[Freeipa-users] Re: Failed to authenticate: KDC returned error string: PAC_ENFORCEMENT_TGT_WITHOUT_PAC

Alexander Bokovoy via FreeIPA-users Fri, 17 Oct 2025 22:52:19 -0700

On Няд, 05 кас 2025, Brian J. Murrell via FreeIPA-users wrote:

On Sun, 2025-10-05 at 13:39 +0300, Alexander Bokovoy via FreeIPA-users
wrote:


Please read the release notes for 4.12.5 release:
https://www.freeipa.org/release-notes/4-12-5.html

Specifically, Red Hat's knowledge base articles mentioned there.


Pity that those are locked behind a Red Hat account login.


Red Hat developer account gives you the same rights for these articles
and it is free to register on developer.redhat.com.

This topic (SIDs for users are required) was discussed on this very

mailing list for good part of the past five years.

Your deployment has at least one user with a POSIX UID outside of the
IPA ID ranges with associated SID namespace:

Oct 05 22:31:11 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:11.530693672 -0400] - ERR - sidgen_task_thread - [file 
ipa_sidgen_task.c, line 194]: Sidgen task starts ...
Oct 05 22:31:11 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:11.754504866 -0400] - ERR - find_sid_for_ldap_entry - [file 
ipa_sidgen_common.c, line 533]: Cannot convert Posix ID [10] into an unused SID.
Oct 05 22:31:11 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:11.806069857 -0400] - ERR - do_work - [file 
ipa_sidgen_task.c, line 154]: Cannot add SID to existing entry.
Oct 05 22:31:11 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:11.889609452 -0400] - ERR - sidgen_task_thread - [file 
ipa_sidgen_task.c, line 199]: Sidgen task finished [32].


Lack of a SID associated with a user account means we cannot create a
PAC entry for this user when issuing a Kerberos ticket. The reason why
we enforce PAC presence is because PAC structure contains a critical
information about the user and its group membership. It also contains
several additional checksums that allow to detect manipulation of the
Kerberos ticket itself by an attacker.

The problem we have to deal with is a combination of cryptographic
issues and identity confusion across different environments. Originally
Kerberos tickets only contained an information about the Kerberos
principal itself, without its tie to underlying operating environment.
Over years, it became clear that some parts of the Kerberos tickets can
be attacked through middle-man manipulations. Those attacks were not
possible to protect against by a traditional approach because signatures
used to validate the ticket content did not include those modified bits.

Luckily, Microsoft introduced so-called PAC (privilege access
certificate) authorisation data structure about 25 years ago that is
extensible and has own signatures to validate that its content is not

tampered with.

PAC itself was for very long time tied to the Microsoft's way of storing
AD identity details in the ticket and thus there are expectations that a
particular part of the PAC structure is also present in the ticket. This
is the part that contains SIDs.

Some of these issues were present for long time and occasionally surface
as CVEs, most known ones are CVE-2020-17049 and CVE-2022-37967 for
Active Directory's implementation of Kerberos protocol. Later, one of
signatures in PAC was also attacked due to pre-imaging problem with MD4
cipher key.

PAC container is now used to store at least two additional signature
fields to detect tampering of the parts of the Kerberos ticket outside
of the PAC. It also contains additional fields that allow to communicate
more information about the requester: with their help, KDC can record
who and how requested the original ticket, preventing critical
modifications after the ticket was issued. Additionally, session keys
are not not allowed to use older ciphers, like RC4-HMAC.

In RHEL 8 version of FreeIPA we did not have MIT Kerberos KDC
infrastructure that would have allowed us to add some of those
signatures. We had to be creative and at FOSDEM 2024 IAM devroom Julien
Rische, our Kerberos maintainer, explained how this was solved:
https://archive.fosdem.org/2024/schedule/event/fosdem-2024-2681-fixing-a-kerberos-vulnerability-with-the-bare-necessities/

The second part of the problem is identity confusion. When you don't
have PAC, it is impossible to clarify who was the user that the client
requested the ticket for and who it was issued to, due to the nature of
Kerberos protocol operations. With PAC and additional structures inside
it, we can cross check the information and apply certain logic that
would prevent these issues. This is why we now enforce use of PAC in the
default installation (came to RHEL 8 as part of RHEL 8.4+), even if you
are not using trust to Active Directory.

