Any ETA on when/if this will be fixed. I am trying to add a new freeipa
server running 18.04 by adding it as a replica to a current setup, but
it seems to fail on Bind and what is described here.
I tried the PPA listed above but when adding as a replica using those
packages Igot this error if anyone here is interested.
error] UNWILLING_TO_PERFORM: {'info': u'modification of attribute
nsds5ReplicaReleaseTimeout is not allowed in replica entry', 'desc':
u'Server is unwilling to perform'}
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1769440
Title:
freeipa server install fails - named-pkcs11 fails to run
Status in bind9 package in Ubuntu:
Confirmed
Status in freeipa package in Ubuntu:
Confirmed
Bug description:
Setting up FreeIPA server fails at "Configuring the web interface",
step 12/21
It's in a cleanly started LXC Ubuntu Bionic container. The
ppa:freeipa/ppa is also used to get tomcat 8.5.30-1ubuntu1.2
Configuring the web interface (httpd)
[1/21]: stopping httpd
[2/21]: backing up ssl.conf
[3/21]: disabling nss.conf
[4/21]: configuring mod_ssl certificate paths
[5/21]: setting mod_ssl protocol list to TLSv1.0 - TLSv1.2
[6/21]: configuring mod_ssl log directory
[7/21]: disabling mod_ssl OCSP
[8/21]: adding URL rewriting rules
[9/21]: configuring httpd
[10/21]: setting up httpd keytab
[11/21]: configuring Gssproxy
[12/21]: setting up ssl
[error] RuntimeError: Certificate issuance failed (CA_REJECTED)
ipapython.admintool: ERRORCertificate issuance failed (CA_REJECTED)
ipapython.admintool: ERRORThe ipa-server-install command failed. See
/var/log/ipaserver-install.log for more information
and in the log there is
2018-05-05T20:37:29Z DEBUG stderr=
2018-05-05T20:37:29Z DEBUG step duration: httpd configure_gssproxy 1.09 sec
2018-05-05T20:37:29Z DEBUG [12/21]: setting up ssl
2018-05-05T20:37:33Z DEBUG certmonger request is in state
dbus.String(u'GENERATING_KEY_PAIR', variant_level=1)
2018-05-05T20:37:38Z DEBUG certmonger request is in state
dbus.String(u'CA_REJECTED', variant_level=1)
2018-05-05T20:37:42Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
555, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line
541, in run_step
method()
File "/usr/lib/python2.7/dist-packages/ipaserver/install/httpinstance.py",
line 376, in __setup_ssl
passwd_fname=key_passwd_file
File "/usr/lib/python2.7/dist-packages/ipalib/install/certmonger.py", line
320, in request_and_wait_for_cert
raise RuntimeError("Certificate issuance failed ({})".format(state))
RuntimeError: Certificate issuance failed (CA_REJECTED)
2018-05-05T20:37:42Z DEBUG [error] RuntimeError: Certificate issuance
failed (CA_REJECTED)
2018-05-05T20:37:42Z DEBUG File
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 174, in exec
ute
...
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1769440/+subscriptions
___
Mailing list: https://launchpad.net/~freeipa
Post to : freeipa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~freeipa
More help : https://help.launchpad.net/ListHelp
