[Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Robert L. Harris
robert.l.harris at gmail.com
Wed May 17 20:04:48 UTC 2017
Ok, I reverted to a completely fresh install, literally just after the
first reboot. It installed cleanly. So there's something in a package
upgrade that's breaking things. I may try to figure it out later.
On Tue, May 16, 2017 at 3:08 PM Dagan McGregor <list at sudo.nz> wrote:
> On 17 May 2017 8:50:02 AM NZST, "Robert L. Harris" <
> robert.l.harris at gmail.com> wrote:
>>
>> I can, though that's what I did 2 days ago, fresh install from latest
>> ISO.
>>
>>
>> On Tue, May 16, 2017 at 2:40 PM Andrew Holway <andrew.holway at gmail.com>
>> wrote:
>>
>>> I have a feeling that there is something broken with your image. Could
>>> you try installing Centos from ISO?
>>>
>>>
>>> On 16 May 2017 at 22:37, Robert L. Harris <robert.l.harris at gmail.com>
>>> wrote:
>>>
>>>>
>>>> I left SELinux enabled, no change, still streaming the same error:
>>>>
>>>> [Tue May 16 14:36:48.957848 2017] [:error] [pid 10780] NSS_Initialize
>>>> failed. Certificate database: /etc/httpd/alias.
>>>> [Tue May 16 14:36:48.957883 2017] [:error] [pid 10780] SSL Library
>>>> Error: -8038 SEC_ERROR_NOT_INITIALIZED
>>>> [Tue May 16 14:36:48.957886 2017] [:error] [pid 10780] Does the NSS
>>>> database exist?
>>>>
>>>>
>>>>
>>>> On Tue, May 16, 2017 at 2:12 PM Andrew Holway <andrew.holway at gmail.com>
>>>> wrote:
>>>>
>>>>> Yea, I would try installing IPA then making the changes that you want.
>>>>> I think SELinux should be left enabled however. It makes admin super fun! :)
>>>>>
>>>>>
>>>>> On 16 May 2017 at 21:57, Robert L. Harris <robert.l.harris at gmail.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>> I did disable selinux as it gave errors setting up my standard users,
>>>>>> etc. I can roll back the snapshot, set it at 4Gigs of RAM and re-enable
>>>>>> selinux and then try again.
>>>>>>
>>>>>>
>>>>>> On Tue, May 16, 2017 at 1:52 PM Andrew Holway <
>>>>>> andrew.holway at gmail.com> wrote:
>>>>>>
>>>>>>> This is pretty weird. FreeIPA installation normally works.
>>>>>>>
>>>>>>> Has the operating system image been changed or optimised somehow?
>>>>>>> Perhaps SELinux has been disabled? Have you tried installing Centos7 from
>>>>>>> the ISO?
>>>>>>>
>>>>>>> On 16 May 2017 at 21:48, Robert L. Harris <robert.l.harris at gmail.com
>>>>>>> > wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> 2 Gigs, it's a VM. The VM didn't report any memory issues ( no
>>>>>>>> alarms on VMWare )
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, May 16, 2017 at 12:29 PM Andrew Holway <
>>>>>>>> andrew.holway at gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Hallo,
>>>>>>>>>
>>>>>>>>> How much memory do you have on the machine. I have a sneaking
>>>>>>>>> suspicion that you're running out.
>>>>>>>>>
>>>>>>>>> Ta,
>>>>>>>>>
>>>>>>>>> Andrew
>>>>>>>>>
>>>>>>>>> On 16 May 2017 at 17:16, Robert L. Harris <
>>>>>>>>> robert.l.harris at gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Last night I rolled back my snapshot. Here's what I have after
>>>>>>>>>> the yum install
>>>>>>>>>>
>>>>>>>>>> "minimal" install of Centos7 + basic build.
