On 09/08/2014 03:49 PM, Olga Kornievskaia wrote:
Can somebody help with the following problem(s) I've encountered while trying to install the freeipa server?

Problem #1:
On fedora 20, I have:
1. using yum install acquired the free-ipa-server package.
2. ran ipa-server-install
--- that has failed with "CA did not start in 300s"

One thing that's noticeable in the logs (the snippet is included below) is that request for request 'https://ipa1.gateway.2wire.net:443/ca/admin/ca/getStatus' <https://ipa1.gateway.2wire.net/ca/admin/ca/getStatus%27>

has 443 as port as for before all the requests for 8443 (e.g.., same (manual) request on port 8443 succeeds). Seems like an install script somewhere has the wrong port ?

443 is the right port.
Do you have something already running on the same box on that port?
That might prevent things from installing and running.

Please try on a clean machine or VM.
Also more logs will be helpful.
Please see this [1] on how to troubleshoot.

The second problem is most likely an artifact of the incomplete install.

[1] http://www.freeipa.org/page/Troubleshooting

2014-09-08T19:21:07Z DEBUG Waiting for CA to start...

2014-09-08T19:21:08Z DEBUG request 'https://ipa1.gateway.2wire.net:443/ca/admin/ca/getStatus'

2014-09-08T19:21:08Z DEBUG request body ''

2014-09-08T19:21:08Z DEBUG request status 503

2014-09-08T19:21:08Z DEBUG request reason_phrase u'Service Unavailable'

2014-09-08T19:21:08Z DEBUG request headers {'date': 'Mon, 08 Sep 2014 19:21:08 GMT', 'content-length': '299', 'content-type': 'text/html; charset=iso-8859-1', 'connection': 'close', 'server': 'Apache/2.4.10 (Fedora) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.3 Basic ECC mod_wsgi/3.5 Python/2.7.5'}2014-09-08T19:21:08Z DEBUG request body '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>503 Service Unavailable</title>\n</head><body>\n<h1>Service Unavailable</h1>\n<p>The server is temporarily unable to service your\nrequest due to maintenance downtime or capacity\nproblems. Please try again later.</p>\n</body></html>\n'

2014-09-08T19:21:08Z DEBUG The CA status is: Service Unavailable

Problem #2:
The next problem I'm encountering and doesn't seem to be related to the CA setup is on the next step of "kinit admin". It fails with "generic pre authentication failure while getting initial credentials"

stracing kinit show that it tried to open file "/var/lib/sss/pubconf/kdcinfo.GATEWAY.2WIRE.NET <http://kdcinfo.gateway.2wire.net/>") and fails with "no such file" error. "pubconf" dir only has empty "krb5.include.d".

I don't know if this failure is due to the fact that the setup didn't run all the way and some configuration is missing or this is a separate issue .

Are these bugs that need to be filled with bugzilla or am I doing something incorrectly?

Any help would be appreciated.

Thank you.

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to