subject:"\[Freeipa\-users\] Problem in ipa\-server\-install \-> uninstall \-> install"

Re: [Freeipa-users] Problem in ipa-server-install -> uninstall -> install

2012-02-15 Thread Marco Pizzoli

On Tue, Feb 14, 2012 at 8:25 PM, Rob Crittenden  wrote:

> Marco Pizzoli wrote:
>
>>
>>
>> On Tue, Feb 14, 2012 at 3:24 PM, Rob Crittenden > > wrote:
>>
>>Marco Pizzoli wrote:
>>
>>Hi guys,
>>I'm running freeipa-server-2.1.4-5.fc16.__**x86_64.
>>
>>
>>Following the documentation I can see that to uninstall and
>>reinstall a
>>freeipa system it is sufficient to:
>>
>> > ipa-server-install 
>> > ipa-server-install --uninstall
>> > ipa-server-install 
>>
>>Well, when re-installing the system, I get this error on the
>>console:
>>[cut]
>>done configuring named.
>>Configuration of client side components failed!
>>ipa-client-install returned: Command '/usr/sbin/ipa-client-install
>>--on-master --unattended --domain unix.mydomain.it
>>
>> --server freeipa01.unix.mydomain.it
>>
>> 
>> >
>>
>>
>>
>> >>
>> --realm UNIX.MYDOMAIN.IT
>>
>> --hostname freeipa01.unix.mydomain.it
>>
>> 
>> >
>>
>>
>>
>> >>'
>> returned non-zero exit
>>status 1
>>
>>
>>I had a look to /var/log/ipaclient-install.log and I saw these
>> lines
>>
>>[cut]
>>2012-02-14 09:53:39,435 DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt
>>
>> http://freeipa01.unix.__mydoma**in.it/ipa/config/ca.crt
>>
>>
>> 
>> >
>>2012-02-14 09:53:39,435 DEBUG stdout=
>>2012-02-14 09:53:39,435 DEBUG stderr=--2012-02-14 09:53:39--
>>
>> http://freeipa01.unix.__mydoma**in.it/ipa/config/ca.crt
>>
>>
>> 
>> >
>>Resolving freeipa01.unix.mydomain.it... 192.168.146.131
>>Connecting to freeipa01.unix.mydomain.it
>>
>> 
>> >
>>
>>
>> 
>> >>|192.168.146.131|**:__80...
>>
>>connected.
>>
>>HTTP request sent, awaiting response... 200 OK
>>Length: 1325 (1.3K) [application/x-x509-ca-cert]
>>Saving to: <80><9C>/etc/ipa/ca.crt<__**E2><80><9D>
>>
>>
>>  0K .
>>100%  270M=0s
>>
>>2012-02-14 09:53:39 (270 MB/s) -
>><80><9C>/etc/ipa/ca.crt<__**E2><80><9D>
>>
>>saved [1325/1325]
>>
>>
>>2012-02-14 09:53:39,436 DEBUG Backing up system configuration file
>>'/etc/sssd/sssd.conf'
>>2012-02-14 09:53:39,463 DEBUG Saving Index File to
>>'/var/lib/ipa-client/__**sysrestore/sysrestore.index'
>>
>>2012-02-14 09:53:39,540 DEBUG Domain unix.csebo.it
>>
>> is already configured in existing SSSD
>>config,
>>
>>creating a new one.
>>2012-02-14 09:53:39,642 DEBUG args=/usr/bin/certutil -A -d
>>/etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
>>2012-02-14 09:53:39,643 DEBUG stdout=
>>2012-02-14 09:53:39,643 DEBUG stderr=certutil: could not obtain
>>certificate from file: You are attempting to import a cert with
>>the same
>>issuer/serial as an existing cert, but that is not the same cert.
>>
>>
>>So I tried a new "ipa-server-install --uninstall" and checked
>>the file
>>/etc/ipa/ca.crt. And it remained there.
>>What is the problem?
>>
>>
>>The problem isn't the existence of the file, it is the existence of
>>the cert in /etc/pki/nssdb. Try running: certutil -D -n 'IPA CA' -d
>>/etc/pki/nsdb
>>
>>
>> [root@freeipa01 ~]# certutil -D -n 'IPA CA' -d /etc/pki/nssdb/
>> certutil: could not find certificate named "IPA CA": security library:
>> bad database.
>>
>
> Well that's strange. Can you run: certutil -L -d /etc/pki/nssdb ?
>

More strange... I re-did a freeipa-install and it worked...
Thanks anyway
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Problem in ipa-server-install -> uninstall -> install

2012-02-14 Thread Rob Crittenden

Marco Pizzoli wrote:

On Tue, Feb 14, 2012 at 3:24 PM, Rob Crittenden mailto:rcrit...@redhat.com>> wrote:

Marco Pizzoli wrote:

Hi guys,
I'm running freeipa-server-2.1.4-5.fc16.__x86_64.