>>>>>>>>>> {0}:/var/log>cat /etc/*elease
>>>>>>>>>> CentOS Linux release 7.3.1611 (Core)
>>>>>>>>>> NAME="CentOS Linux"
>>>>>>>>>> VERSION="7 (Core)"
>>>>>>>>>> ID="centos"
>>>>>>>>>> ID_LIKE="rhel fedora"
>>>>>>>>>> VERSION_ID="7"
>>>>>>>>>> PRETTY_NAME="CentOS Linux 7 (Core)"
>>>>>>>>>> ANSI_COLOR="0;31"
>>>>>>>>>> CPE_NAME="cpe:/o:centos:centos:7"
>>>>>>>>>> HOME_URL="https://www.centos.org/"
>>>>>>>>>> BUG_REPORT_URL="https://bugs.centos.org/"
>>>>>>>>>>
>>>>>>>>>> CENTOS_MANTISBT_PROJECT="CentOS-7"
>>>>>>>>>> CENTOS_MANTISBT_PROJECT_VERSION="7"
>>>>>>>>>> REDHAT_SUPPORT_PRODUCT="centos"
>>>>>>>>>> REDHAT_SUPPORT_PRODUCT_VERSION="7"
>>>>>>>>>>
>>>>>>>>>> CentOS Linux release 7.3.1611 (Core)
>>>>>>>>>> CentOS Linux release 7.3.1611 (Core)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb'
>>>>>>>>>> sssd-krb5-common-1.14.0-43.el7_3.14.x86_64
>>>>>>>>>> python2-ipaclient-4.4.0-14.el7.centos.7.noarch
>>>>>>>>>> ipa-common-4.4.0-14.el7.centos.7.noarch
>>>>>>>>>> perl-HTTP-Tiny-0.033-3.el7.noarch
>>>>>>>>>> python-iniparse-0.4-9.el7.noarch
>>>>>>>>>> ipa-client-common-4.4.0-14.el7.centos.7.noarch
>>>>>>>>>> pam_krb5-2.4.8-6.el7.x86_64
>>>>>>>>>> sssd-krb5-1.14.0-43.el7_3.14.x86_64
>>>>>>>>>> python-ipaddress-1.0.16-2.el7.noarch
>>>>>>>>>> python2-ipalib-4.4.0-14.el7.centos.7.noarch
>>>>>>>>>> krb5-libs-1.14.1-27.el7_3.x86_64
>>>>>>>>>> libipa_hbac-1.14.0-43.el7_3.14.x86_64
>>>>>>>>>> python-libipa_hbac-1.14.0-43.el7_3.14.x86_64
>>>>>>>>>> sssd-ipa-1.14.0-43.el7_3.14.x86_64
>>>>>>>>>> krb5-workstation-1.14.1-27.el7_3.x86_64
>>>>>>>>>> ipa-client-4.4.0-14.el7.centos.7.x86_64
>>>>>>>>>>
>>>>>>>>>> Tried to pull an exact client. The "yum install ipa-server" went
>>>>>>>>>> fine:
>>>>>>>>>>
>>>>>>>>>> {0}:/var/log/httpd>rpm -a -q | grep -i ipa-server
>>>>>>>>>> ipa-server-4.4.0-14.el7.centos.7.x86_64
>>>>>>>>>> ipa-server-common-4.4.0-14.el7.centos.7.noarch
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> "ipa-server-install" ran clean but has been stuck for 2 days:
>>>>>>>>>>
>>>>>>>>>> Restarting the directory server
>>>>>>>>>> Restarting the KDC
>>>>>>>>>> Please add records in this file to your DNS system:
>>>>>>>>>> /tmp/ipa.system.records.qLsLyx.db
>>>>>>>>>> Restarting the web server
>>>>>>>>>> Configuring client side components
>>>>>>>>>> Using existing certificate '/etc/ipa/ca.crt'.
