Robert M. Albrecht wrote:
Hi,
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
[1/36]: creating directory server user
[2/36]: creating directory server instance
[3/36]: adding default schema
[4/36]: enabling memberof plugin
[5/36]: enabling winsync plugin
[6/36]: configuring replication version plugin
[7/36]: enabling IPA enrollment plugin
[8/36]: enabling ldapi
[9/36]: configuring uniqueness plugin
[10/36]: configuring uuid plugin
[11/36]: configuring modrdn plugin
[12/36]: enabling entryUSN plugin
[13/36]: configuring lockout plugin
[14/36]: creating indices
[15/36]: enabling referential integrity plugin
[16/36]: configuring certmap.conf
[17/36]: configure autobind for root
[18/36]: configure new location for managed entries
[19/36]: restarting directory server
[20/36]: adding default layout
[21/36]: adding delegation layout
[22/36]: adding replication acis
[23/36]: creating container for managed entries
[24/36]: configuring user private groups
[25/36]: configuring netgroups from hostgroups
[26/36]: creating default Sudo bind user
[27/36]: creating default Auto Member layout
[28/36]: adding range check plugin
[29/36]: creating default HBAC rule allow_all
[30/36]: Upload CA cert to the directory
ipa : CRITICAL Failed to load upload-cacert.ldif: Command
'/usr/bin/ldapmodify -v -f /tmp/tmpSkzd0p -H
ldap://gutenberg.vorlon.lan:389 -x -D cn=Directory Manager -y
/tmp/tmpVB45G5' returned non-zero exit status 247
[31/36]: initializing group membership
[32/36]: adding master entry
[33/36]: configuring Posix uid/gid generation
[34/36]: enabling compatibility plugin
[35/36]: tuning directory server
[36/36]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
30 seconds
[1/20]: creating certificate server user
[2/20]: configuring certificate server instance
[3/20]: disabling nonces
[4/20]: creating RA agent certificate database
[5/20]: importing CA chain to RA certificate database
[6/20]: fixing RA database permissions
[7/20]: setting up signing cert profile
[8/20]: set up CRL publishing
[9/20]: set certificate subject base
[10/20]: enabling Subject Key Identifier
[11/20]: enabling CRL and OCSP extensions for certificates
[12/20]: setting audit signing renewal to 2 years
[13/20]: configuring certificate server to start on boot
[14/20]: restarting certificate server
[15/20]: requesting RA certificate from CA
Unexpected error - see /var/log/ipaserver-install.log for details:
IndexError: list index out of range
[root@gutenberg ~]#
from /var/log/ipaserver-install.log
2013-02-13T14:38:15Z DEBUG stderr=
2013-02-13T14:38:15Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2013-02-13T14:38:15Z DEBUG duration: 0 seconds
2013-02-13T14:38:15Z DEBUG [14/20]: restarting certificate server
2013-02-13T14:38:15Z DEBUG Starting external process
2013-02-13T14:38:15Z DEBUG args=/bin/systemctl restart
pki-tomcatd@pki-tomcat.service
2013-02-13T14:38:19Z DEBUG Process finished, return code=0
2013-02-13T14:38:19Z DEBUG stdout=
2013-02-13T14:38:19Z DEBUG stderr=
2013-02-13T14:38:19Z DEBUG Starting external process
2013-02-13T14:38:19Z DEBUG args=/bin/systemctl is-active
pki-tomcatd@pki-tomcat.service
2013-02-13T14:38:19Z DEBUG Process finished, return code=0
2013-02-13T14:38:19Z DEBUG stdout=active
2013-02-13T14:38:19Z DEBUG stderr=
2013-02-13T14:38:19Z DEBUG wait_for_open_ports: localhost [8080, 8443]
timeout 120
2013-02-13T14:38:25Z DEBUG The httpd proxy is not installed, skipping
wait for CA
2013-02-13T14:38:25Z DEBUG duration: 9 seconds
2013-02-13T14:38:25Z DEBUG [15/20]: requesting RA certificate from CA
2013-02-13T14:38:25Z DEBUG Starting external process
2013-02-13T14:38:25Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f
XXXXXXXX -R -k rsa -g 2048 -s CN=IPA RA,O=VORLON.LAN -z /tmp/tmpQoA4BN -a
2013-02-13T14:38:31Z DEBUG Process finished, return code=0
2013-02-13T14:38:31Z DEBUG
stdout=^X^\<FB><ED>5^@^@^@^X^\<FB><ED>5^@^@^@^P<FD><81>^A^@^@^@^@^P<FD><81>^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@<B0>^@^@^@^@^@^@^@!^F^@^@^@^@^@^@<98>^W<FB><ED>5^@^@^@<A0><F9><81>^A^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@<80><8D><81>^A^@^@^@^@^@^@^@^@^@^@^@^@^@^A^@^@^@^@^@^@P^@^@^@^@^@^@^@^P^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@`^B^@^@^@^@^@^@^P^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
2013-02-13T14:38:31Z DEBUG stderr=
Generating key. This may take a few moments...
2013-02-13T14:38:47Z INFO File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 617, in run_script
return_value = main_function()
File "/sbin/ipa-server-install", line 986, in main
dm_password, subject_base=options.subject)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
621, in configure_instance
self.start_creation(runtime=210)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 358, in start_creation
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
1219, in __request_ra_certificate
self.requestId = item_node[0].childNodes[0].data
2013-02-13T14:38:47Z INFO The ipa-server-install command failed,
exception: IndexError: list index out of range
(END)
There are no special charters in any password.
Any ideas ?
Caused by a bug in the nss package, see this thread
https://www.redhat.com/archives/freeipa-users/2013-February/msg00195.html
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users