Re: [Freeipa-users] Problem to install FreeIPA Server 3.0 on a RedHat 6.4
Hello everyone. I modified the /etc/selinux/config file : # # This file controls the state of SELinux on the system. # SELINUX=disabled # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=permissive # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted # Then I rebooted. # reboot # Here is the result of getenforce : # Permissive # I removed the ipa-server that I had and I tried te 3.0.0-42 : # yum install ipa-server-3.0.0-42.el6.x86_64 Loaded plugins: security Setting up Install Process Resolving Dependencies -- Running transaction check --- Package ipa-server.x86_64 0:3.0.0-42.el6 will be installed -- Processing Dependency: ipa-client = 3.0.0-42.el6 for package: ipa-server-3.0.0-42.el6.x86_64 -- Processing Dependency: ipa-admintools = 3.0.0-42.el6 for package: ipa-server-3.0.0-42.el6.x86_64 -- Processing Dependency: ipa-python = 3.0.0-42.el6 for package: ipa-server-3.0.0-42.el6.x86_64 -- Processing Dependency: ipa-server-selinux = 3.0.0-42.el6 for package: ipa-server-3.0.0-42.el6.x86_64 -- Running transaction check --- Package ipa-admintools.x86_64 0:3.0.0-42.el6 will be installed --- Package ipa-client.x86_64 0:3.0.0-42.el6 will be installed --- Package ipa-python.x86_64 0:3.0.0-42.el6 will be installed --- Package ipa-server-selinux.x86_64 0:3.0.0-42.el6 will be installed -- Finished Dependency Resolution Dependencies Resolved == Package Arch VersionRepository Size == Installing: ipa-serverx86_64 3.0.0-42.el6 standard1.1 M Installing for dependencies: ipa-admintoolsx86_64 3.0.0-42.el6 standard 67 k ipa-clientx86_64 3.0.0-42.el6 standard145 k ipa-pythonx86_64 3.0.0-42.el6 standard928 k ipa-server-selinuxx86_64 3.0.0-42.el6 standard 66 k Transaction Summary == Install 5 Package(s) Total download size: 2.3 M Installed size: 9.2 M Is this ok [y/N]: y Downloading Packages: (1/5): ipa-admintools-3.0.0-42.el6.x86_64.rpm | 67 kB 00:00 (2/5): ipa-client-3.0.0-42.el6.x86_64.rpm | 145 kB 00:00 (3/5): ipa-python-3.0.0-42.el6.x86_64.rpm | 928 kB 00:00 (4/5): ipa-server-3.0.0-42.el6.x86_64.rpm | 1.1 MB 00:00 (5/5): ipa-server-selinux-3.0.0-42.el6.x86_64.rpm | 66 kB 00:00 -- Total 6.8 MB/s | 2.3 MB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : ipa-python-3.0.0-42.el6.x86_64 1/5 Installing : ipa-client-3.0.0-42.el6.x86_64 2/5 Installing : ipa-admintools-3.0.0-42.el6.x86_64 3/5 Installing : ipa-server-3.0.0-42.el6.x86_64 4/5 Installing : ipa-server-selinux-3.0.0-42.el6.x86_64 5/5 libsepol.print_missing_requirements: ipa_dogtag's global requirements were not met: type/attribute pki_ca_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! Verifying : ipa-server-3.0.0-42.el6.x86_64 1/5 Verifying : ipa-server-selinux-3.0.0-42.el6.x86_64 2/5 Verifying : ipa-python-3.0.0-42.el6.x86_64 3/5 Verifying : ipa-client-3.0.0-42.el6.x86_64 4/5 Verifying : ipa-admintools-3.0.0-42.el6.x86_64 5/5 Installed: ipa-server.x86_64 0:3.0.0-42.el6 Dependency Installed: ipa-admintools.x86_64 0:3.0.0-42.el6 ipa-client.x86_64 0:3.0.0-42.el6 ipa-python.x86_64 0:3.0.0-42.el6 ipa-server-selinux.x86_64 0:3.0.0-42.el6 Complete! # The errors linked with dogtag is still there. Now, when I
