[Freeipa] [Bug 1024765] Re: ipa-client-install fails at certutil stage because /etc/pki doesn't exist
** Changed in: nss (Debian) Status: Fix Released => Confirmed -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1024765 Title: ipa-client-install fails at certutil stage because /etc/pki doesn't exist Status in freeipa package in Ubuntu: Fix Released Status in nss package in Ubuntu: Fix Released Status in nss package in Debian: Confirmed Bug description: Dear Colleagues, ipa-client-install fails at the import stage of the freeipa server cert. Created /etc/ipa/default.conf New SSSD config will be created. Configured /etc/sssd/sssd.conf Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1292, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1279, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1124, in install run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in run raise CalledProcessError(p.returncode, args) subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255 It looks like the patch create_client_dirs.patch needs to be refreshed to: 1. check if /etc/pki exists 2. if not, create it this is important especially for debian and ubuntu, because /etc/pki is/was fedora/rhel specific Regards, \sh To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1024765/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1024765] Re: ipa-client-install fails at certutil stage because /etc/pki doesn't exist
** Changed in: nss (Debian) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1024765 Title: ipa-client-install fails at certutil stage because /etc/pki doesn't exist Status in freeipa package in Ubuntu: Fix Released Status in nss package in Ubuntu: Fix Released Status in nss package in Debian: Fix Released Bug description: Dear Colleagues, ipa-client-install fails at the import stage of the freeipa server cert. Created /etc/ipa/default.conf New SSSD config will be created. Configured /etc/sssd/sssd.conf Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1292, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1279, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1124, in install run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in run raise CalledProcessError(p.returncode, args) subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255 It looks like the patch create_client_dirs.patch needs to be refreshed to: 1. check if /etc/pki exists 2. if not, create it this is important especially for debian and ubuntu, because /etc/pki is/was fedora/rhel specific Regards, \sh To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1024765/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1024765] Re: ipa-client-install fails at certutil stage because /etc/pki doesn't exist
nothing I can do about that but you should be able to pass options to ipa-client-install to disable the new features -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1024765 Title: ipa-client-install fails at certutil stage because /etc/pki doesn't exist Status in “freeipa” package in Ubuntu: Fix Released Status in “nss” package in Ubuntu: Fix Released Status in “nss” package in Debian: Confirmed Bug description: Dear Colleagues, ipa-client-install fails at the import stage of the freeipa server cert. Created /etc/ipa/default.conf New SSSD config will be created. Configured /etc/sssd/sssd.conf Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1292, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1279, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1124, in install run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in run raise CalledProcessError(p.returncode, args) subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255 It looks like the patch create_client_dirs.patch needs to be refreshed to: 1. check if /etc/pki exists 2. if not, create it this is important especially for debian and ubuntu, because /etc/pki is/was fedora/rhel specific Regards, \sh To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1024765/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1024765] Re: ipa-client-install fails at certutil stage because /etc/pki doesn't exist
@Timo: This fix in trusty is good, but doesn't help. The ipa-client after 12.04 LTS are not compatible anymore with the working IPA server from RHEL. This client can't talk to an older IPA master serverso 12.04 LTS is still stucked. RH doesn't plan to update IPA Server to a new version. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1024765 Title: ipa-client-install fails at certutil stage because /etc/pki doesn't exist Status in “freeipa” package in Ubuntu: Fix Released Status in “nss” package in Ubuntu: Fix Released Status in “nss” package in Debian: Confirmed Bug description: Dear Colleagues, ipa-client-install fails at the import stage of the freeipa server cert. Created /etc/ipa/default.conf New SSSD config will be created. Configured /etc/sssd/sssd.conf Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1292, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1279, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1124, in install run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in run raise CalledProcessError(p.returncode, args) subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255 It looks like the patch create_client_dirs.patch needs to be refreshed to: 1. check if /etc/pki exists 2. if not, create it this is important especially for debian and ubuntu, because /etc/pki is/was fedora/rhel specific Regards, \sh To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1024765/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1024765] Re: ipa-client-install fails at certutil stage because /etc/pki doesn't exist