Following the documentation I can see that to uninstall and
reinstall a
freeipa system it is sufficient to:

 > ipa-server-install 
 > ipa-server-install --uninstall
 > ipa-server-install 

Well, when re-installing the system, I get this error on the
console:
[cut]
done configuring named.
Configuration of client side components failed!
ipa-client-install returned: Command '/usr/sbin/ipa-client-install
--on-master --unattended --domain unix.mydomain.it

 --server freeipa01.unix.mydomain.it

> --realm UNIX.MYDOMAIN.IT

 --hostname freeipa01.unix.mydomain.it

>' returned non-zero exit
status 1

I had a look to /var/log/ipaclient-install.log and I saw these lines

[cut]
2012-02-14 09:53:39,435 DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt
http://freeipa01.unix.__mydomain.it/ipa/config/ca.crt

2012-02-14 09:53:39,435 DEBUG stdout=
2012-02-14 09:53:39,435 DEBUG stderr=--2012-02-14 09:53:39--
http://freeipa01.unix.__mydomain.it/ipa/config/ca.crt

Resolving freeipa01.unix.mydomain.it... 192.168.146.131
Connecting to freeipa01.unix.mydomain.it

>|192.168.146.131|:__80...
connected.

HTTP request sent, awaiting response... 200 OK
Length: 1325 (1.3K) [application/x-x509-ca-cert]
Saving to: <80><9C>/etc/ipa/ca.crt<__E2><80><9D>

  0K .
100%  270M=0s

2012-02-14 09:53:39 (270 MB/s) -
<80><9C>/etc/ipa/ca.crt<__E2><80><9D>
saved [1325/1325]

2012-02-14 09:53:39,436 DEBUG Backing up system configuration file
'/etc/sssd/sssd.conf'
2012-02-14 09:53:39,463 DEBUG Saving Index File to
'/var/lib/ipa-client/__sysrestore/sysrestore.index'
2012-02-14 09:53:39,540 DEBUG Domain unix.csebo.it

 is already configured in existing SSSD
config,

creating a new one.
2012-02-14 09:53:39,642 DEBUG args=/usr/bin/certutil -A -d
/etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
2012-02-14 09:53:39,643 DEBUG stdout=
2012-02-14 09:53:39,643 DEBUG stderr=certutil: could not obtain
certificate from file: You are attempting to import a cert with
the same
issuer/serial as an existing cert, but that is not the same cert.

So I tried a new "ipa-server-install --uninstall" and checked
the file
/etc/ipa/ca.crt. And it remained there.
What is the problem?

The problem isn't the existence of the file, it is the existence of
the cert in /etc/pki/nssdb. Try running: certutil -D -n 'IPA CA' -d
/etc/pki/nsdb

[root@freeipa01 ~]# certutil -D -n 'IPA CA' -d /etc/pki/nssdb/
certutil: could not find certificate named "IPA CA": security library:
bad database.

Well that's strange. Can you run: certutil -L -d /etc/pki/nssdb ?

rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Problem in ipa-server-install -> uninstall -> install

2012-02-14 Thread Marco Pizzoli

On Tue, Feb 14, 2012 at 3:24 PM, Rob Crittenden  wrote:

