<div dir="ltr"><div><div> </div>Hi Martin, </div>Yes, setting selinux to permissive allowed me to install and configure IPA 4.1 on CentOS 7. :-) </div><div class="gmail_extra"> <div class="gmail_quote">On Wed, Nov 19, 2014 at 11:41 AM, Martin Kosek <<a href="mailto:mkosek@redhat.com" target="_blank">mkosek@redhat.com</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">It is highly probable the issue is caused by SELinux (check for AVCs in /var/log/audit/audit.log). Can you try with SELinux permissive? We specifically did not build selinux-policy as we do not think we should be the ones maintaining it for CentOS. HTH, Martin <div class="HOEnZb"><div class="h5"> ----- Original Message ----- > From: "Bill Peck" <<a href="mailto:bill@pecknet.com">bill@pecknet.com</a>> > To: "Martin Kosek" <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>> > Cc: "Tamas Papp" <<a href="mailto:tompos@martos.bme.hu">tompos@martos.bme.hu</a>>, <a href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a> > Sent: Wednesday, November 19, 2014 5:34:10 PM > Subject: Re: [Freeipa-users] freeipa-server from copr repo > > Hi Marin, > > I was able to install from the copr repo now as well. Thank you! > > However I wasn't able to finish the install: > > [23/27]: configure certmonger for renewals > [24/27]: configure certificate renewals > [error] DBusException: org.fedorahosted.certmonger.bad_arg: The location > "/etc/pki/pki-tomcat/alias" could not be accessed due to insufficient > permissions. > > > Don't know if you need the command for how I was installing ipa. But here > is the line from my anseible playbook. > shell: ipa-server-install -a {{ adminpassword }} --hostname={{ servername > }} -r {{ realm }} -p {{ directorypassword }} -n {{ domain }} --setup-dns > --forwarder={{ dnsforwarder }} -U creates={{ slapd }} > > On Wed, Nov 19, 2014 at 11:23 AM, Martin Kosek <<a href="mailto:mkosek@redhat.com">mkosek@redhat.com</a>> wrote: > > > On 11/19/2014 11:57 AM, Tamas Papp wrote: > > > I am good in waiting;) > > > > > > Thanks for the prompt reply. > > > > Ok Tamas, I think we *finally* got somewhere. Can you please try the > > mkosek/freeipa Copr repo now? > > > > I was able to install upstream "freeipa-server" 4.1.1 package on my > > RHEL-7.0 > > machine (should be the same for CentOS) and run ipa-server-install: > > > > # yum install freeipa-server --enablerepo=mkosek-freeipa > > ... > > Resolving Dependencies > > --> Running transaction check > > ---> Package freeipa-server.x86_64 0:4.1.1-1.2.el7.centos will be installed > > ... > > Transaction Summary > > > > ======================================================================================================== > > Install 1 Package (+338 Dependent packages) > > Upgrade ( 11 Dependent packages) > > > > Total download size: 146 M > > ... > > > > # rpm -q freeipa-server > > freeipa-server-4.1.1-1.2.el7.centos.x86_64 > > > > # ipa-server-install --setup-dns > > > > # kinit admin > > Password for <a href="mailto:admin@EXAMPLE.COM">admin@EXAMPLE.COM</a>: > > > > Thanks, > > Martin > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a> > > Go To <a href="http://freeipa.org" target="_blank">http://freeipa.org</a> for more info on the project > > > </div></div></blockquote></div> </div>