On Tue, Feb 14, 2012 at 8:25 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
> Marco Pizzoli wrote: > >> >> >> On Tue, Feb 14, 2012 at 3:24 PM, Rob Crittenden <rcrit...@redhat.com >> <mailto:rcrit...@redhat.com>> wrote: >> >> Marco Pizzoli wrote: >> >> Hi guys, >> I'm running freeipa-server-2.1.4-5.fc16.__**x86_64. >> >> >> Following the documentation I can see that to uninstall and >> reinstall a >> freeipa system it is sufficient to: >> >> > ipa-server-install <parameters> >> > ipa-server-install --uninstall >> > ipa-server-install <parameters> >> >> Well, when re-installing the system, I get this error on the >> console: >> [cut] >> done configuring named. >> Configuration of client side components failed! >> ipa-client-install returned: Command '/usr/sbin/ipa-client-install >> --on-master --unattended --domain unix.mydomain.it >> <http://unix.mydomain.it> >> <http://unix.mydomain.it> --server freeipa01.unix.mydomain.it >> >> <http://freeipa01.unix.**mydomain.it<http://freeipa01.unix.mydomain.it> >> > >> <http://freeipa01.unix.__mydom**ain.it <http://mydomain.it> >> >> >> <http://freeipa01.unix.**mydomain.it<http://freeipa01.unix.mydomain.it>>> >> --realm UNIX.MYDOMAIN.IT >> <http://UNIX.MYDOMAIN.IT> >> <http://UNIX.MYDOMAIN.IT> --hostname freeipa01.unix.mydomain.it >> >> <http://freeipa01.unix.**mydomain.it<http://freeipa01.unix.mydomain.it> >> > >> <http://freeipa01.unix.__mydom**ain.it <http://mydomain.it> >> >> >> <http://freeipa01.unix.**mydomain.it<http://freeipa01.unix.mydomain.it>>>' >> returned non-zero exit >> status 1 >> >> >> I had a look to /var/log/ipaclient-install.log and I saw these >> lines >> >> [cut] >> 2012-02-14 09:53:39,435 DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt >> >> http://freeipa01.unix.__mydoma**in.it/ipa/config/ca.crt<http://mydomain.it/ipa/config/ca.crt> >> >> >> <http://freeipa01.unix.**mydomain.it/ipa/config/ca.crt<http://freeipa01.unix.mydomain.it/ipa/config/ca.crt> >> > >> 2012-02-14 09:53:39,435 DEBUG stdout= >> 2012-02-14 09:53:39,435 DEBUG stderr=--2012-02-14 09:53:39-- >> >> http://freeipa01.unix.__mydoma**in.it/ipa/config/ca.crt<http://mydomain.it/ipa/config/ca.crt> >> >> >> <http://freeipa01.unix.**mydomain.it/ipa/config/ca.crt<http://freeipa01.unix.mydomain.it/ipa/config/ca.crt> >> > >> Resolving freeipa01.unix.mydomain.it... 192.168.146.131 >> Connecting to freeipa01.unix.mydomain.it >> >> <http://freeipa01.unix.**mydomain.it<http://freeipa01.unix.mydomain.it> >> > >> <http://freeipa01.unix.__mydom**ain.it <http://mydomain.it> >> >> <http://freeipa01.unix.**mydomain.it<http://freeipa01.unix.mydomain.it> >> >>|192.168.146.131|**:__80... >> >> connected. >> >> HTTP request sent, awaiting response... 200 OK >> Length: 1325 (1.3K) [application/x-x509-ca-cert] >> Saving to: <E2><80><9C>/etc/ipa/ca.crt<__**E2><80><9D> >> >> >> 0K . >> 100% 270M=0s >> >> 2012-02-14 09:53:39 (270 MB/s) - >> <E2><80><9C>/etc/ipa/ca.crt<__**E2><80><9D> >> >> saved [1325/1325] >> >> >> 2012-02-14 09:53:39,436 DEBUG Backing up system configuration file >> '/etc/sssd/sssd.conf' >> 2012-02-14 09:53:39,463 DEBUG Saving Index File to >> '/var/lib/ipa-client/__**sysrestore/sysrestore.index' >> >> 2012-02-14 09:53:39,540 DEBUG Domain unix.csebo.it >> <http://unix.csebo.it> >> <http://unix.csebo.it> is already configured in existing SSSD >> config, >> >> creating a new one. >> 2012-02-14 09:53:39,642 DEBUG args=/usr/bin/certutil -A -d >> /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt >> 2012-02-14 09:53:39,643 DEBUG stdout= >> 2012-02-14 09:53:39,643 DEBUG stderr=certutil: could not obtain >> certificate from file: You are attempting to import a cert with >> the same >> issuer/serial as an existing cert, but that is not the same cert. >> >> >> So I tried a new "ipa-server-install --uninstall" and checked >> the file >> /etc/ipa/ca.crt. And it remained there. >> What is the problem? >> >> >> The problem isn't the existence of the file, it is the existence of >> the cert in /etc/pki/nssdb. Try running: certutil -D -n 'IPA CA' -d >> /etc/pki/nsdb >> >> >> [root@freeipa01 ~]# certutil -D -n 'IPA CA' -d /etc/pki/nssdb/ >> certutil: could not find certificate named "IPA CA": security library: >> bad database. >> > > Well that's strange. Can you run: certutil -L -d /etc/pki/nssdb ? > More strange... I re-did a freeipa-install and it worked... Thanks anyway
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users