@Timo: This fix in trusty is good, but doesn't help.
The ipa-client after 12.04 LTS are not compatible anymore with the working IPA 
server from RHEL.
This client can't talk to an older IPA master server....so 12.04 LTS is still 

RH doesn't plan to update IPA Server to a new version.

You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.

  ipa-client-install fails at certutil stage because /etc/pki doesn't

Status in “freeipa” package in Ubuntu:
  Fix Released
Status in “nss” package in Ubuntu:
  Fix Released
Status in “nss” package in Debian:

Bug description:
  Dear Colleagues,

  ipa-client-install fails at the import stage of the freeipa server

  Created /etc/ipa/default.conf
  New SSSD config will be created.
  Configured /etc/sssd/sssd.conf
  Traceback (most recent call last):
    File "/usr/sbin/ipa-client-install", line 1292, in <module>
    File "/usr/sbin/ipa-client-install", line 1279, in main
      rval = install(options, env, fstore, statestore)
    File "/usr/sbin/ipa-client-install", line 1124, in install
      run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", 
"-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"])
    File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in 
      raise CalledProcessError(p.returncode, args)
  subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d 
/etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero 
exit status 255

  It looks like the patch create_client_dirs.patch needs to be refreshed to:

  1. check if /etc/pki exists
  2. if not, create it

  this is important especially for debian and ubuntu, because /etc/pki
  is/was fedora/rhel specific



To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~freeipa
Post to     : freeipa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~freeipa
More help   : https://help.launchpad.net/ListHelp

Reply via email to