The issue we recently closed done with FreeIPA 4.12.5 release and which
fix was backported down to RHEL 7 and RHEL 8 is in the same topic. When
a malicious client intentionally asks for a Kerberos ticket without PAC,
MIT Kerberos KDC will happily issue such ticket, for compatibility
and interoperability reasons. These were set before the additional
checksums were added to PAC structure, so they predate CVE-2020-17049
and CVE-2022-37967 attacks. Additionally, we found a bug in 389-ds
directory server's implementation of the uniqueness enforcement plugin
that allowed certain manipulations of the database entries for existing
enrolled clients that, in turn, allowed to exploit the 'ticket without
PAC' feature.

Since PAC is now mandatory, you have to have SIDs associated with
user accounts.


Fortunately I have an account.  Pity for those that do not and are
getting hit by this update by Red Hat within a minor version even.

In any any case, the solution suggested there doesn't work (here):

# kinit admin
Password for [email protected]:
[root@server ~]# klist
Ticket cache: KEYRING:persistent:0:krb_ccache_HLUjJfd
Default principal: [email protected]

Valid starting       Expires              Service principal
2025-10-05 22:29:31  2025-10-06 21:54:00  krbtgt/[email protected]
# ipa config-mod --enable-sid --add-sids
ipa: ERROR: Failed to call DBus
# klist
Ticket cache: KEYRING:persistent:0:krb_ccache_HLUjJfd
Default principal: [email protected]

Valid starting       Expires              Service principal
2025-10-05 22:30:34  2025-10-06 21:54:00  HTTP/[email protected]
2025-10-05 22:29:31  2025-10-06 21:54:00  krbtgt/[email protected]
[root@server ~]# ipa config-mod --enable-sid --add-sids
ipa: ERROR: Failed to call DBus

Here is the journal (with as much noise as I could find removed) during the 
above:

