Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@freeipa-2 fedora]# ipa-replica-install
- WARNING: conflicting time&date synchronization service 'chronyd' will
- be disabled in favor of ntpd
- Password for admin@LAB.LAN:
- Run connection check to master
- Connection check OK
- Configuring NTP daemon (ntpd)
- [1/4]: stopping ntpd
- [2/4]: writing configuration
- [3/4]: configuring ntpd to start on boot
- [4/4]: starting ntpd
- Done configuring NTP daemon (ntpd).
- Configuring directory server (dirsrv). Estimated time: 30 seconds
- [1/41]: creating directory server instance
- [2/41]: enabling ldapi
- [3/41]: configure autobind for root
- [4/41]: stopping directory server
- [5/41]: updating configuration in dse.ldif
- [6/41]: starting directory server
- [7/41]: adding default schema
- [8/41]: enabling memberof plugin
- [9/41]: enabling winsync plugin
- [10/41]: configuring replication version plugin
- [11/41]: enabling IPA enrollment plugin
- [12/41]: configuring uniqueness plugin
- [13/41]: configuring uuid plugin
- [14/41]: configuring modrdn plugin
- [15/41]: configuring DNS plugin
- [16/41]: enabling entryUSN plugin
- [17/41]: configuring lockout plugin
- [18/41]: configuring topology plugin
- [19/41]: creating indices
- [20/41]: enabling referential integrity plugin
- [21/41]: configuring certmap.conf
- [22/41]: configure new location for managed entries
- [23/41]: configure dirsrv ccache
- [24/41]: enabling SASL mapping fallback
- [25/41]: restarting directory server
- [26/41]: creating DS keytab
- [27/41]: ignore time skew for initial replication
- [28/41]: setting up initial replication
- Starting replication, please wait until this has completed.
- Update in progress, 6 seconds elapsed
- Update succeeded
- [29/41]: prevent time skew after initial replication
- [30/41]: adding sasl mappings to the directory
- [31/41]: updating schema
- [32/41]: setting Auto Member configuration
- [33/41]: enabling S4U2Proxy delegation
- [34/41]: initializing group membership
- [35/41]: adding master entry
- [36/41]: initializing domain level
- [37/41]: configuring Posix uid/gid generation
- [38/41]: adding replication acis
- [39/41]: activating sidgen plugin
- [40/41]: activating extdom plugin
- [41/41]: configuring directory to start on boot
- Done configuring directory server (dirsrv).
- Configuring Kerberos KDC (krb5kdc)
- [1/5]: configuring KDC
- [2/5]: adding the password extension to the directory
- [3/5]: creating anonymous principal
- [4/5]: starting the KDC
- [5/5]: configuring KDC to start on boot
- Done configuring Kerberos KDC (krb5kdc).
- Configuring kadmin
- [1/2]: starting kadmin
- [2/2]: configuring kadmin to start on boot
- Done configuring kadmin.
- Configuring directory server (dirsrv)
- [1/3]: configuring TLS for DS instance
- [error] RuntimeError: Certificate issuance failed (CA_REJECTED)
- Your system may be partly configured.
- Run /usr/sbin/ipa-server-install --uninstall to clean up.
- ipapython.admintool: ERROR Certificate issuance failed (CA_REJECTED)
- ipapython.admintool: ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more in
- formation
- [root@freeipa-2 fedora]# ipa-getcert list
- Number of certificates and requests being tracked: 1.
- Request ID '20180525141223':
- status: CA_REJECTED
- ca-error: Server at https://freeipa-2.lab.lan/ipa/xml failed request, will retry: -504 (HTTP POST to URL 'htt
- ps://freeipa-2.lab.lan/ipa/xml' failed. libcurl failed even to execute the HTTP transaction, explaining: Failed to
- connect to freeipa-2.lab.lan port 443: Connection refused).
- stuck: yes
- key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-LAB-LAN',nickname='Server-Cert',token='NSS Certifica
- te DB',pinfile='/etc/dirsrv/slapd-LAB-LAN/pwdfile.txt'
- certificate: type=NSSDB,location='/etc/dirsrv/slapd-LAB-LAN',nickname='Server-Cert'
- CA: IPA
- issuer:
- subject:
- expires: unknown
- pre-save command:
- post-save command: /usr/libexec/ipa/certmonger/restart_dirsrv LAB-LAN
- track: yes
- auto-renew: yes
Add Comment
Please, Sign In to add comment