Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1444722
Description of problem: When user tries to install ipa-server-install (DL0) on machine configured FIPS mode, command fails with below error [root@ipaserver01 ~]# ipa-server-install --ip-address $(ip addr|grep "global"|cut -d " " -f6|cut -d "/" -f1|head -n 1) -r testrelm.test -p 'Secret123' -a 'Secret123' --setup-dns --forwarder 10.10.10.254 -U --domain 0 Checking DNS domain 0, please wait ... The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the IPA Server. This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) * Configure DNS (bind) * Configure the KDC to enable PKINIT WARNING: conflicting time&date synchronization service 'chronyd' will be disabled in favor of ntpd Warning: skipping DNS resolution of host ipaserver01.testrelm.test ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR 'int' object has no attribute '__getitem__' ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information Version-Release number of selected component (if applicable): # rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server package freeipa-server is not installed package freeipa-client is not installed ipa-server-4.5.0-7.el7.x86_64 ipa-client-4.5.0-7.el7.x86_64 389-ds-base-1.3.6.1-9.el7.x86_64 pki-ca-10.4.1-2.el7.noarch krb5-server-1.15.1-7.el7.x86_64 # sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 How reproducible: 100% Steps to Reproduce: 1. Configure FIPS on RHEL 7 machine 2. Install ipa-server-install using `-n 0' or `--domain=0' Actual results: Installer fails with above error message Expected results: Installer should be successful using domain level 0
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1444722
This is not reproducible in master (4.7) because single-label domains are not allowed.
Moving milestone to 4.5.5.
Metadata Update from @rcritten: - Issue priority set to: low - Issue set to the milestone: FreeIPA 4.5.5 (was: FreeIPA 4.7)
This is fixed by disallowing single label domains.
Fixed upstream
master: https://pagure.io/freeipa/c/905ab93c958a539eb4af7d4b008a5aa02292ba12
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.