[Freeipa-users] ipa-replica-install failing, dirsrv not starting properly during install process
David Dejaeghere
david.dejaeghere at gmail.com
Tue Nov 29 10:51:49 UTC 2016
Hi,
I have a setup where i want to add a replica. The first master setup has
an externally signed cert for dirsrv and httpd. The replica is prepapred
succesfully with ipa-client-install but the replica install then keeps
failing. It seems that during install dirserv is not configured correctly
with a valid server certificate. Output from the dirsrv error added to this
email as well.
[root at ns02 ~]# ipa-replica-install --setup-ca
WARNING: conflicting time&date synchronization service 'chronyd' will
be disabled in favor of ntpd
Run connection check to master
Connection check OK
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 1 minute
[1/43]: creating directory server user
[2/43]: creating directory server instance
[3/43]: restarting directory server
[4/43]: adding default schema
[5/43]: enabling memberof plugin
[6/43]: enabling winsync plugin
[7/43]: configuring replication version plugin
[8/43]: enabling IPA enrollment plugin
[9/43]: enabling ldapi
[10/43]: configuring uniqueness plugin
[11/43]: configuring uuid plugin
[12/43]: configuring modrdn plugin
[13/43]: configuring DNS plugin
[14/43]: enabling entryUSN plugin
[15/43]: configuring lockout plugin
[16/43]: configuring topology plugin
[17/43]: creating indices
[18/43]: enabling referential integrity plugin
[19/43]: configuring certmap.conf
[20/43]: configure autobind for root
[21/43]: configure new location for managed entries
[22/43]: configure dirsrv ccache
[23/43]: enabling SASL mapping fallback
[24/43]: restarting directory server
[25/43]: creating DS keytab
[26/43]: retrieving DS Certificate
[27/43]: restarting directory server
ipa : CRITICAL Failed to restart the directory server (Command
'/bin/systemctl restart dirsrv at SOMETHING-BE.service' returned non-zero exit
status 1). See the installation log for details.
[28/43]: setting up initial replication
[error] error: [Errno 111] Connection refused
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
[29/Nov/2016:11:29:44.034285579 +0100] SSL alert: Security Initialization:
Can't find certificate (Server-Cert) for family
cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 -
security library: bad database.)
[29/Nov/2016:11:29:44.045039728 +0100] SSL alert: Security Initialization:
Unable to retrieve private key for cert Server-Cert of family
cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 -
security library: bad database.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161129/8e782291/attachment.htm>
More information about the Freeipa-users
mailing list