------------------------------
 Miovision Technologies Inc. | 148 Manitou Drive, Suite 101, Kitchener, ON,
Canada | N2C 1L3
This e-mail may contain information that is privileged or confidential. If
you are not the intended recipient, please delete the e-mail and any
attachments and notify us immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140204/c2cfcd89/attachment.htm>

More information about the Freeipa-users mailing list