Re: [Freeipa-users] Problem to install FreeIPA Server 3.0 on a RedHat 6.4
bahan w wrote: Hello everyone. I modified the /etc/selinux/config file : # # This file controls the state of SELinux on the system. # SELINUX=disabled # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=permissive # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted # Then I rebooted. # reboot # Here is the result of getenforce : # Permissive # I removed the ipa-server that I had and I tried te 3.0.0-42 : # yum install ipa-server-3.0.0-42.el6.x86_64 Loaded plugins: security Setting up Install Process Resolving Dependencies -- Running transaction check --- Package ipa-server.x86_64 0:3.0.0-42.el6 will be installed -- Processing Dependency: ipa-client = 3.0.0-42.el6 for package: ipa-server-3.0.0-42.el6.x86_64 -- Processing Dependency: ipa-admintools = 3.0.0-42.el6 for package: ipa-server-3.0.0-42.el6.x86_64 -- Processing Dependency: ipa-python = 3.0.0-42.el6 for package: ipa-server-3.0.0-42.el6.x86_64 -- Processing Dependency: ipa-server-selinux = 3.0.0-42.el6 for package: ipa-server-3.0.0-42.el6.x86_64 -- Running transaction check --- Package ipa-admintools.x86_64 0:3.0.0-42.el6 will be installed --- Package ipa-client.x86_64 0:3.0.0-42.el6 will be installed --- Package ipa-python.x86_64 0:3.0.0-42.el6 will be installed --- Package ipa-server-selinux.x86_64 0:3.0.0-42.el6 will be installed -- Finished Dependency Resolution Dependencies Resolved == Package Arch VersionRepository Size == Installing: ipa-serverx86_64 3.0.0-42.el6 standard1.1 M Installing for dependencies: ipa-admintoolsx86_64 3.0.0-42.el6 standard 67 k ipa-clientx86_64 3.0.0-42.el6 standard145 k ipa-pythonx86_64 3.0.0-42.el6 standard928 k ipa-server-selinuxx86_64 3.0.0-42.el6 standard 66 k Transaction Summary == Install 5 Package(s) Total download size: 2.3 M Installed size: 9.2 M Is this ok [y/N]: y Downloading Packages: (1/5): ipa-admintools-3.0.0-42.el6.x86_64.rpm | 67 kB 00:00 (2/5): ipa-client-3.0.0-42.el6.x86_64.rpm | 145 kB 00:00 (3/5): ipa-python-3.0.0-42.el6.x86_64.rpm | 928 kB 00:00 (4/5): ipa-server-3.0.0-42.el6.x86_64.rpm | 1.1 MB 00:00 (5/5): ipa-server-selinux-3.0.0-42.el6.x86_64.rpm | 66 kB 00:00 -- Total 6.8 MB/s | 2.3 MB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : ipa-python-3.0.0-42.el6.x86_64 1/5 Installing : ipa-client-3.0.0-42.el6.x86_64 2/5 Installing : ipa-admintools-3.0.0-42.el6.x86_64 3/5 Installing : ipa-server-3.0.0-42.el6.x86_64 4/5 Installing : ipa-server-selinux-3.0.0-42.el6.x86_64 5/5 libsepol.print_missing_requirements: ipa_dogtag's global requirements were not met: type/attribute pki_ca_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! Verifying : ipa-server-3.0.0-42.el6.x86_64 1/5 Verifying : ipa-server-selinux-3.0.0-42.el6.x86_64 2/5 Verifying : ipa-python-3.0.0-42.el6.x86_64 3/5 Verifying : ipa-client-3.0.0-42.el6.x86_64 4/5 Verifying : ipa-admintools-3.0.0-42.el6.x86_64 5/5 Installed: ipa-server.x86_64 0:3.0.0-42.el6 Dependency Installed: ipa-admintools.x86_64 0:3.0.0-42.el6 ipa-client.x86_64 0:3.0.0-42.el6 ipa-python.x86_64 0:3.0.0-42.el6 ipa-server-selinux.x86_64 0:3.0.0-42.el6 Complete! # The errors linked with