>>>>>>>>>> Client hostname: ipa.rdlg.net
>>>>>>>>>> Realm: RDLG.NET
>>>>>>>>>> DNS Domain: rdlg.net
>>>>>>>>>> IPA Server: ipa.rdlg.net
>>>>>>>>>> BaseDN: dc=rdlg,dc=net
>>>>>>>>>>
>>>>>>>>>> Skipping synchronizing time with NTP server.
>>>>>>>>>> New SSSD config will be created
>>>>>>>>>> Configured sudoers in /etc/nsswitch.conf
>>>>>>>>>> Configured /etc/sssd/sssd.conf
>>>>>>>>>> trying https://ipa.rdlg.net/ipa/json
>>>>>>>>>> Forwarding 'schema' to json server 'https://ipa.rdlg.net/ipa/json
>>>>>>>>>> '
>>>>>>>>>>
>>>>>>>>>> Checking the /var/log/httpd/error.log has 2 days of just this:
>>>>>>>>>>
>>>>>>>>>> [Tue May 16 09:14:42.941476 2017] [:error] [pid 1182]
>>>>>>>>>> NSS_Initialize failed. Certificate database: /etc/httpd/alias.
>>>>>>>>>> [Tue May 16 09:14:42.941499 2017] [:error] [pid 1182] SSL Library
>>>>>>>>>> Error: -8038 SEC_ERROR_NOT_INITIALIZED
>>>>>>>>>> [Tue May 16 09:14:42.941501 2017] [:error] [pid 1182] Does the
>>>>>>>>>> NSS database exist?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Robert
>>>>>>>>>>
>>>>>>>>>> On Fri, May 12, 2017 at 11:14 AM Rob Crittenden <
>>>>>>>>>> rcritten at redhat.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Robert L. Harris wrote:
>>>>>>>>>>> >
>>>>>>>>>>> > Hmmm
>>>>>>>>>>> >
>>>>>>>>>>> > {0}:/var/log>ls
>>>>>>>>>>> > anaconda btmp dmesg grubby maillog ppp
>>>>>>>>>>> secure
>>>>>>>>>>> > tallylog wtmp
>>>>>>>>>>> > audit cron dmesg.old grubby_prune_debug messages rhsm
>>>>>>>>>>> spooler
>>>>>>>>>>> > tuned yum.log
>>>>>>>>>>> > boot.log cups firewalld lastlog ntpstats
>>>>>>>>>>> samba sssd
>>>>>>>>>>> > vmware-vmsvc.log
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> > root at ipa
>>>>>>>>>>> > {1}:/var/log>rpm -q -l http
>>>>>>>>>>> > package http is not installed
>>>>>>>>>>> >
>>>>>>>>>>> > root at ipa
>>>>>>>>>>> > {1}:/var/log>rpm -q -a | grep -i http
>>>>>>>>>>> > perl-HTTP-Tiny-0.033-3.el7.noarch
>>>>>>>>>>> >
>>>>>>>>>>> > root at ipa
>>>>>>>>>>> > {0}:/var/log>rpm -q -a | grep -i tomcat
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> > Doesn't look like an httpd was installed as a dependancy?
>>>>>>>>>>>
>>>>>>>>>>> I find this very hard to believe given that it go so far as to
>>>>>>>>>>> configure
>>>>>>>>>>> things in Apache, restart it, etc. What version of
>>>>>>>>>>> [free]ipa-server is
>>>>>>>>>>> installed? How did you install it and from what repo?
>>>>>>>>>>>
>>>>>>>>>>> rob
>>>>>>>>>>>
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> > On Fri, May 12, 2017 at 1:17 AM Martin Bašti <
>>>>>>>>>>> mbasti at redhat.com
>>>>>>>>>>> > <mailto:mbasti at redhat.com>> wrote:
>>>>>>>>>>> >
>>>>>>>>>>> > That's weird, it should be super fast, anything in
>>>>>>>>>>> > /var/log/httpd/error_log?
