Steve Dainard wrote:
Following this guide:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html
STEP 4:
ipa-server-install --setup-dns -p '<password>' -a '<password>' -r
MIOVISION.LINUX -n miovision.linux --hostname ipa1.miovision.linux
--forwarder=10.0.0.2 --forwarder=10.0.0.5
Server host name [ipa1.miovision.linux]:
Warning: skipping DNS resolution of host ipa1.miovision.linux
Unable to resolve IP address for host name
Please provide the IP address to be used for this host name: 10.0.6.3
Adding [10.0.6.3 ipa1.miovision.linux] to your /etc/hosts file
Do you want to configure the reverse zone? [yes]:
Please specify the reverse zone name [6.0.10.in-addr.arpa.]:
Using reverse zone 6.0.10.in-addr.arpa.
The IPA Master Server will be configured with:
Hostname: ipa1.miovision.linux
IP address: 10.0.6.3
Domain name: miovision.linux
Realm name: MIOVISION.LINUX
BIND DNS server will be configured to serve IPA domain with:
Forwarders: 10.0.0.2, 10.0.0.5
Reverse zone: 6.0.10.in-addr.arpa.
Continue to configure the system with these values? [no]: yes
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
...
Done configuring directory server (dirsrv).
Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds
[1/10]: adding sasl mappings to the directory
[2/10]: adding kerberos container to the directory
[3/10]: configuring KDC
[4/10]: initialize kerberos container
Failed to initialize the realm container
[5/10]: adding default ACIs
[6/10]: creating a keytab for the directory
Unexpected error - see /var/log/ipaserver-install.log for details:
CalledProcessError: Command 'kadmin.local -q addprinc -randkey
ldap/ipa1.miovision.linux@MIOVISION.LINUX -x
ipa-setup-override-restrictions' returned non-zero exit status 1
*/var/log/ipaserver-install.log*
add aci:
(target="ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc=miovision,dc=linux")(targetattr="userCertificate")(version
3.0; acl "Modify CA Certificates for renewals"; allow(write) userdn =
"ldap:///fqdn=ipa1.miovision.linux,cn=computers,cn=accounts,dc=miovision,dc=linux";)
modifying entry "cn=ipa,cn=etc,dc=miovision,dc=linux"
modify complete
2014-02-04T20:45:51Z DEBUG stderr=ldap_initialize(
ldapi://%2Fvar%2Frun%2Fslapd-MIOVISION-LINUX.socket/??base )
2014-02-04T20:45:51Z DEBUG duration: 6 seconds
2014-02-04T20:45:51Z DEBUG [6/10]: creating a keytab for the directory
2014-02-04T20:45:51Z DEBUG args=kadmin.local -q addprinc -randkey
ldap/ipa1.miovision.linux@MIOVISION.LINUX -x ipa-setup-override-restrictions
2014-02-04T20:45:51Z DEBUG stdout=Authenticating as principal
root/admin@MIOVISION.LINUX with password.
2014-02-04T20:45:51Z DEBUG stderr=kadmin.local: No such entry in the
database while initializing kadmin.local interface
2014-02-04T20:45:51Z INFO File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py",
line 614, in run_script
return_value = main_function()
File "/usr/sbin/ipa-server-install", line 1024, in main
subject_base=options.subject)
File
"/usr/lib/python2.6/site-packages/ipaserver/install/krbinstance.py",
line 183, in create_instance
self.start_creation(runtime=30)
File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py",
line 358, in start_creation
method()
File
"/usr/lib/python2.6/site-packages/ipaserver/install/krbinstance.py",
line 386, in __create_ds_keytab
installutils.kadmin_addprinc(ldap_principal)
File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py",
line 369, in kadmin_addprinc
kadmin("addprinc -randkey " + principal)
File
"/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py",
line 366, in kadmin
"-x", "ipa-setup-override-restrictions"])
File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line
316, in run
raise CalledProcessError(p.returncode, args)
2014-02-04T20:45:51Z INFO The ipa-server-install command failed,
exception: CalledProcessError: Command 'kadmin.local -q addprinc
-randkey ldap/ipa1.miovision.linux@MIOVISION.LINUX -x
ipa-setup-override-restrictions' returned non-zero exit status 1
Steve sent me the logs out-of-band. I think the problem is an earlier
failure after generating the master key:
2014-02-04T20:45:45Z DEBUG args=kdb5_util create -s -r MIOVISION.LINUX
-x ipa-setup-override-restrictions
2014-02-04T20:45:45Z DEBUG stdout=Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm
'MIOVISION.LINUX',
master key name 'K/M@MIOVISION.LINUX'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
2014-02-04T20:45:45Z DEBUG stderr=kdb5_util: add.c:124: ldap_add_ext:
Assertion `ld != ((void *)0)' failed.
What version of krb5_server is installed? Does /var/log/messages
indicate a segfault? Are there any failures in
/var/log/dirsrv/slapd-MIOVISION-LINUX/errors?
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users