Dale Macartney wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/01/2013 11:42 PM, Rob Crittenden wrote:
Dale Macartney wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/29/2012 06:38 PM, Rob Crittenden wrote:
Dale Macartney wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Afternoon all
using Fedora 18 Beta and attempting to install FreeIPA 3.1
when running through the install of "ipa-server-install --setup-dns" I
end up with a failure with the below output
[root@ds01 ~]# ipa-server-install --setup-dns
.....
.....
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
30 seconds
[1/20]: creating certificate server user
[2/20]: configuring certificate server instance
[3/20]: disabling nonces
[4/20]: creating RA agent certificate database
[5/20]: importing CA chain to RA certificate database
[6/20]: fixing RA database permissions
[7/20]: setting up signing cert profile
[8/20]: set up CRL publishing
[9/20]: set certificate subject base
[10/20]: enabling Subject Key Identifier
[11/20]: enabling CRL and OCSP extensions for certificates
[12/20]: setting audit signing renewal to 2 years
[13/20]: configuring certificate server to start on boot
[14/20]: restarting certificate server
[15/20]: requesting RA certificate from CA
[16/20]: issuing RA agent certificate
Unexpected error - see /var/log/ipaserver-install.log for details:
CalledProcessError: Command '/usr/bin/sslget -v -n ipa-ca-agent -p
XXXXXXXX -d /tmp/tmp-kUFAyN -r /ca/agent/ca/profileReview?requestId=7
ds01.domain.com:8443' returned non-zero exit status 6
there is absolutely nothing in any logs at all apart from a few selinux
audit logs (system running in permissive mode).
Any thoughts?
This usually means a problem with DNS.
Hmm... normally I set a dns forwarder of 10.0.0.254... This time I tried
it with no forwarder at all... Same error occurs...
Not really sure. The errors out of sslget are not particularly helpful.
I'd check /etc/hosts to be sure it is sane, and perhaps dig/host to be
sure that the forward and reverse entries match up.
that'll teach me for using non-kickstarted systems...
error is caused by mis or unconfigured /etc/hosts
It's hard to programmatically check for some things but I was pretty
sure we did some /etc/hosts sanity checking. What was the problem, and I
guess more importantly, is it something we can/should check for prior to
starting the install?
thanks
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