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> > On 11.05.2017 22:23, Robert L. Harris wrote:
>>>>>>>>>>> >>
>>>>>>>>>>> >> Odd, must have clicked reply instead of reply-all.
>>>>>>>>>>> >>
>>>>>>>>>>> >> Anyway, I did the revert and re-install. Actual install
>>>>>>>>>>> went
>>>>>>>>>>> >> through fine then the "ipa-server-install" ran until this:
>>>>>>>>>>> >>
>>>>>>>>>>> >> [8/9]: restoring configuration
>>>>>>>>>>> >> [9/9]: starting directory server
>>>>>>>>>>> >> Done.
>>>>>>>>>>> >> Restarting the directory server
>>>>>>>>>>> >> Restarting the KDC
>>>>>>>>>>> >> Please add records in this file to your DNS system:
>>>>>>>>>>> >> /tmp/ipa.system.records.v5Jwrt.db
>>>>>>>>>>> >> Restarting the web server
>>>>>>>>>>> >> Configuring client side components
>>>>>>>>>>> >> Using existing certificate '/etc/ipa/ca.crt'.
>>>>>>>>>>> >> Client hostname: ipa.rdlg.net <http://ipa.rdlg.net>
>>>>>>>>>>> >> Realm: RDLG.NET <http://RDLG.NET>
>>>>>>>>>>> >> DNS Domain: rdlg.net <http://rdlg.net>
>>>>>>>>>>> >> IPA Server: ipa.rdlg.net <http://ipa.rdlg.net>
>>>>>>>>>>> >> BaseDN: dc=rdlg,dc=net
>>>>>>>>>>> >>
>>>>>>>>>>> >> Skipping synchronizing time with NTP server.
>>>>>>>>>>> >> New SSSD config will be created
>>>>>>>>>>> >> Configured sudoers in /etc/nsswitch.conf
>>>>>>>>>>> >> Configured /etc/sssd/sssd.conf
>>>>>>>>>>> >> trying https://ipa.rdlg.net/ipa/json
>>>>>>>>>>> >> Forwarding 'schema' to json server '
>>>>>>>>>>> https://ipa.rdlg.net/ipa/json'
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >> It's been sitting there for a while ( 4 hours? ) I don't
>>>>>>>>>>> see
>>>>>>>>>>> >> anyting in the ipaserver-install.log, but it's here:
>>>>>>>>>>> >> https://pastebin.com/biK1Dmv7
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >> On Thu, May 11, 2017 at 8:12 AM Martin Bašti <
>>>>>>>>>>> mbasti at redhat.com
>>>>>>>>>>> >> <mailto:mbasti at redhat.com>> wrote:
>>>>>>>>>>> >>
>>>>>>>>>>> >> Please keep freeipa-users in CC
>>>>>>>>>>> >>
>>>>>>>>>>> >> Snapshot is always better, so I suggest to use it.
>>>>>>>>>>> Otherwise
>>>>>>>>>>> >> there is an option --ignore-last-of-role to unblock
>>>>>>>>>>> >> uninstallation.
>>>>>>>>>>> >>
>>>>>>>>>>> >> Martin
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >> On 11.05.2017 16:00, Robert L. Harris wrote:
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> Looks like you hit it, apache didn't have a group:
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end at
>>>>>>>>>>> Thu
>>>>>>>>>>> >>> 2017-05-11 07:48:27 MDT. --
>>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>>>>>>>>>> >>> systemd[1]: Starting The Apache HTTP Server...
>>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>>>>>>>>>> >>> ipa-httpd-kdcproxy[28808]: ipa : INFO
>>>>>>>>>>> KDC proxy
>>>>>>>>>>> >>> enabled
>>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>>>>>>>>>> >>> httpd[28809]: AH00544: httpd: bad group name apache
>>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>>>>>>>>>> >>> systemd[1]: httpd.service: main process exited,
>>>>>>>>>>> code=exited,
>>>>>>>>>>> >>> status=1/FAILURE
>>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>>>>>>>>>> >>> kill[28812]: kill: cannot find process ""
>>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>>>>>>>>>> >>> systemd[1]: httpd.service: control process exited,
>>>>>>>>>>> >>> code=exited status=1
>>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>>>>>>>>>> >>> systemd[1]: Failed to start The Apache HTTP Server.
