[Freeipa-users] Problem in ipa-server-install -> uninstall -> install
Marco Pizzoli
marco.pizzoli at gmail.com
Tue Feb 14 14:58:42 UTC 2012
On Tue, Feb 14, 2012 at 3:24 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Marco Pizzoli wrote:
>
>> Hi guys,
>> I'm running freeipa-server-2.1.4-5.fc16.**x86_64.
>>
>> Following the documentation I can see that to uninstall and reinstall a
>> freeipa system it is sufficient to:
>>
>> > ipa-server-install <parameters>
>> > ipa-server-install --uninstall
>> > ipa-server-install <parameters>
>>
>> Well, when re-installing the system, I get this error on the console:
>> [cut]
>> done configuring named.
>> Configuration of client side components failed!
>> ipa-client-install returned: Command '/usr/sbin/ipa-client-install
>> --on-master --unattended --domain unix.mydomain.it
>> <http://unix.mydomain.it> --server freeipa01.unix.mydomain.it
>> <http://freeipa01.unix.**mydomain.it <http://freeipa01.unix.mydomain.it>>
>> --realm UNIX.MYDOMAIN.IT
>> <http://UNIX.MYDOMAIN.IT> --hostname freeipa01.unix.mydomain.it
>> <http://freeipa01.unix.**mydomain.it <http://freeipa01.unix.mydomain.it>>'
>> returned non-zero exit status 1
>>
>>
>> I had a look to /var/log/ipaclient-install.log and I saw these lines
>>
>> [cut]
>> 2012-02-14 09:53:39,435 DEBUG args=/usr/bin/wget -O /etc/ipa/ca.crt
>> http://freeipa01.unix.**mydomain.it/ipa/config/ca.crt<http://freeipa01.unix.mydomain.it/ipa/config/ca.crt>
>> 2012-02-14 09:53:39,435 DEBUG stdout=
>> 2012-02-14 09:53:39,435 DEBUG stderr=--2012-02-14 09:53:39--
>> http://freeipa01.unix.**mydomain.it/ipa/config/ca.crt<http://freeipa01.unix.mydomain.it/ipa/config/ca.crt>
>> Resolving freeipa01.unix.mydomain.it... 192.168.146.131
>> Connecting to freeipa01.unix.mydomain.it
>> <http://freeipa01.unix.**mydomain.it <http://freeipa01.unix.mydomain.it>
>> >|192.168.146.131|:**80... connected.
>>
>> HTTP request sent, awaiting response... 200 OK
>> Length: 1325 (1.3K) [application/x-x509-ca-cert]
>> Saving to: <E2><80><9C>/etc/ipa/ca.crt<**E2><80><9D>
>>
>> 0K . 100%
>> 270M=0s
>>
>> 2012-02-14 09:53:39 (270 MB/s) - <E2><80><9C>/etc/ipa/ca.crt<**
>> E2><80><9D>
>> saved [1325/1325]
>>
>>
>> 2012-02-14 09:53:39,436 DEBUG Backing up system configuration file
>> '/etc/sssd/sssd.conf'
>> 2012-02-14 09:53:39,463 DEBUG Saving Index File to
>> '/var/lib/ipa-client/**sysrestore/sysrestore.index'
>> 2012-02-14 09:53:39,540 DEBUG Domain unix.csebo.it
>> <http://unix.csebo.it> is already configured in existing SSSD config,
>>
>> creating a new one.
>> 2012-02-14 09:53:39,642 DEBUG args=/usr/bin/certutil -A -d
>> /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
>> 2012-02-14 09:53:39,643 DEBUG stdout=
>> 2012-02-14 09:53:39,643 DEBUG stderr=certutil: could not obtain
>> certificate from file: You are attempting to import a cert with the same
>> issuer/serial as an existing cert, but that is not the same cert.
>>
>>
>> So I tried a new "ipa-server-install --uninstall" and checked the file
>> /etc/ipa/ca.crt. And it remained there.
>> What is the problem?
>>
>
> The problem isn't the existence of the file, it is the existence of the
> cert in /etc/pki/nssdb. Try running: certutil -D -n 'IPA CA' -d
> /etc/pki/nsdb
>
[root at freeipa01 ~]# certutil -D -n 'IPA CA' -d /etc/pki/nssdb/
certutil: could not find certificate named "IPA CA": security library: bad
database.
Thanks again
Marco
> Re-install should succeed then.
>
> rob
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120214/20e52beb/attachment.htm>
More information about the Freeipa-users
mailing list