On 14/05/15 13:54, Remigio Moncayo Serrano wrote:

I fail to see the problem in the logs so I’m attaching the file here

*De:*Martin Basti [mailto:mba...@redhat.com]
*Enviado el:* jueves, 14 de mayo de 2015 13:05
*Para:* Remigio Moncayo Serrano; freeipa-users@redhat.com
*Asunto:* Re: [Freeipa-users] Configuration of CA failed

On 14/05/15 11:58, Remigio Moncayo Serrano wrote:


    I’ve been put in charge of implementing a solution that uses LDAP
    and kerberos authentication. At first thought I should use
    openLDAP and Kerberos but found freeIPA and looks really cool,
    however, when trying to install I keep getting this error about
    configuration of CA:

    The following operations may take some minutes to complete.

    Please wait until the prompt is returned.

    Configuring NTP daemon (ntpd)

      [1/4]: stopping ntpd

      [2/4]: writing configuration

      [3/4]: configuring ntpd to start on boot

      [4/4]: starting ntpd

    Done configuring NTP daemon (ntpd).

    Configuring directory server for the CA (pkids): Estimated time 30

      [1/3]: creating directory server user

      [2/3]: creating directory server instance

      [3/3]: restarting directory server

    ipa         : CRITICAL Failed to restart the directory server. See
    the installation log for details.

    Done configuring directory server for the CA (pkids).

    Configuring certificate server (pki-cad): Estimated time 3 minutes
    30 seconds

      [1/20]: creating certificate server user

      [2/20]: configuring certificate server instance

    ipa         : CRITICAL failed to configure ca instance Command
    '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname
    ipatest.ingenia.local -cs_port 9445 -client_certdb_dir
    /tmp/tmp-ARezzO -client_certdb_pwd XXXXXXXX -preop_pin
    f0dLhx9bLX5qWHYx50h6 -domain_name IPA -admin_user admin
    -admin_email root@localhost -admin_password XXXXXXXX -agent_name
    ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa
    -agent_cert_subject CN=ipa-ca-agent,O=INGENIA.LOCAL -ldap_host
    ipatest.ingenia.local -ldap_port 7389 -bind_dn cn=Directory
    Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca
    -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA
    -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad
    -token_name internal -ca_subsystem_cert_subject_name CN=CA
    Subsystem,O=INGENIA.LOCAL -ca_subsystem_cert_subject_name CN=CA
    Subsystem,O=INGENIA.LOCAL -ca_ocsp_cert_subject_name CN=OCSP
    Subsystem,O=INGENIA.LOCAL -ca_server_cert_subject_name
    -ca_audit_signing_cert_subject_name CN=CA Audit,O=INGENIA.LOCAL
    -ca_sign_cert_subject_name CN=Certificate
    Authority,O=INGENIA.LOCAL -external false -clone false' returned
    non-zero exit status 255

    Configuration of CA failed

    I’m including two install logs, one with dns-setup and the other
    without it. Don’t really know what I’m doing wrong, thought maybe
    I should allow connections to certain ports in ip tables or
    something but have no clue really and I’m quite new to this, help




can you please check error logs of DS?

And please post here an error why DS restart failed.


Martin Basti
indeed, log looks good.
There is some issue that IPA cannot verify DS on port 7389.

Can you answer the questions asked by Martin Kosek, please?

Martin Basti

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to