freeipa

Clone
Source Code
GIT

#5592 ipa-client-install failure on Ubuntu 12.04
Closed: Fixed None Opened 8 years ago by platima.

Closed: Fixed
Reopen Issue

Hi team,

So using the latest sudo release from sudo.ws, and both the freeipa and sssd PPA's on launchpad.net, I managed to get a FreeIPA ssh+sudo deployment working on Ubuntu 12.04 - there were two or three minor caveats though which could be very easy fixes for an OS that is in-support for over another year.

  1. By default /etc/pki/nssdb is missing, causing the error "Failed to add CA to the default NSS database." on install, and rollback. This can be resolved by making the folder and running mkdir -p /etc/pki/nssdb && certutil -d /etc/pki/nssdb -N
  2. The installer attempts to [re]start certmonger but makes the wrong binary call - cannot see the error on my screen right now sorry.

Oh and I forgot that mkhomedir doesn't work on 12.04 - I have to create /usr/share/pam-configs/mkhomedir with the following content:
Name: 

activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
        required

         pam_mkhomedir.so umask=0022 skel=/etc/skel

And then run pam-auth-update.

Cheers

triage notes:

  • H: the platform specific bits on our side (such as /etc/pki/nssdb) should be moved to ipaplatform

Timo, is this required for porting FreeIPA 4.3 on Ubuntu?

NSS_DB_DIR is already in ipaplatform/base/paths.py, or what do you mean?

actually, during today's triage it was decided that the code which uses "/etc/pki/nssdb" will be removed.

master:

  • 11592dd client: stop using /etc/pki/nssdb

ipa-4-3:

  • a3e8af3 client: stop using /etc/pki/nssdb

Metadata Update from @platima:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.3.1
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
low
None
None
None
None
defect
None
None
Client
None
1
None
None
dkupka
None
0
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.