I have enabled ssl3 in the server with this order:
ldapmodify -D "cn=directory manager" -W -p 389 -h localhost -x
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
exit
restarted the server with ipactl restart and now the command ipa-client-install initiates the joining to the domain but there is a new problem, the command crashes with this lines:
New SSSD config will be created.
root : INFO New SSSD config will be created
Configured /etc/sssd/sssd.conf
root : DEBUG args=/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
root : DEBUG stdout=
root : DEBUG stderr=certutil: function failed: security library: bad database.
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 1292, in <module>
sys.exit(main())
File "/usr/sbin/ipa-client-install", line 1279, in main
rval = install(options, env, fstore, statestore)
File "/usr/sbin/ipa-client-install", line 1124, in install
run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"])
File "/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 273, in run
raise CalledProcessError(p.returncode, args)
subprocess.CalledProcessError: Command '/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255
pasqual@ubuntuprovesfreeipa:~$
the problem is that the system nss database doesn't exist in a new system. I can create it with the commands:
mkdir -p /etc/pki/nssdb
certutil -N -d /etc/pki/nssdb
but asks for a password. there are some obscure referencies about using a password file called pwdfile.txt that resides in the server but I'm not sure with what to do now. any idea?
I have enabled ssl3 in the server with this order:
ldapmodify -D "cn=directory manager" -W -p 389 -h localhost -x
dn: cn=encryption, cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
exit
restarted the server with ipactl restart and now the command ipa-client-install initiates the joining to the domain but there is a new problem, the command crashes with this lines: bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt
New SSSD config will be created.
root : INFO New SSSD config will be created
Configured /etc/sssd/sssd.conf
root : DEBUG args=/usr/
root : DEBUG stdout=
root : DEBUG stderr=certutil: function failed: security library: bad database.
Traceback (most recent call last): ipa-client- install" , line 1292, in <module> exit(main( )) ipa-client- install" , line 1279, in main ipa-client- install" , line 1124, in install ["/usr/ bin/certutil" , "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) python2. 7/dist- packages/ ipapython/ ipautil. py", line 273, in run ror(p.returncod e, args) CalledProcessEr ror: Command '/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i /etc/ipa/ca.crt' returned non-zero exit status 255 ubuntuprovesfre eipa:~$
File "/usr/sbin/
sys.
File "/usr/sbin/
rval = install(options, env, fstore, statestore)
File "/usr/sbin/
run(
File "/usr/lib/
raise CalledProcessEr
subprocess.
pasqual@
the problem is that the system nss database doesn't exist in a new system. I can create it with the commands:
mkdir -p /etc/pki/nssdb
certutil -N -d /etc/pki/nssdb
but asks for a password. there are some obscure referencies about using a password file called pwdfile.txt that resides in the server but I'm not sure with what to do now. any idea?
thanks