I think I have SELinux turned off but will double-check in the morning. And reply to the list....
-- Bret Wortman http://bretwortman.com/ http://twitter.com/bretwortman On Wednesday, October 17, 2012 at 3:17 PM, Rob Crittenden wrote: > Bret Wortman wrote: > > Now it appears that whatever is supposed to be running on port 9445 > > (looks like mindarray-ca) isn't running, and I'm not sure how it gets > > started, exactly. I ran lsof -i:9445 on this server and on a FreeIPA > > test box I first set up, and it's running on the test box but not the > > new one. Where should I look next? > > > > > See if there are any SELinux denials: ausearch -m AVC > > It looks like tomcat failed to start. The logs are in /var/log/pki-ca. > > rob > > > > > On Wed, Oct 17, 2012 at 2:07 PM, Bret Wortman > > <bret.wort...@damascusgrp.com <mailto:bret.wort...@damascusgrp.com>> wrote: > > > > Spot on. It was a fresh install of F17 and I neglected to # yum > > update first. I've done so, rebooted, and am trying again with > > better results. > > > > > > On Wed, Oct 17, 2012 at 1:45 PM, John Dennis <jden...@redhat.com > > <mailto:jden...@redhat.com>> wrote: > > > > On 10/17/2012 12:40 PM, Bret Wortman wrote: > > > > I recently tried installing freeipa on a new server, but > > ipa-server-install had problems around this point: > > > > Configuring certificate server: Estimated time 3 minutes 30 > > seconds > > [1/18]: creating certificate server user > > [2/18]: creating pki-ca instance > > [3/18]: configuring certificate server instance > > ipa : CRITICAL failed to configure ca instance Command > > '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname > > fs1.wedgeofli.me <http://fs1.wedgeofli.me> > > <http://fs1.wedgeofli.me> -cs_port 9445 > > > > -client_certdb_dir /tmp/tmp-UvBMbL -client_certdb_pwd XXXXXXXX > > -preop_pin HHxKHUz5RRfzQ3OkFMlR -domain_name IPA -admin_user > > admin > > -admin_email root@localhost -admin_XXXXXXXX XXXXXXXX -agent_name > > ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa > > -agent_cert_subject CN=ipa-ca-agent,O=WEDGEOFLI.ME > > <http://WEDGEOFLI.ME> <http://WEDGEOFLI.ME> > > -ldap_host fs1.wedgeofli.me <http://fs1.wedgeofli.me> > > <http://fs1.wedgeofli.me> -ldap_port 7389 > > > > -bind_dn cn=Directory Manager -bind_XXXXXXXX XXXXXXXX > > -base_dn o=ipaca > > -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm > > SHA256withRSA > > -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad > > -token_name > > internal -ca_subsystem_cert_subject___name CN=CA > > Subsystem,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME> > > <http://WEDGEOFLI.ME> -ca_ocsp_cert_subject_name CN=OCSP > > Subsystem,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME> > > <http://WEDGEOFLI.ME> > > -ca_server_cert_subject_name CN=fs1.wedgeofli.me > > <http://fs1.wedgeofli.me> > > <http://fs1.wedgeofli.me>,O=WE__DGEOFLI.ME > > <http://WEDGEOFLI.ME> <http://WEDGEOFLI.ME> > > -ca_audit_signing_cert___subject_name CN=CA > > Audit,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME> > > <http://WEDGEOFLI.ME> -ca_sign_cert_subject_name CN=Certificate > > Authority,O=WEDGEOFLI.ME <http://WEDGEOFLI.ME> > > <http://WEDGEOFLI.ME> -external false -clone > > > > false' returned non-zero exit status 255 > > Unexpected error - see ipaserver-install.log for details: > > Configuration of CA failed > > [root@fs1 ~]# > > > > The logfile revealed the following stack trace: > > > > ##############################__############### > > Attempting to connect to: fs1.wedgeofli.me:9445 > > <http://fs1.wedgeofli.me:9445> > > <http://fs1.wedgeofli.me:9445> > > > > Exception in LoginPanel(): java.lang.NullPointerException > > ERROR: ConfigureCA: LoginPanel() failure > > ERROR: unable to create CA > > > > ##############################__##############################__########### > > > > 2012-10-17T16:24:53Z DEBUG stderr=Exception: Unable to Send > > Request:java.net <http://java.net>.__ConnectException: > > Connection refused > > java.net.ConnectException: Connection refused > > at java.net.PlainSocketImpl.__socketConnect(Native Method) > > at > > java.net > > <http://java.net>.__AbstractPlainSocketImpl.__doConnect(__AbstractPlainSocketImpl.java:__339) > > at > > java.net > > <http://java.net>.__AbstractPlainSocketImpl.__connectToAddress(__AbstractPlainSocketImpl.java:__200) > > at > > java.net > > <http://java.net>.__AbstractPlainSocketImpl.__connect(__AbstractPlainSocketImpl.java:__182) > > at > > java.net.SocksSocketImpl.__connect(SocksSocketImpl.java:__391) > > at java.net.Socket.connect(__Socket.java:579) > > at java.net.Socket.connect(__Socket.java:528) > > at java.net.Socket.<init>(Socket.__java:425) > > at java.net.Socket.<init>(Socket.__java:241) > > at HTTPClient.sslConnect(__HTTPClient.java:326) > > at ConfigureCA.LoginPanel(__ConfigureCA.java:244) > > at ConfigureCA.__ConfigureCAInstance(__ConfigureCA.java:1157) > > at ConfigureCA.main(ConfigureCA.__java:1672) > > java.lang.NullPointerException > > at ConfigureCA.LoginPanel(__ConfigureCA.java:245) > > at ConfigureCA.__ConfigureCAInstance(__ConfigureCA.java:1157) > > at ConfigureCA.main(ConfigureCA.__java:1672) > > > > Now I seem to be stuck. I tried uninstalling the > > freeipa-server package > > with # yum remove freeipa-server and then reinstalled it the > > same way, > > but ipa-server-install won't run no matter what I attempt. > > > > Any thoughts? I'm pretty new to IPA. > > > > > > There is a good chance this is due to a version mismatch between > > the IPA packages and the dogtag packages. You didn't mention > > which OS you're using nor the versions of the relevant packages, > > that would have been helpful. In any event I would make sure all > > your packages are up to date. > > > > > > -- > > John Dennis <jden...@redhat.com <mailto:jden...@redhat.com>> > > > > > > Looking to carve out IT costs? > > www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/> > > > > > > > > > > -- > > Bret Wortman > > The Damascus Group > > Fairfax, VA > > http://bretwortman.com/ > > http://twitter.com/BretWortman > > > > > > > > > > -- > > Bret Wortman > > The Damascus Group > > Fairfax, VA > > http://bretwortman.com/ > > http://twitter.com/BretWortman > > > > > > > > _______________________________________________ > > Freeipa-users mailing list > > Freeipa-users@redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users