Oct 05 22:12:17 server.example.com saslauthd[2092507]: pam_unix(imap:auth): 
check pass; user unknown
Oct 05 22:12:17 server.example.com saslauthd[2092507]: pam_unix(imap:auth): 
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Oct 05 22:12:19 server.example.com saslauthd[2092507]: DEBUG: auth_pam: 
pam_authenticate failed: Authentication failure
Oct 05 22:12:19 server.example.com saslauthd[2092507]:                 : auth 
failure: [user=no-reply] [service=imap] [realm=example.com] [mech=pam] 
[reason=PAM auth error]
Oct 05 22:12:23 server.example.com saslauthd[2092505]: pam_unix(imap:auth): 
check pass; user unknown
Oct 05 22:12:23 server.example.com saslauthd[2092505]: pam_unix(imap:auth): 
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Oct 05 22:12:25 server.example.com saslauthd[2092505]: DEBUG: auth_pam: 
pam_authenticate failed: Authentication failure
Oct 05 22:12:25 server.example.com saslauthd[2092505]:                 : auth 
failure: [user=no-reply] [service=imap] [realm=example.com] [mech=pam] 
[reason=PAM auth error]
Oct 05 22:12:28 server.example.com saslauthd[2092507]: pam_unix(imap:auth): 
check pass; user unknown
Oct 05 22:12:28 server.example.com saslauthd[2092507]: pam_unix(imap:auth): 
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Oct 05 22:12:31 server.example.com saslauthd[2092507]: DEBUG: auth_pam: 
pam_authenticate failed: Authentication failure
Oct 05 22:12:31 server.example.com saslauthd[2092507]:                 : auth 
failure: [user=no-reply] [service=imap] [realm=example.com] [mech=pam] 
[reason=PAM auth error]
Oct 05 22:12:42 server.example.com saslauthd[2092508]: pam_unix(imap:auth): 
check pass; user unknown
Oct 05 22:12:42 server.example.com saslauthd[2092508]: pam_unix(imap:auth): 
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Oct 05 22:12:44 server.example.com saslauthd[2092508]: DEBUG: auth_pam: 
pam_authenticate failed: Authentication failure
Oct 05 22:12:44 server.example.com saslauthd[2092508]:                 : auth 
failure: [user=no-reply] [service=imap] [realm=example.com] [mech=pam] 
[reason=PAM auth error]
Oct 05 22:18:13 server.example.com saslauthd[2092508]: pam_unix(imap:auth): 
check pass; user unknown
Oct 05 22:18:13 server.example.com saslauthd[2092508]: pam_unix(imap:auth): 
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Oct 05 22:18:15 server.example.com saslauthd[2092508]: DEBUG: auth_pam: 
pam_authenticate failed: Authentication failure
Oct 05 22:18:15 server.example.com saslauthd[2092508]:                 : auth 
failure: [user=no-reply] [service=imap] [realm=example.com] [mech=pam] 
[reason=PAM auth error]
Oct 05 22:18:19 server.example.com saslauthd[2092506]: pam_unix(imap:auth): 
check pass; user unknown
Oct 05 22:18:19 server.example.com saslauthd[2092506]: pam_unix(imap:auth): 
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Oct 05 22:18:21 server.example.com saslauthd[2092506]: DEBUG: auth_pam: 
pam_authenticate failed: Authentication failure
Oct 05 22:18:21 server.example.com saslauthd[2092506]:                 : auth 
failure: [user=no-reply] [service=imap] [realm=example.com] [mech=pam] 
[reason=PAM auth error]
Oct 05 22:18:24 server.example.com saslauthd[2092505]: pam_unix(imap:auth): 
check pass; user unknown
Oct 05 22:18:24 server.example.com saslauthd[2092505]: pam_unix(imap:auth): 
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Oct 05 22:18:26 server.example.com saslauthd[2092505]: DEBUG: auth_pam: 
pam_authenticate failed: Authentication failure
Oct 05 22:18:26 server.example.com saslauthd[2092505]:                 : auth 
