Re: [Freeipa-users] FreeIPA 1.9.0.pre4 installation problem
On 9/15/10 7:45 PM, Rob Crittenden wrote: Miljan Karadzic wrote: Hello all, I am having some problems installing FreeIPA server on a freshly installed Fedora 13 machine. Installation fails during configuration of certificate server at step 3/14: --- [3/14]: configuring certificate server instance root : CRITICAL failed to restart ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname loznica.lhs-systems.com -cs_port 9445 -client_certdb_dir /tmp/tmp-0ANqdU -client_certdb_pwd -preop_pin eTvJduILXN6kCgkX46ih -domain_name IPA -admin_user admin -admin_email r...@localhost -admin_password -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=IPA" -ldap_host loznica.lhs-systems.com -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -save_p12 true -backup_pwd -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IPA" -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=IPA" -ca_server_cert_subject_name "CN=loznica.lhs-systems.com,O=IPA" -ca_audit_signing_cert_subject_name "CN=CA Audit,O=IPA" -ca_sign_cert_subject_name "CN=Certificate Authority,O=IPA" -external false -clone false' returned non-zero exit status 255 [4/14]: creating CA agent PKCS#12 file in /root Unexpected error - see ipaserver-install.log for details: Command '/usr/bin/pk12util -n ipa-ca-agent -o /root/ca-agent.p12 -d /tmp/tmp-0ANqdU -k /tmp/tmplUonD_ -w /tmp/tmplUonD_' returned non-zero exit status 24 --- Even if installation continues to next step PKI-CA is not configured. Debug message from the installation log file says (complete installation log is attached): --- Required parameter -key_algorithm is not specified. Use -help for help information --- Installed packages are as follows: --- pki-common-1.3.8-1.fc13.noarch pki-util-1.3.2-1.fc13.noarch pki-console-1.3.2-1.fc13.noarch pki-native-tools-1.3.0-5.fc13.i686 dogtag-pki-ca-ui-1.3.2-1.fc13.noarch pki-silent-1.3.4-1.fc13.noarch pki-symkey-1.3.2-4.fc13.i686 pki-java-tools-1.3.1-1.fc13.noarch dogtag-pki-console-ui-1.3.2-2.fc13.noarch pki-ca-1.3.6-1.fc13.noarch pki-selinux-1.3.5-1.fc13.noarch dogtag-pki-common-ui-1.3.3-1.fc13.noarch pki-setup-1.3.4-1.fc13.noarch - ipa-server-1.9.0.pre4-0.fc13.i686 ipa-admintools-1.9.0.pre4-0.fc13.i686 ipa-python-1.9.0.pre4-0.fc13.i686 ipa-server-selinux-1.9.0.pre4-0.fc13.i686 ipa-client-1.9.0.pre4-0.fc13.i686 - 389-ds-base-1.2.6-1.fc13.i686 --- Any ideas what could be the problem? The problem is that pkisilent requires a new argument, -key_algorithm, that we aren't providing. To wokr around this you'll need to modify /usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py. Search for pkisilent and you'll see we create a huge array of arguments to pass. Add this: "-key_algorithm", "SHA256withRSA", I put it in right after: "-key_type", "rsa", but order shouldn't matter. rob Hi Rob, I found the same thing after writing the email, but I didn't know what to use as an argument - putting just 'rsa' didn't work. :) Thanks a lot for the help! ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA 1.9.0.pre4 installation problem
Miljan Karadzic wrote: Hello all, I am having some problems installing FreeIPA server on a freshly installed Fedora 13 machine. Installation fails during configuration of certificate server at step 3/14: --- [3/14]: configuring certificate server instance root : CRITICAL failed to restart ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname loznica.lhs-systems.com -cs_port 9445 -client_certdb_dir /tmp/tmp-0ANqdU -client_certdb_pwd -preop_pin eTvJduILXN6kCgkX46ih -domain_name IPA -admin_user admin -admin_email r...@localhost -admin_password -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=IPA" -ldap_host loznica.lhs-systems.com -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -save_p12 true -backup_pwd -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IPA" -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=IPA" -ca_server_cert_subject_name "CN=loznica.lhs-systems.com,O=IPA" -ca_audit_signing_cert_subject_name "CN=CA Audit,O=IPA" -ca_sign_cert_subject_name "CN=Certificate Authority,O=IPA" -external false -clone false' returned non-zero exit status 255 [4/14]: creating CA agent PKCS#12 file in /root Unexpected error - see ipaserver-install.log for details: Command '/usr/bin/pk12util -n ipa-ca-agent -o /root/ca-agent.p12 -d /tmp/tmp-0ANqdU -k /tmp/tmplUonD_ -w /tmp/tmplUonD_' returned non-zero exit status 24 --- Even if installation continues to next step PKI-CA is not configured. Debug message from the installation log file says (complete installation log is attached): --- Required parameter -key_algorithm is not specified. Use -help for help information --- Installed packages are as follows: --- pki-common-1.3.8-1.fc13.noarch pki-util-1.3.2-1.fc13.noarch pki-console-1.3.2-1.fc13.noarch pki-native-tools-1.3.0-5.fc13.i686 dogtag-pki-ca-ui-1.3.2-1.fc13.noarch pki-silent-1.3.4-1.fc13.noarch pki-symkey-1.3.2-4.fc13.i686 pki-java-tools-1.3.1-1.fc13.noarch