> Marco Pizzoli wrote:
>
>> Hi guys,
>> I'm running freeipa-server-2.1.4-5.fc16.**x86_64.
>>
>> Following the documentation I can see that to uninstall and reinstall a
>> freeipa system it is sufficient to:
>>
>>  > ipa-server-install 
>>  > ipa-server-install --uninstall
>>  > ipa-server-install 
>>
>> Well, when re-installing the system, I get this error on the console:
>> [cut]
>> done configuring named.
>> Configuration of client side components failed!
>> ipa-client-install returned: Command '/usr/sbin/ipa-client-install
>> --on-master --unattended --domain unix.mydomain.it
>>  --server freeipa01.unix.mydomain.it
>> >
>> --realm UNIX.MYDOMAIN.IT
>>  --hostname freeipa01.unix.mydomain.it
>> >'
>> returned non-zero exit status 1
>>
>>
>> I had a look to /var/log/ipaclient-install.log and I saw these lines
>>
>> [cut]
>> 2012-02-14 09:53:39,435 DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt
>> http://freeipa01.unix.**mydomain.it/ipa/config/ca.crt
>> 2012-02-14 09:53:39,435 DEBUG stdout=
>> 2012-02-14 09:53:39,435 DEBUG stderr=--2012-02-14 09:53:39--
>> http://freeipa01.unix.**mydomain.it/ipa/config/ca.crt
>> Resolving freeipa01.unix.mydomain.it... 192.168.146.131
>> Connecting to freeipa01.unix.mydomain.it
>> 
>> >|192.168.146.131|:**80... connected.
>>
>> HTTP request sent, awaiting response... 200 OK
>> Length: 1325 (1.3K) [application/x-x509-ca-cert]
>> Saving to: <80><9C>/etc/ipa/ca.crt<**E2><80><9D>
>>
>>  0K . 100%
>>  270M=0s
>>
>> 2012-02-14 09:53:39 (270 MB/s) - <80><9C>/etc/ipa/ca.crt<**
>> E2><80><9D>
>> saved [1325/1325]
>>
>>
>> 2012-02-14 09:53:39,436 DEBUG Backing up system configuration file
>> '/etc/sssd/sssd.conf'
>> 2012-02-14 09:53:39,463 DEBUG Saving Index File to
>> '/var/lib/ipa-client/**sysrestore/sysrestore.index'
>> 2012-02-14 09:53:39,540 DEBUG Domain unix.csebo.it
>>  is already configured in existing SSSD config,
>>
>> creating a new one.
>> 2012-02-14 09:53:39,642 DEBUG args=/usr/bin/certutil -A -d
>> /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
>> 2012-02-14 09:53:39,643 DEBUG stdout=
>> 2012-02-14 09:53:39,643 DEBUG stderr=certutil: could not obtain
>> certificate from file: You are attempting to import a cert with the same
>> issuer/serial as an existing cert, but that is not the same cert.
>>
>>
>> So I tried a new "ipa-server-install --uninstall" and checked the file
>> /etc/ipa/ca.crt. And it remained there.
>> What is the problem?
>>
>
> The problem isn't the existence of the file, it is the existence of the
> cert in /etc/pki/nssdb. Try running: certutil -D -n 'IPA CA' -d
> /etc/pki/nsdb
>

[root@freeipa01 ~]# certutil -D -n 'IPA CA' -d /etc/pki/nssdb/
certutil: could not find certificate named "IPA CA": security library: bad
database.

Thanks again
Marco


> Re-install should succeed then.
>
> rob
>
>
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Problem in ipa-server-install -> uninstall -> install

2012-02-14 Thread Rob Crittenden

Marco Pizzoli wrote:

Hi guys,
I'm running freeipa-server-2.1.4-5.fc16.x86_64.

Following the documentation I can see that to uninstall and reinstall a
freeipa system it is sufficient to:

 > ipa-server-install 
 > ipa-server-install --uninstall
 > ipa-server-install 

Well, when re-installing the system, I get this error on the console:
[cut]
done configuring named.
Configuration of client side components failed!
ipa-client-install returned: Command '/usr/sbin/ipa-client-install
--on-master --unattended --domain unix.mydomain.it
 --server freeipa01.unix.mydomain.it
 --realm UNIX.MYDOMAIN.IT
 --hostname freeipa01.unix.mydomain.it
' returned non-zero exit status 1

I had a look to /var/log/ipaclient-install.log and I saw these lines

[cut]
2012-02-14 09:53:39,435 DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt
http://freeipa01.unix.mydomain.it/ipa/config/ca.crt
2012-02-14 09:53:39,435 DEBUG stdout=
2012-02-14 09:53:39,435 DEBUG stderr=--2012-02-14 09:53:39--
http://freeipa01.unix.mydomain.it/ipa/config/ca.crt
Resolving freeipa01.unix.mydomain.it... 192.168.146.131
Connecting to freeipa01.unix.mydomain.it
|192.168.146.131|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1325 (1.3K) [application/x-x509-ca-cert]
Saving to: <80><9C>/etc/ipa/ca.crt<80><9D>