Re: [Freeipa-users] Problem to install FreeIPA Server 3.0 on a RedHat 6.4
@bahan Could you also send the output of getenforce as well, just to make sure that selinux is permissive and persisting beyond reboots. Cheers Sam On 30 May 2015 1:10 pm, Lukas Slebodnik lsleb...@redhat.com wrote: On (29/05/15 18:56), bahan w wrote: Hm. @Jakub : I cannot upgrade, because I am not the hosting provider managing this VM unfortunately. I need to make it work with RHEL 6.4. @Sam : Selinux is deactivated : cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX=disabled # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled We do not test with disabled SELinux. Could you try with permissive ? LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Problem to install FreeIPA Server 3.0 on a RedHat 6.4
On (29/05/15 18:56), bahan w wrote: Hm. @Jakub : I cannot upgrade, because I am not the hosting provider managing this VM unfortunately. I need to make it work with RHEL 6.4. @Sam : Selinux is deactivated : cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX=disabled # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled We do not test with disabled SELinux. Could you try with permissive ? LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Problem to install FreeIPA Server 3.0 on a RedHat 6.4
Hm. @Jakub : I cannot upgrade, because I am not the hosting provider managing this VM unfortunately. I need to make it work with RHEL 6.4. @Sam : Selinux is deactivated : cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX=disabled # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted Best regards. Bahan On Fri, May 29, 2015 at 6:39 PM, s...@zy.io wrote: Seem to be a fair few things implicating selinux there. Have you got it set to enforcing mode? If so, have you set any particular policy that may be angered by this? Sam May 29 2015 5:37 PM, bahan w bahanw042...@gmail.com %22bahan%20w%22%20%3cbahanw042...@gmail.com%3E wrote: Hello everyone. I send you this mail because I have a problem with the installation of FreeIPA Server 3.0 on a VM running on RHEL 6.4. First, when I performed the yum install ipa-server, I got an error but the installation finished finally with a complete. Here it is : === Install 4 Package(s) Total download size: 1.4 M Installed size: 4.6 M Is this ok [y/N]: y Downloading Packages: (1/4): ipa-admintools-3.0.0-42.el6.x86_64.rpm | 67 kB 00:00 (2/4): ipa-client-3.0.0-42.el6.x86_64.rpm | 145 kB 00:00 (3/4): ipa-server-3.0.0-42.el6.x86_64.rpm | 1.1 MB 00:00 (4/4): ipa-server-selinux-3.0.0-42.el6.x86_64.rpm | 66 kB 00:00 --- Total 7.3 MB/s | 1.4 MB 00:00 Total 7.3 MB/s | 1.4 MB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : ipa-client-3.0.0-42.el6.x86_64 1/4 Installing : ipa-admintools-3.0.0-42.el6.x86_64 2/4 Installing : ipa-server-3.0.0-42.el6.x86_64 3/4 Installing : ipa-server-selinux-3.0.0-42.el6.x86_64 4/4 libsepol.print_missing_requirements: ipa_dogtag's global requirements were not met: type/attribute pki_ca_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! Verifying : ipa-server-3.0.0-42.el6.x86_64 1/4 Verifying : ipa-server-selinux-3.0.0-42.el6.x86_64 2/4 Verifying : ipa-client-3.0.0-42.el6.x86_64 3/4 Verifying : ipa-admintools-3.0.0-42.el6.x86_64 Installed: ipa-server.x86_64 0:3.0.0-42.el6 Dependency Installed: ipa-admintools.x86_64 0:3.0.0-42.el6 ipa-client.x86_64 0:3.0.0-42.el6 ipa-server-selinux.x86_64 0:3.0.0-42.el6 Complete! Are these two errors blocking in order to use FreeIPA Server ? Or is it fine ? libsepol.print_missing_requirements: ipa_dogtag's global requirements were not met: type/attribute pki_ca_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! Furthermore, when I try a ipa-server-install, I got also an error message during step Configuring directory server (dirsrv): Estimated time 1 minute [1/38]: creating directory server user [2/38]: creating directory server instance ipa : CRITICAL failed to create ds instance Command '/usr/sbin/ setup-ds.pl --silent --logfile - -f /tmp/tmpPamNs8' returned non-zero exit status 1 And when I checked in the log, here is what I see Here is the message I see : 2015-05-29T15:56:49Z DEBUG calling setup-ds.pl 4944 2015-05-29T15:56:49Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpkCAtzh 4945 2015-05-29T15:56:49Z DEBUG stdout=[15/05/29:17:56:49] - [Setup] Info Could not import LDIF file '/var/lib/dirsrv/boot.ldif'. Error: 32256. Output: sh: /var/lib/dirsrv/scripts-MyRealm/ldif2db: Permission denied 4946 4947 Could not import LDIF file '/var/lib/dirsrv/boot.ldif'. Error: 32256. Output: sh: /var/lib/dirsrv/scripts-MyRealm/ldif2db: Permission denied 4948 4949 [15/05/29:17:56:49] - [Setup] Fatal Error: Could not create directory server instance 'MyRealm'. 4950 Error: Could not create directory server instance 'MyRealm'. 4951 [15/05/29:17:56:49] - [Setup] Fatal Exiting . . . When I check the perm on the folders, everything is fine : ls -ld /var/lib/dirsrv/ drwxrwxr-x 5 root dirsrv 4096 May 29 18:19
Re: [Freeipa-users] Problem to install FreeIPA Server 3.0 on a RedHat 6.4
On Fri, May 29, 2015 at 06:25:24PM +0200, bahan w wrote: Hello everyone. I send you this mail because I have a problem with the installation of FreeIPA Server 3.0 on a VM running on RHEL 6.4. This is really old, please upgrade if you can, ideally to RHEL-7. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Problem to install FreeIPA Server 3.0 on a RedHat 6.4
Hello everyone. I send you this mail because I have a problem with the installation of FreeIPA Server 3.0 on a VM running on RHEL 6.4. First, when I performed the yum install ipa-server, I got an error but the installation finished finally with a complete. Here it is : === Install 4 Package(s) Total download size: 1.4 M Installed size: 4.6 M Is this ok [y/N]: y Downloading Packages: (1/4): ipa-admintools-3.0.0-42.el6.x86_64.rpm | 67 kB 00:00 (2/4): ipa-client-3.0.0-42.el6.x86_64.rpm | 145 kB 00:00 (3/4): ipa-server-3.0.0-42.el6.x86_64.rpm | 1.1 MB 00:00 (4/4): ipa-server-selinux-3.0.0-42.el6.x86_64.rpm | 66 kB 00:00 --- Total 7.3 MB/s | 1.4 MB 00:00 Total 7.3 MB/s | 1.4 MB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : ipa-client-3.0.0-42.el6.x86_64 1/4 Installing : ipa-admintools-3.0.0-42.el6.x86_64 2/4 Installing : ipa-server-3.0.0-42.el6.x86_64 3/4 Installing : ipa-server-selinux-3.0.0-42.el6.x86_64 4/4 