[Bug 997990] Re: fail joining to a freeipa server with ipa-client-install

pasqual milvaques Mon, 14 May 2012 01:20:53 -0700

I have enabled ssl3 in the server with this order:
ldapmodify -D "cn=directory manager" -W -p 389 -h localhost -x


dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on

exit

restarted the server with ipactl restart and now the command ipa-client-install 
initiates the joining to the domain but there is a new problem, the command 
crashes with this lines:
New SSSD config will be created.
root        : INFO     New SSSD config will be created
Configured /etc/sssd/sssd.conf
root        : DEBUG    args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t 
CT,C,C -a -i /etc/ipa/ca.crt
root        : DEBUG    stdout=
root        : DEBUG    stderr=certutil: function failed: security library: bad 
database.

Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 1292, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 1279, in main
    rval = install(options, env, fstore, statestore)
  File "/usr/sbin/ipa-client-install", line 1124, in install
    run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", 
"-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"])
  File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in run
    raise CalledProcessError(p.returncode, args)
subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d /etc/pki/nssdb 
-n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255
pasqual@ubuntuprovesfreeipa:~$

the problem is that the system nss database doesn't exist in a new system. I 
can create it with the commands:
mkdir -p /etc/pki/nssdb
certutil -N -d /etc/pki/nssdb

but asks for a password. there are some obscure referencies about using
a password file called pwdfile.txt that resides in the server but I'm
not sure with what to do now. any idea?

thanks

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/997990

Title:
  fail joining to a freeipa server with ipa-client-install

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/997990/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 997990] Re: fail joining to a freeipa server with ipa-client-install

Reply via email to