failure: [user=no-reply] [service=imap] [realm=example.com] [mech=pam] 
[reason=PAM auth error]
Oct 05 22:18:37 server.example.com saslauthd[2092507]: pam_unix(imap:auth): 
check pass; user unknown
Oct 05 22:18:37 server.example.com saslauthd[2092507]: pam_unix(imap:auth): 
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Oct 05 22:18:39 server.example.com saslauthd[2092507]: DEBUG: auth_pam: 
pam_authenticate failed: Authentication failure
Oct 05 22:18:39 server.example.com saslauthd[2092507]:                 : auth 
failure: [user=no-reply] [service=imap] [realm=example.com] [mech=pam] 
[reason=PAM auth error]
Oct 05 22:30:45 server.example.com ns-slapd[3419543]: 
[05/Oct/2025:22:30:45.025916230 -0400] - INFO - op_thread_cleanup - slapd 
shutting down - signaling operation threads - op stack size 48 max work q size 
34 max work q stack size 34
Oct 05 22:30:45 server.example.com ns-slapd[3419543]: 
[05/Oct/2025:22:30:45.269528591 -0400] - INFO - slapd_daemon - slapd shutting 
down - closing down internal subsystems and plugins
Oct 05 22:30:46 server.example.com ns-slapd[3419543]: 
[05/Oct/2025:22:30:46.267107945 -0400] - INFO - bdb_pre_close - Waiting for 5 
database threads to stop
Oct 05 22:30:46 server.example.com dbus-daemon[1811]: [system] Activating via systemd: service 
name='org.fedoraproject.Setroubleshootd' unit='setroubleshootd.service' requested by ':1.72' (uid=0 
pid=1365 comm="/usr/sbin/sedispatch " label="system_u:system_r:auditd_t:s0")
Oct 05 22:30:48 server.example.com ns-slapd[3419543]: 
[05/Oct/2025:22:30:48.017486340 -0400] - INFO - bdb_pre_close - All database 
threads now stopped
Oct 05 22:30:51 server.example.com dbus-daemon[1811]: [system] Successfully 
activated service 'org.fedoraproject.Setroubleshootd'
Oct 05 22:30:53 server.example.com ipa-dnskeysyncd[3420151]: ipa-dnskeysyncd: ERROR    
syncrepl_poll: LDAP error ({'result': -1, 'desc': "Can't contact LDAP server", 
'ctrls': []})
Oct 05 22:30:54 server.example.com ns-slapd[3419543]: 
[05/Oct/2025:22:30:54.681272510 -0400] - INFO - 
ldbm_back_instance_set_destructor - Set of instances destroyed
Oct 05 22:30:54 server.example.com ns-slapd[3419543]: 
[05/Oct/2025:22:30:54.802175804 -0400] - INFO - 
connection_post_shutdown_cleanup - slapd shutting down - freed 34 work q stack 
objects - freed 50 op stack objects
Oct 05 22:30:54 server.example.com ns-slapd[3419543]: 
[05/Oct/2025:22:30:54.879484858 -0400] - INFO - main - slapd stopped.
Oct 05 22:30:55 server.example.com setroubleshoot[3726695]: 
AnalyzeThread.run(): Cancel pending alarm
Oct 05 22:30:55 server.example.com systemd[1]: ipa-dnskeysyncd.service: Main 
process exited, code=exited, status=1/FAILURE
Oct 05 22:30:55 server.example.com systemd[1]: ipa-dnskeysyncd.service: Failed 
with result 'exit-code'.
Oct 05 22:30:59 server.example.com dbus-daemon[1811]: [system] Activating service 
name='org.fedoraproject.SetroubleshootPrivileged' requested by ':1.168011' (uid=985 pid=3726695 
comm="/usr/libexec/platform-python -Es /usr/sbin/setroub" 
label="system_u:system_r:setroubleshootd_t:s0") (using servicehelper)
Oct 05 22:30:59 server.example.com dbus-daemon[1811]: [system] Successfully 
activated service 'org.fedoraproject.SetroubleshootPrivileged'
Oct 05 22:31:00 server.example.com systemd[1]: [email protected]: 
Succeeded.
Oct 05 22:31:02 server.example.com setroubleshoot[3726695]: SELinux is 
preventing systemctl from getattr access on the filesystem /. For complete 
SELinux messages run: sealert -l 9e381eda-edb0-43f1-8254-cc8cef70df65
Oct 05 22:31:02 server.example.com setroubleshoot[3726695]: SELinux is 
preventing systemctl from getattr access on the filesystem /.

                                                               *****  Plugin 
catchall (100. confidence) suggests   **************************

                                                               If you believe 
that systemctl should be allowed getattr access on the  filesystem by default.
                                                               Then you should 
report this as a bug.
                                                               You can generate 
a local policy module to allow this access.
                                                               Do
                                                               allow this 
access for now by executing:
                                                               # ausearch -c 
'systemctl' --raw | audit2allow -M my-systemctl
                                                               # semodule -X 
300 -i my-systemctl.pp

Oct 05 22:31:02 server.example.com setroubleshoot[3726695]: 
AnalyzeThread.run(): Set alarm timeout to 10
Oct 05 22:31:03 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:03.485579559 -0400] - INFO - slapd_extract_cert - CA CERT 
NAME: EXAMPLE.COM IPA CA
Oct 05 22:31:03 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:03.767367886 -0400] - WARN - Security Initialization - SSL 
alert: Sending pin request to SVRCore. You may need to run 
systemd-tty-ask-password-agent to provide the password.
Oct 05 22:31:03 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:03.923513233 -0400] - INFO - slapd_extract_cert - SERVER 
CERT NAME: Server-Cert
Oct 05 22:31:04 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:04.219338498 -0400] - INFO - Security Initialization - SSL 
info: Enabling default cipher set.
Oct 05 22:31:04 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:04.266979003 -0400] - INFO - Security Initialization - SSL 
info: Configured NSS Ciphers
Oct 05 22:31:04 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:04.317087928 -0400] - INFO - Security Initialization - SSL 
info:         TLS_AES_128_GCM_SHA256: enabled
Oct 05 22:31:04 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:04.367098089 -0400] - INFO - Security Initialization - SSL 
info:         TLS_CHACHA20_POLY1305_SHA256: enabled
Oct 05 22:31:04 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:04.417336317 -0400] - INFO - Security Initialization - SSL 
info:         TLS_AES_256_GCM_SHA384: enabled
Oct 05 22:31:04 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:04.489263251 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
Oct 05 22:31:04 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:04.534559041 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
Oct 05 22:31:04 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:04.626477672 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
Oct 05 22:31:04 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:04.714513700 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
Oct 05 22:31:04 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:04.810223851 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
Oct 05 22:31:04 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:04.860334673 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
Oct 05 22:31:04 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:04.939440620 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
Oct 05 22:31:04 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:04.985597169 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
Oct 05 22:31:05 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:05.080981709 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
Oct 05 22:31:05 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:05.197083659 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
Oct 05 22:31:05 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:05.246234040 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
Oct 05 22:31:05 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:05.304818861 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
Oct 05 22:31:05 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:05.389397483 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
Oct 05 22:31:05 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:05.463257597 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
Oct 05 22:31:05 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:05.538601244 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
Oct 05 22:31:05 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:05.597262719 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
Oct 05 22:31:05 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:05.647350713 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
Oct 05 22:31:05 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:05.722610923 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
Oct 05 22:31:05 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:05.773061307 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
Oct 05 22:31:05 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:05.847829995 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
Oct 05 22:31:05 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:05.890024772 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
Oct 05 22:31:05 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:05.973418139 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_128_CBC_SHA: enabled
Oct 05 22:31:06 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:06.084319498 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
Oct 05 22:31:06 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:06.142531622 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_256_CBC_SHA: enabled
Oct 05 22:31:06 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:06.192631943 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
Oct 05 22:31:06 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:06.281591368 -0400] - INFO - Security Initialization - 
slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3
Oct 05 22:31:06 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:06.369860392 -0400] - INFO - Security Initialization - 
slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3
Oct 05 22:31:06 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:06.411855976 -0400] - INFO - main - 389-Directory/1.4.3.39 
B2025.254.1138 starting up
Oct 05 22:31:06 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:06.453288999 -0400] - INFO - main - Setting the maximum file 
descriptor limit to: 262144
Oct 05 22:31:07 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:07.466269174 -0400] - INFO - PBKDF2_SHA256 - Based on CPU 
performance, chose 2048 rounds
Oct 05 22:31:07 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:07.578815222 -0400] - INFO - 
ldbm_instance_config_cachememsize_set - force a minimal value 512000
Oct 05 22:31:07 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:07.627261591 -0400] - INFO - 
ldbm_instance_config_cachememsize_set - force a minimal value 512000
Oct 05 22:31:07 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:07.719564798 -0400] - INFO - 
ldbm_instance_config_cachememsize_set - force a minimal value 512000
Oct 05 22:31:07 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:07.785053566 -0400] - NOTICE - ldbm_back_start - found 
16023608k physical memory
Oct 05 22:31:07 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:07.877663240 -0400] - NOTICE - ldbm_back_start - found 
11418308k available
Oct 05 22:31:07 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:07.981564039 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: db cache: 1001475k
Oct 05 22:31:08 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:08.122650906 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: userRoot entry cache (3 total): 917504k