>>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>>>>>>>>>> >>> systemd[1]: Unit httpd.service entered failed state.
>>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net <http://ipa.rdlg.net>
>>>>>>>>>>> >>> systemd[1]: httpd.service failed.
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> Thanks, didn't know that command. I tried to
>>>>>>>>>>> continue the
>>>>>>>>>>> >>> process:
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> {0}:/root>ipa-server-install
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> The log file for this installation can be found in
>>>>>>>>>>> >>> /var/log/ipaserver-install.log
>>>>>>>>>>> >>> ipa.ipapython.install.cli.install_tool(Server):
>>>>>>>>>>> ERROR IPA
>>>>>>>>>>> >>> server is already configured on this system.
>>>>>>>>>>> >>> If you want to reinstall the IPA server, please
>>>>>>>>>>> uninstall it
>>>>>>>>>>> >>> first using 'ipa-server-install --uninstall'.
>>>>>>>>>>> >>> ipa.ipapython.install.cli.install_tool(Server):
>>>>>>>>>>> ERROR The
>>>>>>>>>>> >>> ipa-server-install command failed. See
>>>>>>>>>>> >>> /var/log/ipaserver-install.log for more information
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> root at ipa
>>>>>>>>>>> >>> {1}:/root>ipa-server-install --uninstall
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> This is a NON REVERSIBLE operation and will delete
>>>>>>>>>>> all data
>>>>>>>>>>> >>> and configuration!
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> Are you sure you want to continue with the uninstall
>>>>>>>>>>> >>> procedure? [no]: yes
>>>>>>>>>>> >>> ipa : ERROR Server removal aborted:
>>>>>>>>>>> Deleting this
>>>>>>>>>>> >>> server is not allowed as it would leave your
>>>>>>>>>>> installation
>>>>>>>>>>> >>> without a CA..
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> This is a VM and I took a snapshot right before I
>>>>>>>>>>> started the
>>>>>>>>>>> >>> install, so I can revert, just make sure ti add the
>>>>>>>>>>> apache
>>>>>>>>>>> >>> user before starting the install. Or if you have a
>>>>>>>>>>> better
>>>>>>>>>>> >>> command to continue the clean-up/install.....
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> On Thu, May 11, 2017 at 2:19 AM Martin Bašti
>>>>>>>>>>> >>> <mbasti at redhat.com <mailto:mbasti at redhat.com>>
>>>>>>>>>>> wrote:
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> Hello,
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> comments inline
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> On 11.05.2017 06:06, Robert L. Harris wrote:
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> Sigh... Sorry, it's been a long day, I thought
>>>>>>>>>>> I put
>>>>>>>>>>> >>>> that log in the first pastebin. It's in this
>>>>>>>>>>> one:
>>>>>>>>>>> >>>> https://pastebin.com/18PAXXNS
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> Could you please provide journalctl -u httpd and
>>>>>>>>>>> >>> /var/log/httpd/error_log ?
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> Also,
>>>>>>>>>>> >>>> Anyone else get the constant spam when
>>>>>>>>>>> mailing this
>>>>>>>>>>> >>>> list? Got an address to block for it?
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> Sorry for that, there is a bot mining public
>>>>>>>>>>> archives. We
>>>>>>>>>>> >>> plan to resolve this issue but it may take time
>>>>>>>>>>> as we are
>>>>>>>>>>> >>> not maintaining our mailman.
