On 06/03/2011 05:09 PM, Stamper, Brian P. (ARC-D)[Logyx LLC] wrote:
> I initially started testing with FreeIPA on Fedora 15, using ipa 2.x.
>  The server install went smoothly, however I was unable to add clients
> due to lack of backward compatibility, since ipa 2.x isn't available
> for most of the systems I manage.
>
> I decided to rebuild the test ipa server.  I build a fresh Fedora 13
> system and installed the yum packages.  Initially the ipa server
> installed without errors.  However they were some issues.  It hadn't
> configured httpd to autostart, and when I did start httpd, I was
> unable to get to the management UI.  Attempting to kinit would pause
> for ~10-15 seconds before requesting a password.  I was able to get
> the ticket.  Attempting to then reach the website, after configuring
> firefox and importing the certs, resulted in the "Service temporarily
> unavailable" error.  All of this seemed to indicate a problem with the
> hosts file, but checking it multiple times, as well as checking all
> variations of name resolution indicated nothing.
>
> I decided to reinstall to try to fix the kerb oddness and hopefully
> get to the website gui.  I ran ipa-server-install ---uninstall and
> attempted to reinstall, and got the following error:
>
> CRITICAL Failed to load bootstrap-template.ldif: Command
> '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w
> password --f /tmp/tmpe1aE3t' returned non-zero exit status 32
>
> Which led me to this bug, which was reported fixed in 2008:
> https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=448287
> <https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=448287>
>
> Here is an excerpt from the install log:
>
> 2011-06-02 12:40:02,619 DEBUG calling setup-ds.pl
> 2011-06-02 12:40:09,869 INFO [11/06/02:12:40:09] - [Setup] Info Could
> not import LDIF file '/var/lib/dirsrv/boot.ldif'.  Error: 59648.
>  Output: importing data ...
> [02/Jun/2011:12:40:03 -0700] - WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to
> access the database
> [02/Jun/2011:12:40:03 -0700] - check_and_set_import_cache: pagesize:
> 4096, pages: 997331, procpages: 49464
> [02/Jun/2011:12:40:03 -0700] - Import allocates 1595728KB import cache.
> [02/Jun/2011:12:40:03 -0700] - import userRoot: Beginning import job...
> [02/Jun/2011:12:40:03 -0700] - import userRoot: Index buffering
> enabled with bucket size 100
> [02/Jun/2011:12:40:04 -0700] - import userRoot: Could not open LDIF
> file "/var/lib/dirsrv/boot.ldif", errno 13 (Permission denied)
> [02/Jun/2011:12:40:04 -0700] - import userRoot: Aborting all Import
> threads...
> [02/Jun/2011:12:40:09 -0700] - import userRoot: Import threads aborted.
> [02/Jun/2011:12:40:09 -0700] - import userRoot: Closing files...
> /var/lib/dirsrv/slapd-ARC-NASA-GOV/db/userRoot: No such file or directory
> [02/Jun/2011:12:40:09 -0700] - All database threads now stopped
> [02/Jun/2011:12:40:09 -0700] - import userRoot: Import failed.
>
> Could not import LDIF file '/var/lib/dirsrv/boot.ldif'.  Error: 59648.
>  Output: importing data ...
> [02/Jun/2011:12:40:03 -0700] - WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to
> access the database
> [02/Jun/2011:12:40:03 -0700] - check_and_set_import_cache: pagesize:
> 4096, pages: 997331, procpages: 49464
> [02/Jun/2011:12:40:03 -0700] - Import allocates 1595728KB import cache.
> [02/Jun/2011:12:40:03 -0700] - import userRoot: Beginning import job...
> [02/Jun/2011:12:40:03 -0700] - import userRoot: Index buffering
> enabled with bucket size 100
> [02/Jun/2011:12:40:04 -0700] - import userRoot: Could not open LDIF
> file "/var/lib/dirsrv/boot.ldif", errno 13 (Permission denied)
> [02/Jun/2011:12:40:04 -0700] - import userRoot: Aborting all Import
> threads...
> [02/Jun/2011:12:40:09 -0700] - import userRoot: Import threads aborted.
> [02/Jun/2011:12:40:09 -0700] - import userRoot: Closing files...
> /var/lib/dirsrv/slapd-ARC-NASA-GOV/db/userRoot: No such file or directory
> [02/Jun/2011:12:40:09 -0700] - All database threads now stopped
> [02/Jun/2011:12:40:09 -0700] - import userRoot: Import failed.
>
> [11/06/02:12:40:09] - [Setup] Fatal Error: Could not create directory
> server instance 'ARC-NASA-GOV'.
> Error: Could not create directory server instance 'ARC-NASA-GOV'.
> [11/06/02:12:40:09] - [Setup] Fatal Exiting . . .
> Log file is '-'
>
> Exiting . . .
> Log file is '-'
>
> 2011-06-02 12:40:09,870 INFO
> 2011-06-02 12:40:09,870 CRITICAL failed to restart ds instance Command
> '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpLtRn9j'
> returned non-zero exit status 1
> 2011-06-02 12:40:09,870 DEBUG restarting ds instance
> 2011-06-02 12:40:12,030 INFO Shutting down dirsrv:
>     ARC-NASA-GOV... server already stopped[FAILED]
>   *** Error: 1 instance(s) unsuccessfully stopped[FAILED]
> Starting dirsrv:
>     ARC-NASA-GOV...[  OK  ]
>
> All my attempts to re-install ipa-server now fail.  I've tried
> removing all 51 packages associated with ipa-server and re-installing
> them.  I've removed all 51 packages and deleted every file I could
> find associated with nscd, 389, ipa, sssd, etc.  I have been unable to
> return the system to a state that will allow a reinstall of
> ipa-server.  I upgraded the OS on the test system to Fedora 14 and
> reinstalled the packages, no change.
>
> Any advice would be appreciated.
Is it all on F13?
The IPA v2 can't be built on F13 as there are many dependencies missing
that we rely on. There are two many parts this is why we had to move to
the later versions of F15. We just did not have any options. So the
server you built might in fact be completely broken. I do not know how
to fix it. It looks like you have some instances of the DS left over in
a misconfigured state.

You can try running ipa-server-install --uninstall 4-5 times. That might
clear things a bit.

But let us get back to the original problem.
Freeipa can be used with the LDAP+Kerberos configuration on the clients.
You do not need to have latest and greatest.
There was a nice article referenced in some of the earlier threads on
the list:

http://www.aput.net/~jheiss/krbldap/howto.html

You can configure very old clients to use IPA as NIS server.
Let us know how else we can help.

Thanks
Dmitri

>
> -Brian
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to