On 05/14/2015 11:58 AM, Remigio Moncayo Serrano wrote:
> Hello,
> I've been put in charge of implementing a solution that uses LDAP and 
> kerberos authentication. At first thought I should use openLDAP and Kerberos 
> but found freeIPA and looks really cool, however, when trying to install I 
> keep getting this error about configuration of CA:
> The following operations may take some minutes to complete.
> Please wait until the prompt is returned.
> Configuring NTP daemon (ntpd)
>   [1/4]: stopping ntpd
>   [2/4]: writing configuration
>   [3/4]: configuring ntpd to start on boot
>   [4/4]: starting ntpd
> Done configuring NTP daemon (ntpd).
> Configuring directory server for the CA (pkids): Estimated time 30 seconds
>   [1/3]: creating directory server user
>   [2/3]: creating directory server instance
>   [3/3]: restarting directory server
> ipa         : CRITICAL Failed to restart the directory server. See the 
> installation log for details.
> Done configuring directory server for the CA (pkids).
> Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds
>   [1/20]: creating certificate server user
>   [2/20]: configuring certificate server instance
> ipa         : CRITICAL failed to configure ca instance Command '/usr/bin/perl 
> /usr/bin/pkisilent ConfigureCA -cs_hostname ipatest.ingenia.local -cs_port 
> 9445 -client_certdb_dir /tmp/tmp-ARezzO -client_certdb_pwd XXXXXXXX 
> -preop_pin f0dLhx9bLX5qWHYx50h6 -domain_name IPA -admin_user admin 
> -admin_email root@localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent 
> -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject 
> CN=ipa-ca-agent,O=INGENIA.LOCAL -ldap_host ipatest.ingenia.local -ldap_port 
> 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca 
> -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA 
> -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name 
> internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=INGENIA.LOCAL 
> -ca_subsystem_cert_subject_name CN=CA Subsystem,O=INGENIA.LOCAL 
> -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=INGENIA.LOCAL 
> -ca_server_cert_subject_name CN=ipatest.ingenia.local,O=INGENIA.L!
 OCAL -ca_a
udit_signing_cert_subject_name CN=CA Audit,O=INGENIA.LOCAL 
-ca_sign_cert_subject_name CN=Certificate Authority,O=INGENIA.LOCAL -external 
false -clone false' returned non-zero exit status 255
> Configuration of CA failed
> I'm including two install logs, one with dns-setup and the other without it. 
> Don't really know what I'm doing wrong, thought maybe I should allow 
> connections to certain ports in ip tables or something but have no clue 
> really and I'm quite new to this, help please..
> Regards,
> Remigio


What platform are you using (Fedora? CentOS? RHEL?) and what version of FreeIPA
are you using?

Also, I following error in the log
java.net.ConnectException: Connection refused
So it seems some port is occupied. Is your port 8443 occupied? Maybe by running
httpd daemon before the installation?


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to