Description of problem:
Installing ipa server fails when restarting named:
ipa-server install fails with error:
[12/12]: changing resolv.conf to point to ourselves
Done configuring DNS (named).
ipa : ERROR Named service failed to start (Command ''/bin/systemctl'
'restart' 'named.service'' returned non-zero exit status 1)
named service failed to start
New msg when doing a yum install ipa-server:
Installing : ipa-server-4.1.0-4.el7.x86_64
warning: user named does not exist - using root
warning: group named does not exist - using root
Verifying : ipa-server-4.1.0-4.el7.x86_64
# journalctl -b -u named
Nov 10 15:46:00 beast.testrelm.test named: bind-dyndb-ldap version 6.0
compiled at 07:24:05 Sep 23 2014, compiler 4.8.3 20140911 (Red Hat 4.8.3-7)
Nov 10 15:46:00 beast.testrelm.test named: unable to open directory
'dyndb-ldap/ipa', working directory is '/var/named': permission denied
Nov 10 15:46:00 beast.testrelm.test named: LDAP config validation failed
for database 'ipa': permission denied
Nov 10 15:46:00 beast.testrelm.test named: dynamic database 'ipa'
configuration failed: permission denied
Nov 10 15:46:00 beast.testrelm.test named: loading configuration:
Nov 10 15:46:00 beast.testrelm.test named: exiting (due to fatal error)
Nov 10 15:46:00 beast.testrelm.test systemd: named.service: control process
exited, code=exited status=1
Nov 10 15:46:00 beast.testrelm.test systemd: Failed to start Berkeley
Internet Name Domain (DNS).
# ls -lZ /var/named/dyndb-ldap/
drwxrwx---. root root system_u:object_r:named_zone_t:s0 ipa
# ls -lZ /var/named/dyndb-ldap/ipa
nothing to list in this dir ^
Version-Release number of selected component (if applicable):
On new installations, when named user is not present
Steps to Reproduce:
1. Install clean VM
2. Install freeipa-server package
3. Run ipa-server-install
Installer does not fail.
Proposed as a Blocker for 21-final by Fedora user simo using the blocker tracking app because:
Violates Fedora Server criterion that the Domain Controller role must be installable and DNS must work after install.
Discussed in 2014-11-19 blocker review meeting. This bug violates the beta roles criteria: Release-blocking roles and the supported role configuration interfaces must meet the core functional Role Definition Requirements to the extent that supported roles can be successfully started, stopped, brought to a working configuration, and queried.
freeipa-4.1.1-2.fc21 has been submitted as an update for Fedora 21.
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing freeipa-4.1.1-2.fc21'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
sgallagh states that he's tested this with the update, so marking VERIFIED.
freeipa-4.1.1-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.