<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EstiloCorreo17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="ES" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US">I’ve been put in charge of implementing a solution that uses LDAP and kerberos authentication. At first thought I should use openLDAP and Kerberos but found freeIPA and looks really cool, however, when trying to install
I keep getting this error about configuration of CA:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">The following operations may take some minutes to complete.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Please wait until the prompt is returned.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Configuring NTP daemon (ntpd)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> [1/4]: stopping ntpd<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> [2/4]: writing configuration<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> [3/4]: configuring ntpd to start on boot<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> [4/4]: starting ntpd<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Done configuring NTP daemon (ntpd).<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Configuring directory server for the CA (pkids): Estimated time 30 seconds<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> [1/3]: creating directory server user<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> [2/3]: creating directory server instance<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> [3/3]: restarting directory server<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">ipa : CRITICAL Failed to restart the directory server. See the installation log for details.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Done configuring directory server for the CA (pkids).<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> [1/20]: creating certificate server user<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> [2/20]: configuring certificate server instance<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname ipatest.ingenia.local -cs_port 9445 -client_certdb_dir /tmp/tmp-ARezzO -client_certdb_pwd XXXXXXXX
-preop_pin f0dLhx9bLX5qWHYx50h6 -domain_name IPA -admin_user admin -admin_email root@localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=INGENIA.LOCAL -ldap_host ipatest.ingenia.local
-ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name
CN=CA Subsystem,O=INGENIA.LOCAL -ca_subsystem_cert_subject_name CN=CA Subsystem,O=INGENIA.LOCAL -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=INGENIA.LOCAL -ca_server_cert_subject_name CN=ipatest.ingenia.local,O=INGENIA.LOCAL -ca_audit_signing_cert_subject_name
CN=CA Audit,O=INGENIA.LOCAL -ca_sign_cert_subject_name CN=Certificate Authority,O=INGENIA.LOCAL -external false -clone false' returned non-zero exit status 255<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Configuration of CA failed<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I’m including two install logs, one with dns-setup and the other without it. Don’t really know what I’m doing wrong, thought maybe I should allow connections to certain ports in ip tables or something but have no clue
really and I’m quite new to this, help please..<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Remigio<o:p></o:p></span></p>
</div>
</body>
</html>