  0K . 100%  270M=0s

2012-02-14 09:53:39 (270 MB/s) - <80><9C>/etc/ipa/ca.crt<80><9D>
saved [1325/1325]

2012-02-14 09:53:39,436 DEBUG Backing up system configuration file
'/etc/sssd/sssd.conf'
2012-02-14 09:53:39,463 DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2012-02-14 09:53:39,540 DEBUG Domain unix.csebo.it
 is already configured in existing SSSD config,
creating a new one.
2012-02-14 09:53:39,642 DEBUG args=/usr/bin/certutil -A -d
/etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
2012-02-14 09:53:39,643 DEBUG stdout=
2012-02-14 09:53:39,643 DEBUG stderr=certutil: could not obtain
certificate from file: You are attempting to import a cert with the same
issuer/serial as an existing cert, but that is not the same cert.

So I tried a new "ipa-server-install --uninstall" and checked the file
/etc/ipa/ca.crt. And it remained there.
What is the problem?

The problem isn't the existence of the file, it is the existence of the 
cert in /etc/pki/nssdb. Try running: certutil -D -n 'IPA CA' -d 
/etc/pki/nsdb

Re-install should succeed then.

rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] Problem in ipa-server-install -> uninstall -> install

2012-02-14 Thread Marco Pizzoli

Hi guys,
I'm running freeipa-server-2.1.4-5.fc16.x86_64.

Following the documentation I can see that to uninstall and reinstall a
freeipa system it is sufficient to:

> ipa-server-install 
> ipa-server-install --uninstall
> ipa-server-install 

Well, when re-installing the system, I get this error on the console:
[cut]
done configuring named.
Configuration of client side components failed!
ipa-client-install returned: Command '/usr/sbin/ipa-client-install
--on-master --unattended --domain unix.mydomain.it --server
freeipa01.unix.mydomain.it --realm UNIX.MYDOMAIN.IT --hostname
freeipa01.unix.mydomain.it' returned non-zero exit status 1

I had a look to /var/log/ipaclient-install.log and I saw these lines

[cut]
2012-02-14 09:53:39,435 DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt
http://freeipa01.unix.mydomain.it/ipa/config/ca.crt
2012-02-14 09:53:39,435 DEBUG stdout=
2012-02-14 09:53:39,435 DEBUG stderr=--2012-02-14 09:53:39--
http://freeipa01.unix.mydomain.it/ipa/config/ca.crt
Resolving freeipa01.unix.mydomain.it... 192.168.146.131
Connecting to freeipa01.unix.mydomain.it|192.168.146.131|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1325 (1.3K) [application/x-x509-ca-cert]
Saving to: <80><9C>/etc/ipa/ca.crt<80><9D>

 0K . 100%  270M=0s

2012-02-14 09:53:39 (270 MB/s) - <80><9C>/etc/ipa/ca.crt<80><9D>
saved [1325/1325]


2012-02-14 09:53:39,436 DEBUG Backing up system configuration file
'/etc/sssd/sssd.conf'
2012-02-14 09:53:39,463 DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2012-02-14 09:53:39,540 DEBUG Domain unix.csebo.it is already configured in
existing SSSD config, creating a new one.
2012-02-14 09:53:39,642 DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb
-n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
2012-02-14 09:53:39,643 DEBUG stdout=
2012-02-14 09:53:39,643 DEBUG stderr=certutil: could not obtain certificate
from file: You are attempting to import a cert with the same issuer/serial
as an existing cert, but that is not the same cert.


So I tried a new "ipa-server-install --uninstall" and checked the file
/etc/ipa/ca.crt. And it remained there.
What is the problem?

Thanks
Marco
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Problem in ipa-server-install -> uninstall -> install

Re: [Freeipa-users] Problem in ipa-server-install -> uninstall -> install

Re: [Freeipa-users] Problem in ipa-server-install -> uninstall -> install

Re: [Freeipa-users] Problem in ipa-server-install -> uninstall -> install

[Freeipa-users] Problem in ipa-server-install -> uninstall -> install

5 matches

Site Navigation

Mail list logo

Footer information