it's actually fixed in trusty ** Changed in: nss (Ubuntu) Status: Incomplete => Fix Released ** Changed in: freeipa (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1024765 Title: ipa-client-install fails at certutil stage because /etc/pki doesn't exist Status in “freeipa” package in Ubuntu: Fix Released Status in “nss” package in Ubuntu: Fix Released Status in “nss” package in Debian: Confirmed Bug description: Dear Colleagues, ipa-client-install fails at the import stage of the freeipa server cert. Created /etc/ipa/default.conf New SSSD config will be created. Configured /etc/sssd/sssd.conf Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1292, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1279, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1124, in install run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in run raise CalledProcessError(p.returncode, args) subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255 It looks like the patch create_client_dirs.patch needs to be refreshed to: 1. check if /etc/pki exists 2. if not, create it this is important especially for debian and ubuntu, because /etc/pki is/was fedora/rhel specific Regards, \sh To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1024765/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1024765] Re: ipa-client-install fails at certutil stage because /etc/pki doesn't exist
Hi, When will we see this bug fix in ubuntu? Thanks! -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1024765 Title: ipa-client-install fails at certutil stage because /etc/pki doesn't exist Status in “freeipa” package in Ubuntu: Confirmed Status in “nss” package in Ubuntu: Incomplete Status in “nss” package in Debian: Confirmed Bug description: Dear Colleagues, ipa-client-install fails at the import stage of the freeipa server cert. Created /etc/ipa/default.conf New SSSD config will be created. Configured /etc/sssd/sssd.conf Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1292, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1279, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1124, in install run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in run raise CalledProcessError(p.returncode, args) subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255 It looks like the patch create_client_dirs.patch needs to be refreshed to: 1. check if /etc/pki exists 2. if not, create it this is important especially for debian and ubuntu, because /etc/pki is/was fedora/rhel specific Regards, \sh To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1024765/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1024765] Re: ipa-client-install fails at certutil stage because /etc/pki doesn't exist
** Changed in: nss (Debian) Status: Fix Released => Confirmed -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1024765 Title: ipa-client-install fails at certutil stage because /etc/pki doesn't exist Status in “freeipa” package in Ubuntu: Confirmed Status in “nss” package in Ubuntu: Incomplete Status in “nss” package in Debian: Confirmed Bug description: Dear Colleagues, ipa-client-install fails at the import stage of the freeipa server cert. Created /etc/ipa/default.conf New SSSD config will be created. Configured /etc/sssd/sssd.conf Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1292, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1279, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1124, in install run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in run raise CalledProcessError(p.returncode, args) subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255 It looks like the patch create_client_dirs.patch needs to be refreshed to: 1. check if /etc/pki exists 2. if not, create it this is important especially for debian and ubuntu, because /etc/pki is/was fedora/rhel specific Regards, \sh To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1024765/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1024765] Re: ipa-client-install fails at certutil stage because /etc/pki doesn't exist
** Changed in: nss (Debian) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1024765 Title: ipa-client-install fails at certutil stage because /etc/pki doesn't exist Status in “freeipa” package in Ubuntu: Confirmed Status in “nss” package in Ubuntu: Incomplete Status in “nss” package in Debian: Fix Released Bug description: Dear Colleagues, ipa-client-install fails at the import stage of the freeipa server cert. Created /etc/ipa/default.conf New SSSD config will be created. Configured /etc/sssd/sssd.conf Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1292, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1279, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1124, in install run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in run raise CalledProcessError(p.returncode, args) subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255 It looks like the patch create_client_dirs.patch needs to be refreshed to: 1. check if /etc/pki exists 2. if not, create it this is important especially for debian and ubuntu, because /etc/pki is/was fedora/rhel specific Regards, \sh To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1024765/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
[Freeipa] [Bug 1024765] Re: ipa-client-install fails at certutil stage because /etc/pki doesn't exist
** Summary changed: - ipa-client-install failes at certutil stage because /etc/pki doesn't exist + ipa-client-install fails at certutil stage because /etc/pki doesn't exist -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1024765 Title: ipa-client-install fails at certutil stage because /etc/pki doesn't exist Status in “freeipa” package in Ubuntu: Confirmed Status in “nss” package in Ubuntu: Incomplete Status in “nss” package in Debian: Confirmed Bug description: Dear Colleagues, ipa-client-install fails at the import stage of the freeipa server cert. Created /etc/ipa/default.conf New SSSD config will be created. Configured /etc/sssd/sssd.conf Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1292, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1279, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1124, in install run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in run raise CalledProcessError(p.returncode, args) subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255 It looks like the patch create_client_dirs.patch needs to be refreshed to: 1. check if /etc/pki exists 2. if not, create it this is important especially for debian and ubuntu, because /etc/pki is/was fedora/rhel specific Regards, \sh To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1024765/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp