On 10/5/2015 8:47 AM, Simo Sorce wrote:
2. The second attempt after re-enrolling client resulted in the error of
CA installation:

Starting replication, please wait until this has completed.
Update in progress, 7 seconds elapsed
Update succeeded

   [4/24]: creating installation admin user
   [5/24]: setting up certificate server
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f'
'/tmp/tmpHAJVFG'' returned non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the
installation logs and the following files/directories for more
information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki-ca-install.log
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki/pki-tomcat
   [error] RuntimeError: CA configuration failed.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    CA
configuration failed.

This is due to the known bug with authentication in Dogtag. Endy fixed
it upstream.

Endy,
do you know when the bug will be released in a package we can use for
testing ?

Here is the bug: https://fedorahosted.org/pki/ticket/1580

I don't think we're ready for a Dogtag 10.3 build, so we may need to cherry-pick it to 10.2.x. I'll check with Matt.

--
Endi S. Dewata

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to