dogtag-pki-console-ui-1.3.2-2.fc13.noarch pki-ca-1.3.6-1.fc13.noarch pki-selinux-1.3.5-1.fc13.noarch dogtag-pki-common-ui-1.3.3-1.fc13.noarch pki-setup-1.3.4-1.fc13.noarch - ipa-server-1.9.0.pre4-0.fc13.i686 ipa-admintools-1.9.0.pre4-0.fc13.i686 ipa-python-1.9.0.pre4-0.fc13.i686 ipa-server-selinux-1.9.0.pre4-0.fc13.i686 ipa-client-1.9.0.pre4-0.fc13.i686 - 389-ds-base-1.2.6-1.fc13.i686 --- Any ideas what could be the problem? The problem is that pkisilent requires a new argument, -key_algorithm, that we aren't providing. To wokr around this you'll need to modify /usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py. Search for pkisilent and you'll see we create a huge array of arguments to pass. Add this: "-key_algorithm", "SHA256withRSA", I put it in right after: "-key_type", "rsa", but order shouldn't matter. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] FreeIPA 1.9.0.pre4 installation problem
Hello all, I am having some problems installing FreeIPA server on a freshly installed Fedora 13 machine. Installation fails during configuration of certificate server at step 3/14: --- [3/14]: configuring certificate server instance root: CRITICAL failed to restart ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname loznica.lhs-systems.com -cs_port 9445 -client_certdb_dir /tmp/tmp-0ANqdU -client_certdb_pwd -preop_pin eTvJduILXN6kCgkX46ih -domain_name IPA -admin_user admin -admin_email r...@localhost -admin_password -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=IPA" -ldap_host loznica.lhs-systems.com -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -save_p12 true -backup_pwd -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=IPA" -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=IPA" -ca_server_cert_subject_name "CN=loznica.lhs-systems.com,O=IPA" -ca_audit_signing_cert_subject_name "CN=CA Audit,O=IPA" -ca_sign_cert_subject_name "CN=Certificate Authority,O=IPA" -external false -clone false' returned non-zero exit status 255 [4/14]: creating CA agent PKCS#12 file in /root Unexpected error - see ipaserver-install.log for details: Command '/usr/bin/pk12util -n ipa-ca-agent -o /root/ca-agent.p12 -d /tmp/tmp-0ANqdU -k /tmp/tmplUonD_ -w /tmp/tmplUonD_' returned non-zero exit status 24 --- Even if installation continues to next step PKI-CA is not configured. Debug message from the installation log file says (complete installation log is attached): --- Required parameter -key_algorithm is not specified. Use -help for help information --- Installed packages are as follows: --- pki-common-1.3.8-1.fc13.noarch pki-util-1.3.2-1.fc13.noarch pki-console-1.3.2-1.fc13.noarch pki-native-tools-1.3.0-5.fc13.i686 dogtag-pki-ca-ui-1.3.2-1.fc13.noarch pki-silent-1.3.4-1.fc13.noarch pki-symkey-1.3.2-4.fc13.i686 pki-java-tools-1.3.1-1.fc13.noarch dogtag-pki-console-ui-1.3.2-2.fc13.noarch pki-ca-1.3.6-1.fc13.noarch pki-selinux-1.3.5-1.fc13.noarch dogtag-pki-common-ui-1.3.3-1.fc13.noarch pki-setup-1.3.4-1.fc13.noarch - ipa-server-1.9.0.pre4-0.fc13.i686 ipa-admintools-1.9.0.pre4-0.fc13.i686 ipa-python-1.9.0.pre4-0.fc13.i686 ipa-server-selinux-1.9.0.pre4-0.fc13.i686 ipa-client-1.9.0.pre4-0.fc13.i686 - 389-ds-base-1.2.6-1.fc13.i686 --- Any ideas what could be the problem? Regards, Miljan 2010-09-15 17:35:49,784 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2010-09-15 17:35:49,785 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2010-09-15 17:35:49,785 DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2010-09-15 17:36:04,448 DEBUG importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'... 2010-09-15 17:36:04,449 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py' 2010-09-15 17:36:04,456 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py' 2010-09-15 17:36:04,465 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py' 2010-09-15 17:36:04,465 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py' 2010-09-15 17:36:04,477 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py' 2010-09-15 17:36:04,481 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py' 2010-09-15 17:36:04,491 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py' 2010-09-15 17:36:04,495 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbac.py' 2010-09-15 17:36:04,505 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py' 2010-09-15 17:36:04,507 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py' 2010-09-15 17:36:04,509 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py' 2010-09-15 17:36:04,514 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py' 2010-09-15 17:36:04,517 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py' 2010-09-15 17:36:04,517 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py' 2010-09-15 17:36:04,519 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py' 2010-09-15 17:36:04,521 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py' 2010-09-15 17:36:04,522 DEBUG importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgro