================================================================ ipa-server-install --setup-dns --forwarder=w.x.y.z -r FOO.BAR.REDHAT.COM -p testpwd -P testpwd -a testpwd -U . . . Configuring ntpd [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd done configuring ntpd. Configuring directory server for the CA: Estimated time 30 minutes 30 seconds [1/3]: creating directory server user [2/3]: creating directory server instance [3/3]: restarting directory server ipa : CRITICAL Failed to restart the directory server. See the installation log for details. [root@neptune ~]# ================================================================ => /var/log/dirsrv/slapd-PKI-IPA/errors <== [05/Apr/2012:08:37:50 +051800] - 389-Directory/1.2.10.2 B2012.081.1716 starting up [05/Apr/2012:08:37:50 +051800] attrcrypt - No symmetric key found for cipher AES in backend userRoot, attempting to create one... [05/Apr/2012:08:37:50 +051800] attrcrypt - Key for cipher AES successfully generated and stored [05/Apr/2012:08:37:51 +051800] attrcrypt - No symmetric key found for cipher 3DES in backend userRoot, attempting to create one... [05/Apr/2012:08:37:51 +051800] attrcrypt - Key for cipher 3DES successfully generated and stored [05/Apr/2012:08:37:51 +051800] attrcrypt - No symmetric key found for cipher AES in backend ipaca, attempting to create one... [05/Apr/2012:08:37:51 +051800] attrcrypt - Key for cipher AES successfully generated and stored [05/Apr/2012:08:37:51 +051800] attrcrypt - No symmetric key found for cipher 3DES in backend ipaca, attempting to create one... [05/Apr/2012:08:37:51 +051800] attrcrypt - Key for cipher 3DES successfully generated and stored [05/Apr/2012:08:37:51 +051800] - slapd started. Listening on All Interfaces port 7389 for LDAP requests [05/Apr/2012:08:37:51 +051800] - Listening on All Interfaces port 7390 for LDAPS requests [05/Apr/2012:08:40:20 +051800] - LOGINFO: Unable to open access file:/var/log/dirsrv/slapd-PKI-IPA/access (END) ================================================================ [root@neptune ~]# tail /var/log/messages Apr 23 06:24:27 neptune ns-slapd: Failed to reopen errors log file, Netscape Portable Runtime error -5966 (Access Denied.) Apr 23 06:24:27 neptune ns-slapd: Failed to open errors log file /var/log/dirsrv/slapd-PKI-IPA/errors: error 13 (Permission denied); Exiting... Apr 23 06:24:27 neptune ns-slapd: Failed to reopen errors log file, Netscape Portable Runtime error -5966 (Access Denied.) Apr 23 06:24:27 neptune ns-slapd: Failed to open errors log file /var/log/dirsrv/slapd-PKI-IPA/errors: error 13 (Permission denied); Exiting... Apr 23 06:24:27 neptune ns-slapd: Failed to reopen errors log file, Netscape Portable Runtime error -5966 (Access Denied.) Apr 23 06:24:28 neptune ns-slapd: Failed to open errors log file /var/log/dirsrv/slapd-PKI-IPA/errors: error 13 (Permission denied); Exiting... Apr 23 06:24:28 neptune ns-slapd: Failed to reopen errors log file, Netscape Portable Runtime error -5966 (Access Denied.) Apr 23 06:24:28 neptune ns-slapd: Failed to open errors log file /var/log/dirsrv/slapd-PKI-IPA/errors: error 13 (Permission denied); Exiting... Apr 23 06:24:28 neptune ns-slapd: Failed to reopen errors log file, Netscape Portable Runtime error -5966 (Access Denied.) Apr 23 06:27:32 neptune ntpd[4790]: synchronized to LOCAL(0), stratum 10 [root@neptune ~]# ================================================================ [root@neptune ~]# ls -lZ /var/log/dirsrv/slapd-PKI-IPA/ -rw-------. pkisrv dirsrv system_u:object_r:dirsrv_var_log_t:s0 access -rw-------. pkisrv dirsrv system_u:object_r:dirsrv_var_log_t:s0 access.20120325-100847 -rw-------. pkisrv dirsrv system_u:object_r:dirsrv_var_log_t:s0 access.20120326-101101 -rw-------. pkisrv dirsrv system_u:object_r:dirsrv_var_log_t:s0 access.20120327-101346 -rw-------. pkisrv dirsrv system_u:object_r:dirsrv_var_log_t:s0 access.20120328-101832 -rw-------. pkisrv dirsrv system_u:object_r:dirsrv_var_log_t:s0 access.20120329-101847 -rw-------. pkisrv dirsrv system_u:object_r:dirsrv_var_log_t:s0 access.20120330-102101 -rw-------. pkisrv dirsrv system_u:object_r:dirsrv_var_log_t:s0 access.20120331-102115 -rw-------. pkisrv dirsrv system_u:object_r:dirsrv_var_log_t:s0 access.20120401-102328 -rw-------. pkisrv dirsrv system_u:object_r:dirsrv_var_log_t:s0 access.20120402-102342 -rw-------. pkisrv dirsrv unconfined_u:object_r:dirsrv_var_log_t:s0 access.rotationinfo -rw-------. pkisrv dirsrv unconfined_u:object_r:dirsrv_var_log_t:s0 audit -rw-------. pkisrv dirsrv unconfined_u:object_r:dirsrv_var_log_t:s0 audit.rotationinfo -rw-------. pkisrv dirsrv system_u:object_r:dirsrv_var_log_t:s0 errors -rw-------. pkisrv dirsrv unconfined_u:object_r:dirsrv_var_log_t:s0 errors.20111212-113946 -rw-------. pkisrv dirsrv unconfined_u:object_r:dirsrv_var_log_t:s0 errors.rotationinfo ================================================================ [root@neptune ~]# getenforce Enforcing [root@neptune ~]# ================================================================
No AVCs were thrown
[root@neptune ~]# cat /var/log/audit/audit.log | audit2allow -R
[root@neptune ~]#
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=815226 (Red Hat Enterprise Linux 6)
Closing this as invalid.
I had a bad ownership of /var/log/dirsrv/slapd-PKI-IPA directory. This was a previously fixed (https://fedorahosted.org/freeipa/ticket/2423)
[root@neptune ~]# ll /var/log/dirsrv/ total 8 drwxrwx---. 2 pkiuser memcached 4096 Apr 4 08:40 slapd-LAB-ENG-PNQ-REDHAT-COM drwxrwx---. 2 memcached memcached 4096 Apr 23 08:14 slapd-PKI-IPA
With correct permissions, the server configuration proceeds fine.
Moving to current milestone.
Btw. this issue was probably caused by an uninstallation of IPA server before ticket #2423 was fixed.
Metadata Update from @kashyapc: - Issue assigned to someone - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/04
Login to comment on this ticket.