Following this guide:

ipa-server-install --setup-dns -p '<password>' -a '<password>' -r
MIOVISION.LINUX -n miovision.linux --hostname ipa1.miovision.linux
--forwarder= --forwarder=

Server host name [ipa1.miovision.linux]:

Warning: skipping DNS resolution of host ipa1.miovision.linux
Unable to resolve IP address for host name
Please provide the IP address to be used for this host name:
Adding [ ipa1.miovision.linux] to your /etc/hosts file
Do you want to configure the reverse zone? [yes]:
Please specify the reverse zone name []:
Using reverse zone

The IPA Master Server will be configured with:
Hostname:      ipa1.miovision.linux
IP address:
Domain name:   miovision.linux
Realm name:    MIOVISION.LINUX

BIND DNS server will be configured to serve IPA domain with:
Reverse zone:

Continue to configure the system with these values? [no]: yes

The following operations may take some minutes to complete.
Please wait until the prompt is returned.

Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd


Done configuring directory server (dirsrv).
Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds
  [1/10]: adding sasl mappings to the directory
  [2/10]: adding kerberos container to the directory
  [3/10]: configuring KDC
  [4/10]: initialize kerberos container
Failed to initialize the realm container
  [5/10]: adding default ACIs
  [6/10]: creating a keytab for the directory
Unexpected error - see /var/log/ipaserver-install.log for details:
CalledProcessError: Command 'kadmin.local -q addprinc -randkey
ldap/ipa1.miovision.linux@MIOVISION.LINUX -x
ipa-setup-override-restrictions' returned non-zero exit status 1


add aci:

3.0; acl "Modify CA Certificates for renewals"; allow(write) userdn =
modifying entry "cn=ipa,cn=etc,dc=miovision,dc=linux"
modify complete

2014-02-04T20:45:51Z DEBUG stderr=ldap_initialize(
ldapi://%2Fvar%2Frun%2Fslapd-MIOVISION-LINUX.socket/??base )

2014-02-04T20:45:51Z DEBUG   duration: 6 seconds
2014-02-04T20:45:51Z DEBUG   [6/10]: creating a keytab for the directory
2014-02-04T20:45:51Z DEBUG args=kadmin.local -q addprinc -randkey
ldap/ipa1.miovision.linux@MIOVISION.LINUX -x ipa-setup-override-restrictions
2014-02-04T20:45:51Z DEBUG stdout=Authenticating as principal
root/admin@MIOVISION.LINUX with password.

2014-02-04T20:45:51Z DEBUG stderr=kadmin.local: No such entry in the
database while initializing kadmin.local interface

2014-02-04T20:45:51Z INFO   File
"/usr/lib/python2.6/site-packages/ipaserver/install/", line
614, in run_script
    return_value = main_function()

  File "/usr/sbin/ipa-server-install", line 1024, in main

  File "/usr/lib/python2.6/site-packages/ipaserver/install/",
line 183, in create_instance

  File "/usr/lib/python2.6/site-packages/ipaserver/install/",
line 358, in start_creation

  File "/usr/lib/python2.6/site-packages/ipaserver/install/",
line 386, in __create_ds_keytab

"/usr/lib/python2.6/site-packages/ipaserver/install/", line
369, in kadmin_addprinc
    kadmin("addprinc -randkey " + principal)

"/usr/lib/python2.6/site-packages/ipaserver/install/", line
366, in kadmin
    "-x", "ipa-setup-override-restrictions"])

  File "/usr/lib/python2.6/site-packages/ipapython/", line 316,
in run
    raise CalledProcessError(p.returncode, args)

2014-02-04T20:45:51Z INFO The ipa-server-install command failed, exception:
CalledProcessError: Command 'kadmin.local -q addprinc -randkey
ldap/ipa1.miovision.linux@MIOVISION.LINUX -x
ipa-setup-override-restrictions' returned non-zero exit status 1

*Steve Dainard *
IT Infrastructure Manager
Miovision <> | *Rethink Traffic*
519-513-2407 ex.250
877-646-8476 (toll-free)

*Blog <>  |  **LinkedIn
<>  |  Twitter
<>  |  Facebook
 Miovision Technologies Inc. | 148 Manitou Drive, Suite 101, Kitchener, ON,
Canada | N2C 1L3
This e-mail may contain information that is privileged or confidential. If
you are not the intended recipient, please delete the e-mail and any
attachments and notify us immediately.
Freeipa-users mailing list

Reply via email to