On 11/01/18 18:55, Florence Blanc-Renaud wrote:
then the problem you are seeing is probably BZ 14852017 [RFE] If the umask is too restrictive the installation won't work [1]

Did you install the master with a umask different from 022? In this case, some configuration files are probably not accessible by non-root user, and the httpd server - running as apache - cannot read files needed to establish the secure connection to dogtag.

You can try to change the permissions for /etc/ipa/ca.crt and /var/lib/ipa/ra-agent.{key|pem} on the master:
$ chmod 444 /etc/ipa/ca.crt
$ chmod 440 /var/lib/ipa/ra-agent.*

and re-try the replica installation.


I'm double posting.. beware
Jesus freaking Christ.. (this comes after I produced a whole litany of of bad words in my own language), sorry.
It almost drove me insane! no, really!

all these problems, all these errors, all because of my root's umask 027 Now having replica installed, I'll see how two servers behave in my simple domain.

Guys, make it a very first check in installer code and make that installer fail, and.. push out a new release with that little fix like... yesterday(do not wait till it's properly fixed) You can still save lives!
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to