hi Friends,
I am trying to install freeipa server on fedora20, but I am facing some problem when it comes to settingup CA
following is trail of steps taken


cat /etc/redhat-release
Fedora release 20 (Heisenbug)
[root@ldap ~]# rpm -qa |grep ipa
libipa_hbac-python-1.11.5.1-1.fc20.x86_64
libipa_hbac-1.11.5.1-1.fc20.x86_64
freeipa-admintools-3.3.5-1.fc20.x86_64
python-iniparse-0.4-9.fc20.noarch
device-mapper-multipath-libs-0.4.9-55.fc20.x86_64
freeipa-python-3.3.5-1.fc20.x86_64
sssd-ipa-1.11.5.1-1.fc20.x86_64
freeipa-client-3.3.5-1.fc20.x86_64
device-mapper-multipath-0.4.9-55.fc20.x86_64
freeipa-server-3.3.5-1.fc20.x86_64
[root@ldap ~]# rpm -qa |grep bind
jackson-databind-2.2.2-3.fc20.noarch
bind-chroot-9.9.4-12.P2.fc20.x86_64
bind-license-9.9.4-12.P2.fc20.noarch
bind-9.9.4-12.P2.fc20.x86_64
PackageKit-device-rebind-0.8.13-1.fc20.x86_64
invokebinder-1.1-4.fc19.noarch
bind-libs-lite-9.9.4-12.P2.fc20.x86_64
bind-libs-9.9.4-12.P2.fc20.x86_64
bind-utils-9.9.4-8.fc20.x86_64
rpcbind-0.2.1-0.1.fc20.x86_64
bind-dyndb-ldap-4.3-1.fc20.x86_64
[root@ldap ~]# ipa-server-install --setup-dns

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the FreeIPA Server.

This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Configure the Network Time Daemon (ntpd)
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
* Configure DNS (bind)

To accept the default shown in brackets, press the Enter key.

WARNING: conflicting time&date synchronization service 'chronyd' will be disabled
in favor of ntpd

Existing BIND configuration detected, overwrite? [no]: yes
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.


Server host name [ldap.jdblr.com]:

Warning: skipping DNS resolution of host ldap.jdblr.com
The domain name has been determined based on the host name.

Please confirm the domain name [jdblr.com]:

The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.

Please provide a realm name [JDBLR.COM]:
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.

Directory Manager password:
Password (confirm):

The IPA server requires an administrative user, named 'admin'.
This user is a regular system account used for IPA server administration.

IPA admin password:
Password (confirm):

Do you want to configure DNS forwarders? [yes]: yes
Enter the IP address of DNS forwarder to use, or press Enter to finish.
Enter IP address for a DNS forwarder: 172.29.87.37
DNS forwarder 172.29.87.37 added
Enter IP address for a DNS forwarder:
Do you want to configure the reverse zone? [yes]:
Please specify the reverse zone name [87.29.172.in-addr.arpa.]:
Using reverse zone 87.29.172.in-addr.arpa.

The IPA Master Server will be configured with:
Hostname: ldap.jdblr.com
IP address: 172.29.87.37
Domain name: jdblr.com
Realm name: JDBLR.COM

BIND DNS server will be configured to serve IPA domain with:
Forwarders: 172.29.87.37
Reverse zone: 87.29.172.in-addr.arpa.

Continue to configure the system with these values? [no]: yes

The following operations may take some minutes to complete.
Please wait until the prompt is returned.

Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 31 minutes
[1/38]: creating directory server user
[2/38]: creating directory server instance
[3/38]: adding default schema
[4/38]: enabling memberof plugin
[5/38]: enabling winsync plugin
[6/38]: configuring replication version plugin
[7/38]: enabling IPA enrollment plugin
[8/38]: enabling ldapi
[9/38]: configuring uniqueness plugin
[10/38]: configuring uuid plugin
[11/38]: configuring modrdn plugin
[12/38]: configuring DNS plugin
[13/38]: enabling entryUSN plugin
[14/38]: configuring lockout plugin
[15/38]: creating indices
[16/38]: enabling referential integrity plugin
[17/38]: configuring certmap.conf
[18/38]: configure autobind for root
[19/38]: configure new location for managed entries
[20/38]: configure dirsrv ccache
[21/38]: enable SASL mapping fallback
[22/38]: restarting directory server
[23/38]: adding default layout
[24/38]: adding delegation layout
[25/38]: creating container for managed entries
[26/38]: configuring user private groups
[27/38]: configuring netgroups from hostgroups
[28/38]: creating default Sudo bind user
[29/38]: creating default Auto Member layout
[30/38]: adding range check plugin
[31/38]: creating default HBAC rule allow_all
[32/38]: initializing group membership
[33/38]: adding master entry
[34/38]: configuring Posix uid/gid generation
[35/38]: adding replication acis
[36/38]: enabling compatibility plugin
[37/38]: tuning directory server
[38/38]: configuring directory to start on boot
Done configuring directory server (dirsrv).
Configuring certificate server (pki-tomcatd): Estimated time 33 minutes 30 seconds
[1/22]: creating certificate server user
[2/22]: configuring certificate server instance
ipa : CRITICAL failed to configure ca instance Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpnnT4Jw' returned non-zero exit status 1
Configuration of CA failed

please check the logs attached.

Attached Files

	ipaserver-install.log (177.4 KB, 26 views)
	pki-ca-spawn.20140523154050.log (32.5 KB, 24 views)

If you run the command:

What do you get? Its part of the dogtag cert system,. perhaps it isn't installed?

Sorry for delayed reply, I am busy with some other important work so keeping this on hold.

@szboardstretcher thanks you.

regards