[Pkg-freeipa-devel] ipa-server-install bug

eon eon at sli.net.nz
Thu Sep 29 02:52:18 UTC 2016

Package: freeipa-server
Source: freeipa
Version: 4.3.2-1
Installed-Size: 3139
Maintainer: Debian FreeIPA Team <pkg-freeipa-devel at lists.alioth.debian.org>
Architecture: amd64
Replaces: freeipa-server-trust-ad (<< 4.3.0-1)

# ipa-server-install -v --log-file=ipa-server-install.log --external-ca --allow-zone-overlap

Loading deployment configuration from /tmp/tmpTclGHZ.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/dogtag/tomcat/pki-tomcat/ca/deployment.cfg.

Installation failed: Command '['BtoA', '/tmp/tmpH_iXVA/request.bin', '/tmp/tmpH_iXVA/request.b64']' returned non-zero exit status 127

ipa         : DEBUG    stderr=/usr/bin/BtoA: 137: /usr/bin/BtoA: /bin/java: not found

ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpTclGHZ' returned non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL   /var/log/pki/pki-tomcat
ipa         : DEBUG    Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/service.py", line 447, in start_creation


ln -s  /usr/bin/java /bin/java 

for a dirty fix to get to 

The next step is to get /root/ipa.csr signed by your CA and re-run /usr/sbin/ipa-server-install as:
/usr/sbin/ipa-server-install --external-cert-file=/path/to/signed_certificate --external-cert-file=/path/to/external_ca_certificate

If more stuff breaks ill let you know.

Thanks for maintaining freeipa, I’m migrating (well totally rebuilding) from redhat.

More information about the Pkg-freeipa-devel mailing list