libsepol.print_missing_requirements: ipa_dogtag's global requirements were not met: type/attribute pki_ca_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! Verifying : ipa-server-3.0.0-42.el6.x86_64 1/4 Verifying : ipa-server-selinux-3.0.0-42.el6.x86_64 2/4 Verifying : ipa-client-3.0.0-42.el6.x86_64 3/4 Verifying : ipa-admintools-3.0.0-42.el6.x86_64 Installed: ipa-server.x86_64 0:3.0.0-42.el6 Dependency Installed: ipa-admintools.x86_64 0:3.0.0-42.el6 ipa-client.x86_64 0:3.0.0-42.el6 ipa-server-selinux.x86_64 0:3.0.0-42.el6 Complete! Are these two errors blocking in order to use FreeIPA Server ? Or is it fine ? libsepol.print_missing_requirements: ipa_dogtag's global requirements were not met: type/attribute pki_ca_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! Furthermore, when I try a ipa-server-install, I got also an error message during step Configuring directory server (dirsrv): Estimated time 1 minute [1/38]: creating directory server user [2/38]: creating directory server instance ipa : CRITICAL failed to create ds instance Command '/usr/sbin/ setup-ds.pl --silent --logfile - -f /tmp/tmpPamNs8' returned non-zero exit status 1 And when I checked in the log, here is what I see Here is the message I see : 2015-05-29T15:56:49Z DEBUG calling setup-ds.pl 4944 2015-05-29T15:56:49Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpkCAtzh 4945 2015-05-29T15:56:49Z DEBUG stdout=[15/05/29:17:56:49] - [Setup] Info Could not import LDIF file '/var/lib/dirsrv/boot.ldif'. Error: 32256. Output: sh: /var/lib/dirsrv/scripts-MyRealm/ldif2db: Permission denied 4946 4947 Could not import LDIF file '/var/lib/dirsrv/boot.ldif'. Error: 32256. Output: sh: /var/lib/dirsrv/scripts-MyRealm/ldif2db: Permission denied 4948 4949 [15/05/29:17:56:49] - [Setup] Fatal Error: Could not create directory server instance 'MyRealm'. 4950 Error: Could not create directory server instance 'MyRealm'. 4951 [15/05/29:17:56:49] - [Setup] Fatal Exiting . . . When I check the perm on the folders, everything is fine : ls -ld /var/lib/dirsrv/ drwxrwxr-x 5 root dirsrv 4096 May 29 18:19 /var/lib/dirsrv/ ls -l /var/lib/dirsrv/ drwxrwx--- 2 dirsrv dirsrv 4096 May 29 18:19 scripts-MYREALM drwxrwx--- 5 dirsrv dirsrv 4096 May 29 18:19 slapd-MYREALM drwxrwx--- 5 pkisrv dirsrv 4096 May 29 18:18 slapd-PKI-IPA ls -l /var/lib/dirsrv/scripts-MYREALM/ -r-xr-x--- 1 dirsrv dirsrv 1212 May 29 18:19 bak2db -r-xr-x--- 1 dirsrv dirsrv 5661 May 29 18:19 bak2db.pl -r-xr-x--- 1 dirsrv dirsrv 6018 May 29 18:19 cleanallruv.pl -r-xr-x--- 1 dirsrv dirsrv 1134 May 29 18:19 db2bak -r-xr-x--- 1 dirsrv dirsrv 5397 May 29 18:19 db2bak.pl -r-xr-x--- 1 dirsrv dirsrv 759 May 29 18:19 db2index -r-xr-x--- 1 dirsrv dirsrv 8129 May 29 18:19 db2index.pl -r-xr-x--- 1 dirsrv dirsrv 2053 May 29 18:19 db2ldif -r-xr-x--- 1 dirsrv dirsrv 10093 May 29 18:19 db2ldif.pl -r-xr-x--- 1 dirsrv dirsrv 932 May 29 18:19 dbverify -r-xr-x--- 1 dirsrv dirsrv 499 May 29 18:19 dn2rdn -r-xr-x--- 1 dirsrv dirsrv 5560 May 29 18:19 fixup-linkedattrs.pl -r-xr-x--- 1 dirsrv dirsrv 5896 May 29 18:19 fixup-memberof.pl -r-xr-x--- 1 dirsrv dirsrv 729 May 29 18:19 ldif2db -r-xr-x--- 1 dirsrv dirsrv 8826 May 29 18:19