When using the certificates generated with ipatests/test_integration/scripts/caless-create-pki to setup an IPA master with the following command:
ipa-server-install --http-cert-file server.p12 --dirsrv-cert-file server.p12 --ca-cert-file root.pem --ip-address 192.168.122.93 -r JUSTFOR.TEST -n justfor.test -p '<password>' -a '<password>' --setup-dns --forwarder 192.168.122.1 --domain-level 1 --auto-reverse --http-pin '<password>' --dirsrv-pin '<password>' -U
I keep receiving the following error message:
Checking DNS domain justfor.test, please wait ... The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the FreeIPA Server. This includes: * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) * Configure DNS (bind) Warning: skipping DNS resolution of host master.justfor.test ipa.ipapython.install.cli.install_tool(Server): ERROR (SEC_ERROR_NOT_INITIALIZED) NSS is not initialized. ipa.ipapython.install.cli.install_tool(Server): ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
This used to work before
attachment ipaserver-install.log
Additionally, you get the same error if you upgrade 4.2.3 CA-less server to current git version (ipa-4-{2,3} and master) and then try to run ipa-replica-prepare with supplied http and dirsrv certs.
regression caused by #5535, importing rpm module somehow breaks it
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1290142 (Red Hat Enterprise Linux 7)
master:
ipa-4-2:
ipa-4-3:
Metadata Update from @ofayans: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.2.4
Login to comment on this ticket.