Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i have my test machine in which i am tying to install ipaserver and have issues :
Code:
ipa-server-install --setup-dns
The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.
This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Configure the Network Time Daemon (ntpd)
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
* Configure DNS (bind)
To accept the default shown in brackets, press the Enter key.
Existing BIND configuration detected, overwrite? [no]: yes
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.
Server host name [testvmcentos.testlab.test]:
Warning: skipping DNS resolution of host testvmcentos.testlab.test
The domain name has been determined based on the host name.
Please confirm the domain name [testlab.test]:
The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.
Please provide a realm name [TESTLAB.TEST]:
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.
Directory Manager password:
Password (confirm):
The IPA server requires an administrative user, named 'admin'.
This user is a regular system account used for IPA server administration.
IPA admin password:
Password (confirm):
Do you want to configure DNS forwarders? [yes]:
Enter the IP address of DNS forwarder to use, or press Enter to finish.
Enter IP address for a DNS forwarder: 192.168.xxx.xxx
DNS forwarder 192.168.217.128 added
Enter IP address for a DNS forwarder:
Do you want to configure the reverse zone? [yes]:
Please specify the reverse zone name [xxx.168.192.in-addr.arpa.]:
Using reverse zone 217.168.192.in-addr.arpa.
The IPA Master Server will be configured with:
Hostname: testvmcentos.testlab.test
IP address: 192.168.xxx.xxx
Domain name: testlab.test
Realm name: TESTLAB.TEST
BIND DNS server will be configured to serve IPA domain with:
Forwarders: 192.168.xxx.xxx
Reverse zone: xxx.168.192.in-addr.arpa.
Continue to configure the system with these values? [no]: yes
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server for the CA (pkids): Estimated time 30 seconds
[1/3]: creating directory server user
[2/3]: creating directory server instance
[3/3]: restarting directory server
Done configuring directory server for the CA (pkids).
Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds
[1/20]: creating certificate server user
[2/20]: configuring certificate server instance
ipa : ERROR Cannot open configuration file.[Errno 2] No such file or directory: '/var/lib/pki-ca/conf/CS.cfg'
Unexpected error - see /var/log/ipaserver-install.log for details:
IOError: [Errno 2] No such file or directory: '/var/lib/pki-ca/conf/CS.cfg'
if you see the last line error, i am not sure where did this directory went and how it was deleted, anyone who can help me with any url or process to restore this directory and its content.
I have tried installing whole pki package but it looks like this is some other issue.
hi All,
i have my test machine in which i am tying to install ipaserver and have issues :
Code:
ipa-server-install --setup-dns
The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.
This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Configure the Network Time Daemon (ntpd)
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
* Configure DNS (bind)
To accept the default shown in brackets, press the Enter key.
Existing BIND configuration detected, overwrite? [no]: yes
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.
Server host name [testvmcentos.testlab.test]:
Warning: skipping DNS resolution of host testvmcentos.testlab.test
The domain name has been determined based on the host name.
Please confirm the domain name [testlab.test]:
The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.
Please provide a realm name [TESTLAB.TEST]:
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.
Directory Manager password:
Password (confirm):
The IPA server requires an administrative user, named 'admin'.
This user is a regular system account used for IPA server administration.
IPA admin password:
Password (confirm):
Do you want to configure DNS forwarders? [yes]:
Enter the IP address of DNS forwarder to use, or press Enter to finish.
Enter IP address for a DNS forwarder: 192.168.xxx.xxx
DNS forwarder 192.168.217.128 added
Enter IP address for a DNS forwarder:
Do you want to configure the reverse zone? [yes]:
Please specify the reverse zone name [xxx.168.192.in-addr.arpa.]:
Using reverse zone 217.168.192.in-addr.arpa.
The IPA Master Server will be configured with:
Hostname: testvmcentos.testlab.test
IP address: 192.168.xxx.xxx
Domain name: testlab.test
Realm name: TESTLAB.TEST
BIND DNS server will be configured to serve IPA domain with:
Forwarders: 192.168.xxx.xxx
Reverse zone: xxx.168.192.in-addr.arpa.
Continue to configure the system with these values? [no]: yes
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server for the CA (pkids): Estimated time 30 seconds
[1/3]: creating directory server user
[2/3]: creating directory server instance
[3/3]: restarting directory server
Done configuring directory server for the CA (pkids).
Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds
[1/20]: creating certificate server user
[2/20]: configuring certificate server instance
ipa : ERROR Cannot open configuration file.[Errno 2] No such file or directory: '/var/lib/pki-ca/conf/CS.cfg'
Unexpected error - see /var/log/ipaserver-install.log for details:
IOError: [Errno 2] No such file or directory: '/var/lib/pki-ca/conf/CS.cfg'
if you see the last line error, i am not sure where did this directory went and how it was deleted, anyone who can help me with any url or process to restore this directory and its content.
I have tried installing whole pki package but it looks like this is some other issue.
Since you've been posting here for some time now, you should know that you need to provide actual DETAILS when asking a question...like version/distro of Linux, version of this software, where you got it from, and what you did to install it, and get to the point where you're now finding problems.
There are reported bugs for RHEL/CentOS/Fedora, with fixes, that are found by looking up that error. But we don't know if they apply, since you don't tell us what you're using.
Since you've been posting here for some time now, you should know that you need to provide actual DETAILS when asking a question...like version/distro of Linux, version of this software, where you got it from, and what you did to install it, and get to the point where you're now finding problems.
There are reported bugs for RHEL/CentOS/Fedora, with fixes, that are found by looking up that error. But we don't know if they apply, since you don't tell us what you're using.
I am very sorry for my mistake. i have another VM setup and installed these again for time being and sake of the test work i was doing which is working now but still have the faulty one in place and on my radar to find a solution to this issue as soon as i can with all i can to search for it.
So this is what i have followed:
installed via yum --> ipa-server ipa-client
since i already have ldap, kerberos and bind with all their needed packages running for other different purposes.
ipa-server was earlier installed on this test VM and i uninstalled it for some training purposes on some configs, since then when i try to install this again it is ending up in error.
the file /var/lib/pki-ca/conf/CS.cfg is already there and nothing more details which i could find in any other place or files, cant say that i have looked up every where but most places related to this config.
I am very sorry for my mistake. i have another VM setup and installed these again for time being and sake of the test work i was doing which is working now but still have the faulty one in place and on my radar to find a solution to this issue as soon as i can with all i can to search for it.
So this is what i have followed:
installed via yum --> ipa-server ipa-client
since i already have ldap, kerberos and bind with all their needed packages running for other different purposes.
ipa-server was earlier installed on this test VM and i uninstalled it for some training purposes on some configs, since then when i try to install this again it is ending up in error.
the file /var/lib/pki-ca/conf/CS.cfg is already there and nothing more details which i could find in any other place or files, cant say that i have looked up every where but most places related to this config.
So if that file is already there, then you may be facing a permissions issue...did the log file mentioned have further details? What are the permissions on that file/directory, and you ARE running the configuration as root, correct???
The permissions problem could be anywhere along the path to the file as well. A cool command to show the permissions of all steps along the path is this one.
The permissions problem could be anywhere along the path to the file as well. A cool command to show the permissions of all steps along the path is this one.
Code:
namei -l /var/lib/pki-ca/conf/CS.cfg
Nice one, fmattheus. Adding that one to my repertoire.
Ya, cool isn't it. I just found it today while answering his post. Try it on a path where there is a link in the directory structure somewhere. That's even cooler
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
