Ticket #1621 (closed defect: fixed)

Opened 6 years ago

Last modified 5 years ago

server installation crashes on "Issuing RA agent certificate"

Reported by: ohamada Owned by: jcholast
Priority: minor Milestone: FreeIPA 2.1.1 (bug fixing)
Component: Installation Version:
Keywords: Cc:
Blocked By: Blocking:
Affects Documentation: no Patch link: 1
Red Hat Bugzilla: 0 Patch review by:
External tracker: Design link:
Test coverage: Test by:
Test case: Needs UI design:
Feature: Source:
Release Notes:


Installation crashes when running:

ipa-server-install -p a -a a

Installation output:

The following operations may take some minutes to complete.
Please wait until the prompt is returned.

Configuring ntpd
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
done configuring ntpd.
Configuring directory server for the CA: Estimated time 30 seconds
  [1/3]: creating directory server user
  [2/3]: creating directory server instance
  [3/3]: restarting directory server
done configuring pkids.
Configuring certificate server: Estimated time 3 minutes 30 seconds
  [1/16]: creating certificate server user
  [2/16]: creating pki-ca instance
  [3/16]: configuring certificate server instance
  [4/16]: disabling nonces
  [5/16]: creating CA agent PKCS#12 file in /root
  [6/16]: creating RA agent certificate database
  [7/16]: importing CA chain to RA certificate database
  [8/16]: fixing RA database permissions
  [9/16]: setting up signing cert profile
  [10/16]: set up CRL publishing
  [11/16]: set certificate subject base
  [12/16]: configuring certificate server to start on boot
  [13/16]: restarting certificate server
  [14/16]: requesting RA certificate from CA
  [15/16]: issuing RA agent certificate
Unexpected error - see ipaserver-install.log for details:

System used: Fedora 15 x86_64

ipaserver-install.log attached


ipaserver-install.log (230.4 KB) - added by ohamada 6 years ago.

Change History

Changed 6 years ago by ohamada

comment:1 in reply to: ↑ description Changed 6 years ago by ohamada

Replying to ohamada:

Problem seems to be related to the length of Directory Manager(DM) password. For DM's password length >= 2 didn't appear again.

comment:2 Changed 6 years ago by mkosek

  • Priority changed from major to minor

In that case, re-qualifying as minor priority.

comment:3 Changed 6 years ago by jcholast

  • Owner changed from rcritten to jcholast
  • Status changed from new to assigned
  • Patch link changed from 0 to 1

comment:4 Changed 6 years ago by dpal

  • Milestone changed from 0.0 NEEDS_TRIAGE to 2.1.1 - Bug fixing iteration 1

comment:5 Changed 6 years ago by abbra

Are there any additional requirements towards the password complexity other than 8 letters minimum length?

comment:6 Changed 6 years ago by rcritten

I don't believe so. If we add code to enforce better complexity we're sure to get an RFE asking for that to be configurable. And then for that configuration to be the default in IPA. Certainly doable but I think it would be a separate ticket.

comment:7 Changed 6 years ago by rcritten

  • Status changed from assigned to closed
  • Resolution set to fixed

Filed RFE ticket 1683 for additional complexity.

master: cc7f9aa7a951d510973cd64711bd9eaa255a7fe3

ipa-2-1: 48eb95c5a47a8bfb036149981f3644b98e21dafa

comment:8 Changed 5 years ago by dpal

  • Red Hat Bugzilla set to 0
Note: See TracTickets for help on using tickets.