[Freeipa-users] FreeIPA install fails on config. of certificate server with "Required parameter -client_token_name is not specified."

Andrew Wasielewski Thu, 20 Jun 2013 14:41:06 -0700

Hello everyone,

I am trying to install FreeIPA 2.2.2 on Fedora 17 (kernel 
3.8.13-100.fc17.x86_64).  Each time it fails in step 2/17 of "Configuring 
certificate server".  The relevant portion of the log is appended below.  It 
looks like the specific cause of the error is "Required parameter 
-client_token_name is not specified."  I can't find anything on Google relating 
to this exact string so am requesting help here.


All necessary package installs, DNS config etc. have been done, so there are no 
error messages during the info gathering part of the script.  There has been no 
previous installation of Kerberos or any CA software.  I did do some work with 
OpenLDAP to set up a user management directory - before I found out about 
FreeIPA - but that used slapd which is now disabled to avoid conflict with 389 
Directory Server.

Any advice much appreciated.

Regards,
Andrew


2013-06-20T21:12:27Z DEBUG stderr=
2013-06-20T21:12:27Z DEBUG   duration: 0 seconds
2013-06-20T21:12:27Z DEBUG done configuring pkids.
2013-06-20T21:12:27Z DEBUG Loading StateFile from 
'/var/lib/ipa/sysrestore/sysrestore.state'
2013-06-20T21:12:27Z DEBUG Configuring certificate server: Estimated time 3 
minutes 30 seconds
2013-06-20T21:12:27Z DEBUG   [1/17]: creating certificate server user
2013-06-20T21:12:27Z DEBUG ca user pkiuser exists
2013-06-20T21:12:27Z DEBUG   duration: 0 seconds
2013-06-20T21:12:27Z DEBUG   [2/17]: configuring certificate server instance
2013-06-20T21:12:27Z DEBUG args=/usr/bin/perl /usr/bin/pkisilent ConfigureCA 
-cs_hostname server.wasielewski.co.uk -cs_port 9445 -client_certdb_dir 
/tmp/tmp-YYL2Te -client_certdb_pwd XXXXXXXX -preop_pin 1JbX3OUn0
TgehavAiRWv -domain_name IPA -admin_user admin -admin_email root@localhost 
-admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 
-agent_key_type rsa -agent_cert_subject CN=ipa-
ca-agent,O=WASIELEWSKI.CO.UK -ldap_host server.wasielewski.co.uk -ldap_port 
7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca 
-db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA 
-save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name 
internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=WASIELEWSKI.CO.UK 
-ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=WASIELEWSKI.CO.UK 
-ca_server_cert_subject_name CN=server.wasielewski.co.uk,O=WASIELEWSKI.CO.UK 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=WASIELEWSKI.CO.UK 
-ca_sign_cert_subject_name CN=Certificate Authority,O=WASIELEWSKI.CO.UK 
-external false -clone false
2013-06-20T21:12:27Z DEBUG stdout=libpath=/usr/lib64
#######################################################################
Required parameter -client_token_name is not specified.
Use -help for help information

#######################################################################

2013-06-20T21:12:27Z DEBUG stderr=
2013-06-20T21:12:27Z CRITICAL failed to configure ca instance Command 
'/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname 
server.wasielewski.co.uk -cs_port 9445 -client_certdb_dir /tmp/tmp-YYL2Te 
-client_certdb_pwd XXXXXXXX -preop_pin 1JbX3OUn0TgehavAiRWv -domain_name IPA 
-admin_user admin -admin_email root@localhost -admin_password XXXXXXXX 
-agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa 
-agent_cert_subject CN=ipa-ca-agent,O=WASIELEWSKI.CO.UK -ldap_host 
server.wasielewski.co.uk -ldap_port 7389 -bind_dn cn=Directory Manager 
-bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 
-key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX 
-subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name 
CN=CA Subsystem,O=WASIELEWSKI.CO.UK -ca_ocsp_cert_subject_name CN=OCSP 
Subsystem,O=WASIELEWSKI.CO.UK -ca_server_cert_subject_name 
CN=server.wasielewski.co.uk,O=WASIELEWSKI.CO.UK 
-ca_audit_signing_cert_subject_name CN=CA Audit,O=WASIELEWSKI.CO.UK 
-ca_sign_cert_subject_name CN=Certificate Authority,O=WASIELEWSKI.CO.UK 
-external false -clone false' returned non-zero exit status 255
2013-06-20T21:12:27Z DEBUG Configuration of CA failed
  File "/usr/sbin/ipa-server-install", line 1100, in <module>
    rval = main()

  File "/usr/sbin/ipa-server-install", line 888, in main
    subject_base=options.subject)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 
531, in configure_instance
    self.start_creation("Configuring certificate server", 210)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
257, in start_creation
    method()

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 
667, in __configure_instance
    raise RuntimeError('Configuration of CA failed')

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] FreeIPA install fails on config. of certificate server with "Required parameter -client_token_name is not specified."

Reply via email to