[Freeipa-users] Problems and questions installing Identity Manager on RHEL V7
Licause, Al (CSC AMS BCS - UNIX/Linux Network Support)
licause at hp.com
Wed Oct 1 16:28:44 UTC 2014
We are trying to install Identity Manager for testing and learning purposes in a test lab
environment. We have successfully installed the base product but have run into problems
when trying to setup a domain trust to an AD server.
We are somewhat limited as to how we can change these systems and since they must function
for replication of many different problems, we need to be cautious as to what we change.
But they are crash and burn systems.
Both the RHEL V7 IdM server system and the W2008 R2 AD server are in the same subnet
and the same dns zone.
So that is the first question....can we create a domain trust between these two systems
without placing one or the other in a different address subnet or changing the domain name ?
I have tried changing the realm name for the linux server from lab.us.com for example to
ipa.lab.us.com and then leaving the AD server in lab.us.com. That gets us a bit further
but then we run into problems with what I believe is the kerberos configuration.
I have tried to deinstall and reinstall the ipa server but the installation is now failing.
The ipa-server-install is failing with the following:
[37/38]: tuning directory server
[38/38]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds
[1/22]: creating certificate server user
[2/22]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpLb1CmI' returned non-zero exit status 1
Configuration of CA failed
This happens each time I try to uninstall and reinstall the ipa server on RHEL V7.
Looking at the latest log in /var/log/pki, I see this at the end of the log:
2014-10-01 11:53:10 pkispawn : INFO BEGIN spawning subsystem 'CA' of instance 'pki-tomcat' . . .
2014-10-01 11:53:10 pkispawn : INFO ... initializing 'pki.deployment.initialization'
2014-10-01 11:53:10 pkispawn : ERROR ....... PKI subsystem 'CA' for instance 'pki-tomcat' already exists!
2014-10-01 11:53:10 pkispawn : DEBUG ....... Error Type: SystemExit
2014-10-01 11:53:10 pkispawn : DEBUG ....... Error Message: 1
2014-10-01 11:53:10 pkispawn : DEBUG ....... File "/usr/sbin/pkispawn", line 374, in main
rv = instance.spawn()
File "/usr/lib/python2.7/site-packages/pki/deployment/initialization.py", line 56, in spawn
util.instance.verify_subsystem_does_not_exist()
File "/usr/lib/python2.7/site-packages/pki/deployment/pkihelper.py", line 990, in verify_subsystem_does_not_exist
sys.exit(1)
I am no python expert by any means and I'm not sure what this is telling us so any help
would be greatly appreciated.
Al Licause
CSC Americas BCS Technical Specialist
HP Customer Support Center
Hours 5am-2pm Pacific time USA
Manager: mark.bailey at hp.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141001/ae405d4d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 2051 bytes
Desc: image001.gif
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141001/ae405d4d/attachment.gif>
More information about the Freeipa-users
mailing list