Bug 448339
| Summary: | ipa-server-install errors during ldapmodify | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] freeIPA | Reporter: | Brian J. Atkisson <batkisso> | ||||
| Component: | ipa-server | Assignee: | Rob Crittenden <rcritten> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 1.0 | CC: | benl, mgregg | ||||
| Target Milestone: | --- | Keywords: | Reopened | ||||
| Target Release: | --- | ||||||
| Hardware: | i386 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | freeipa-2.0.0-1.fc15 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2008-05-27 14:49:27 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 453489 | ||||||
| Attachments: |
|
||||||
|
Description
Brian J. Atkisson
2008-05-26 01:06:15 UTC
Can you attach /var/log/ipaserver-install.log? Created attachment 306687 [details]
ipaserver-install.log
Note: I see the same error with the Enterprise IPA beta as well. Looks like your domain is 'f9test'. Try f9test.com (.net, .whatever). At least a 2-part domain is required. This is fixed in the IPA tip but hasn't made its way into Fedora yet. Using a three part realm name (BLEH.TEST.REALM) seemed to let the install proceed. Thanks. Closing this as fixed UPSTREAM. This will be fixed in the next release of IPA.
Verified against:
1.1.0-2.20081119.el5ipa
Output from install:
Excluded by options:
* Configure the Network Time Daemon (ntpd)
To accept the default shown in brackets, press the Enter key.
The domain name has been calculated based on the host name.
The IPA Master Server will be configured with
Hostname: ipaqa-64vm.dsqa.sjc2.redhat.com
IP address: 10.14.0.135
Domain name: dsqa.sjc2.redhat.com
Configuring directory server:
[1/17]: creating directory server user
[2/17]: creating directory server instance
[3/17]: adding default schema
[4/17]: enabling memberof plugin
[5/17]: enabling referential integrity plugin
[6/17]: enabling distributed numeric assignment plugin
[7/17]: enabling winsync plugin
[8/17]: configuring uniqueness plugin
[9/17]: creating indices
[10/17]: configuring ssl for ds instance
[11/17]: configuring certmap.conf
[12/17]: restarting directory server
[13/17]: adding default layout
[14/17]: configuring Posix uid/gid generation as first master
[15/17]: adding master entry as first master
[16/17]: initializing group membership
[17/17]: configuring directory to start on boot
done configuring dirsrv.
Configuring Kerberos KDC
[1/13]: setting KDC account password
[2/13]: adding sasl mappings to the directory
[3/13]: adding kerberos entries to the DS
[4/13]: adding default ACIs
[5/13]: configuring KDC
[6/13]: adding default keytypes
[7/13]: creating a keytab for the directory
[8/13]: creating a keytab for the machine
[9/13]: exporting the kadmin keytab
[10/13]: adding the password extension to the directory
[11/13]: adding the kerberos master key to the directory
[12/13]: starting the KDC
[13/13]: configuring KDC to start on boot
done configuring krb5kdc.
Configuring ipa_kpasswd
[1/2]: starting ipa_kpasswd
[2/2]: configuring ipa_kpasswd to start on boot
done configuring ipa_kpasswd.
Configuring the web interface
[1/10]: disabling mod_ssl in httpd
[2/10]: Setting mod_nss port to 443
[3/10]: Adding URL rewriting rules
[4/10]: configuring httpd
[5/10]: creating a keytab for httpd
[6/10]: Setting up ssl
[7/10]: Setting up browser autoconfig
[8/10]: configuring SELinux for httpd
[9/10]: restarting httpd
[10/10]: configuring httpd to start on boot
done configuring httpd.
Configuring ipa_webgui
[1/2]: starting ipa_webgui
[2/2]: configuring ipa_webgui to start on boot
done configuring ipa_webgui.
Configuring bind:
[1/5]: Setting up our zone
[2/5]: Setting up named.conf
[3/5]: restarting named
[4/5]: configuring named to start on boot
[5/5]: Changing resolv.conf to point to ourselves
done configuring named.
Applying LDAP updates
restarting the directory server
restarting the KDC
==============================================================================
Setup complete
Next steps:
1. You must make sure these network ports are open:
TCP Ports:
* 80, 443: HTTP/HTTPS
* 389, 636: LDAP/LDAPS
* 88, 464: kerberos
* 53: bind
UDP Ports:
* 88, 464: kerberos
* 53: bind
2. You can now obtain a kerberos ticket using the command: 'kinit admin'
This ticket will allow you to use the IPA tools (e.g., ipa-adduser)
and the web user interface.
3. Kerberos requires time synchronization between clients
and servers for correct operation. You should consider enabling ntpd.
Be sure to back up the CA certificate stored in /etc/dirsrv/slapd-DSQA-SJC2-REDHAT-COM/cacert.p12
The password for this file is in /etc/dirsrv/slapd-DSQA-SJC2-REDHAT-COM/pwdfile.txt
+ ret=0
+ [ 0 -ne 0 ]
|