@Timo: This fix in trusty is good, but doesn't help.
The ipa-client after 12.04 LTS are not compatible anymore with the working IPA
server from RHEL.
This client can't talk to an older IPA master server....so 12.04 LTS is still
RH doesn't plan to update IPA Server to a new version.
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
ipa-client-install fails at certutil stage because /etc/pki doesn't
Status in “freeipa” package in Ubuntu:
Status in “nss” package in Ubuntu:
Status in “nss” package in Debian:
ipa-client-install fails at the import stage of the freeipa server
New SSSD config will be created.
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 1292, in <module>
File "/usr/sbin/ipa-client-install", line 1279, in main
rval = install(options, env, fstore, statestore)
File "/usr/sbin/ipa-client-install", line 1124, in install
run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA",
"-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"])
File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in
raise CalledProcessError(p.returncode, args)
subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d
/etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero
exit status 255
It looks like the patch create_client_dirs.patch needs to be refreshed to:
1. check if /etc/pki exists
2. if not, create it
this is important especially for debian and ubuntu, because /etc/pki
is/was fedora/rhel specific
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~freeipa
Post to : firstname.lastname@example.org
Unsubscribe : https://launchpad.net/~freeipa
More help : https://help.launchpad.net/ListHelp