Dan Scott wrote:
Hi,

On Fri, Jun 24, 2011 at 14:00, Rob Crittenden<rcrit...@redhat.com>  wrote:
Dan Scott wrote:
I've just installed Fedora 15 onto a VM, configured networking and run
the ipa-server-install script - the installation fails with the error:

Configuring ntpd
   [1/4]: stopping ntpd
   [2/4]: writing configuration
   [3/4]: configuring ntpd to start on boot
   [4/4]: starting ntpd
done configuring ntpd.
Configuring directory server for the CA: Estimated time 30 seconds
   [1/3]: creating directory server user
   [2/3]: creating directory server instance
root        : CRITICAL failed to restart ds instance Command
'/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmplNsX1T'
returned non-zero exit status 1
   [3/3]: restarting directory server
root        : CRITICAL Failed to restart the directory server. See the
installation log for details.

Logfile is attached.

Can anyone help with this? It looks like it's failing to
start/configure the dirsrv service. Is it possible that it's
conflicting with my existing FreeIPA 1.2.x servers elsewhere on the
network?

Thanks,

Dan Scott

There has recently been an SELinux problem on F-15 that has affected 389-ds
installation. Can you see if there are any AVCS for ns-slapd in
/var/log/audit/audit.log?

rob


That seems to be the problem, thanks.

[root@pc51 ~]# grep denied /var/log/audit/audit.log
type=AVC msg=audit(1308936867.797:102): avc:  denied  { read } for
pid=8274 comm="ns-slapd" name="lock" dev=dm-1 ino=1307
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
type=AVC msg=audit(1308937468.228:103): avc:  denied  { read } for
pid=8323 comm="ns-slapd" name="lock" dev=dm-1 ino=1307
scontext=unconfined_u:system_r:dirsrv_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
[root@pc51 ~]# grep denied /var/log/audit/audit.log|audit2allow


#============= dirsrv_t ==============
allow dirsrv_t var_t:lnk_file read;
[root@pc51 ~]#

I had a quick look through bugzilla, and didn't find a bug related to
this. Do I need to file one? Or is it all OK?

Thanks,

Dan

The bug is https://bugzilla.redhat.com/show_bug.cgi?id=696819 which is modified, you may want to see if there is a pending fix in updates-testing.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to