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> Martin
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> Robert
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> On Wed, May 10, 2017 at 9:56 PM Lachlan Musicman
>>>>>>>>>>> >>>> <datakid at gmail.com <mailto:datakid at gmail.com>>
>>>>>>>>>>> wrote:
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> Robert, did you look in
>>>>>>>>>>> >>>> /var/log/ipaserver-install.log as it says?
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> Was there any other information?
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> cheers
>>>>>>>>>>> >>>> L.
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> ------
>>>>>>>>>>> >>>> "Mission Statement: To provide hope and
>>>>>>>>>>> inspiration
>>>>>>>>>>> >>>> for collective action, to build collective
>>>>>>>>>>> power, to
>>>>>>>>>>> >>>> achieve collective transformation, rooted
>>>>>>>>>>> in grief
>>>>>>>>>>> >>>> and rage but pointed towards vision and
>>>>>>>>>>> dreams."
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> - Patrice Cullors, /Black Lives Matter
>>>>>>>>>>> founder/
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> On 11 May 2017 at 13:24, Robert L. Harris
>>>>>>>>>>> >>>> <robert.l.harris at gmail.com
>>>>>>>>>>> >>>> <mailto:robert.l.harris at gmail.com>> wrote:
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> Ok, I gave up on Ubuntu. I'm now
>>>>>>>>>>> trying the
>>>>>>>>>>> >>>> latest CentOS7. I built out a "minimal
>>>>>>>>>>> server"
>>>>>>>>>>> >>>> with some normal base packages which
>>>>>>>>>>> did include
>>>>>>>>>>> >>>> the freeipa-client but otherwise, just
>>>>>>>>>>> standard
>>>>>>>>>>> >>>> tools. Here's a pastebin of the output
>>>>>>>>>>> of the
>>>>>>>>>>> >>>> install: https://pastebin.com/zAWCgkUU
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> Robert
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> --
>>>>>>>>>>> >>>> Manage your subscription for the
>>>>>>>>>>> Freeipa-users
>>>>>>>>>>> >>>> mailing list:
>>>>>>>>>>> >>>>
>>>>>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>>>>>>> >>>> Go to http://freeipa.org for more info
>>>>>>>>>>> on the
>>>>>>>>>>> >>>> project
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> --
>>>>>>>>>>> >>>> Manage your subscription for the
>>>>>>>>>>> Freeipa-users
>>>>>>>>>>> >>>> mailing list:
>>>>>>>>>>> >>>>
>>>>>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>>>>>>> >>>> Go to http://freeipa.org for more info on
>>>>>>>>>>> the project
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> --
>>>>>>>>>>> >>> Martin Bašti
>>>>>>>>>>> >>> Software Engineer
>>>>>>>>>>> >>> Red Hat Czech
>>>>>>>>>>> >>>
>>>>>>>>>>> >>
>>>>>>>>>>> >> --
>>>>>>>>>>> >> Martin Bašti
>>>>>>>>>>> >> Software Engineer
>>>>>>>>>>> >> Red Hat Czech
>>>>>>>>>>> >>
>>>>>>>>>>> >
>>>>>>>>>>> > --
>>>>>>>>>>> > Martin Bašti
>>>>>>>>>>> > Software Engineer
>>>>>>>>>>> > Red Hat Czech
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Manage your subscription for the Freeipa-users mailing list:
>>>>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>>>>>> Go to http://freeipa.org for more info on the project
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>
>>>
> Hi,
>
> Apologies if this has been asked already, but are the file permissions
> correct for the alias file it is complaining about?
>
> If the process cannot read the file it will fail.
>
> It's also worth checking the SElinux context in case it needs a relabel.
> And check it's not immutable for some reason.
>
> $ ls -lZ /etc/httpd/alias
> $ lsattr /etc/httpd/alias
>
> I have just installed FreeIPA in CentOS 7 myself without any problems. So
> this seems like an odd error to get.
>
> Cheers,
> Dagan McGregor
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170517/5a599a9b/attachment.htm>
More information about the Freeipa-users
mailing list