Oct 05 22:31:08 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:08.202400578 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: userRoot dn cache (3 total): 131072k
Oct 05 22:31:08 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:08.269619054 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: ipaca entry cache (3 total): 917504k
Oct 05 22:31:08 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:08.357949849 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: ipaca dn cache (3 total): 131072k
Oct 05 22:31:08 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:08.408210274 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: changelog entry cache (3 total): 917504k
Oct 05 22:31:08 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:08.458334827 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: changelog dn cache (3 total): 131072k
Oct 05 22:31:08 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:08.508401340 -0400] - NOTICE - ldbm_back_start - total cache 
size: 4246736384 B;
Oct 05 22:31:08 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:08.868423128 -0400] - ERR - schema-compat-plugin - scheduled 
schema-compat-plugin tree scan in about 5 seconds after the server startup!
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.009983446 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=groups,cn=compat,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.093187169 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=computers,cn=compat,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.143407246 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=ng,cn=compat,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.210145475 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target ou=sudoers,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.260904819 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=users,cn=compat,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.360976616 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.402217056 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.469168577 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.560905092 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.602649483 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.644305590 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.686078695 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.753064450 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.794966914 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.853203426 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:31:09 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:09.895737068 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:31:10 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:10.206799297 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=casigningcert 
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
Oct 05 22:31:10 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:10.245917130 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=casigningcert 
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
Oct 05 22:31:10 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:10.450842708 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist
Oct 05 22:31:10 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:10.491697592 -0400] - INFO - slapi_vattrspi_regattr - 
Because krbPwdPolicyReference is a new registered virtual attribute , 
nsslapd-ignore-virtual-attrs was set to 'off'
Oct 05 22:31:10 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:10.553122897 -0400] - ERR - cos-plugin - cos_dn_defs_cb - 
Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no 
CoS Templates found, which should be added before the CoS Definition.
Oct 05 22:31:10 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:10.899301485 -0400] - ERR - set_krb5_creds - Could not get 
initial credentials for principal [ldap/[email protected]] in 
keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328324 (Generic error (see e-text))
Oct 05 22:31:11 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:11.042433464 -0400] - ERR - schema-compat-plugin - 
schema-compat-plugin tree scan will start in about 5 seconds!
Oct 05 22:31:11 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:11.080079163 -0400] - INFO - 
validate_num_config_reservedescriptors - reserve descriptors changed from 64 to 
231
Oct 05 22:31:11 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:11.121821955 -0400] - INFO - connection_table_new - 
conntablesize:64000
Oct 05 22:31:11 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:11.189210866 -0400] - INFO - slapd_daemon - slapd started.  
Listening on All Interfaces port 389 for LDAP requests
Oct 05 22:31:11 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:11.230274405 -0400] - INFO - slapd_daemon - Listening on All 
Interfaces port 636 for LDAPS requests
Oct 05 22:31:11 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:11.271968257 -0400] - INFO - slapd_daemon - Listening on 
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
Oct 05 22:31:11 server.example.com ldapmodify[3726777]: DIGEST-MD5 common mech 
free
Oct 05 22:31:11 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:11.530693672 -0400] - ERR - sidgen_task_thread - [file 
ipa_sidgen_task.c, line 194]: Sidgen task starts ...
Oct 05 22:31:11 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:11.754504866 -0400] - ERR - find_sid_for_ldap_entry - [file 
ipa_sidgen_common.c, line 533]: Cannot convert Posix ID [10] into an unused SID.
Oct 05 22:31:11 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:11.806069857 -0400] - ERR - do_work - [file 
ipa_sidgen_task.c, line 154]: Cannot add SID to existing entry.
Oct 05 22:31:11 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:11.889609452 -0400] - ERR - sidgen_task_thread - [file 
ipa_sidgen_task.c, line 199]: Sidgen task finished [32].
Oct 05 22:31:13 server.example.com systemd[1]: setroubleshootd.service: 
Succeeded.
Oct 05 22:31:16 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:16.145360656 -0400] - ERR - schema-compat-plugin - warning: 
no entries set up under cn=computers, cn=compat,dc=example,dc=com
Oct 05 22:31:16 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:31:16.199480265 -0400] - ERR - schema-compat-plugin - Finished 
plugin initialization.
Oct 05 22:31:55 server.example.com systemd[1]: ipa-dnskeysyncd.service: Service 
RestartSec=1min expired, scheduling restart.
Oct 05 22:31:55 server.example.com systemd[1]: ipa-dnskeysyncd.service: 
Scheduled restart job, restart counter is at 1.
Oct 05 22:31:56 server.example.com ipa-dnskeysyncd[3726839]: ipa-dnskeysyncd: 
INFO     To increase debugging set debug=True in dns.conf See default.conf(5) 
for details
Oct 05 22:31:58 server.example.com ipa-dnskeysyncd[3726839]: ipa-dnskeysyncd: 
INFO     LDAP bind...
Oct 05 22:31:58 server.example.com ipa-dnskeysyncd[3726839]: ipa-dnskeysyncd: 
INFO     Commencing sync process
Oct 05 22:31:58 server.example.com ipa-dnskeysyncd[3726839]: 
ipaserver.dnssec.keysyncer: INFO     Initial LDAP dump is done, sychronizing 
with ODS and BIND
Oct 05 22:32:02 server.example.com platform-python[3726845]: 
Configuration.cpp(96): Missing log.level in configuration. Using default value: 
INFO
Oct 05 22:32:02 server.example.com platform-python[3726845]: 
Configuration.cpp(96): Missing slots.mechanisms in configuration. Using default 
value: ALL
Oct 05 22:32:02 server.example.com platform-python[3726845]: 
Configuration.cpp(124): Missing slots.removable in configuration. Using default 
value: false
Oct 05 22:32:02 server.example.com dbus-daemon[1811]: [system] Activating via systemd: service 
name='org.fedoraproject.Setroubleshootd' unit='setroubleshootd.service' requested by ':1.72' (uid=0 
pid=1365 comm="/usr/sbin/sedispatch " label="system_u:system_r:auditd_t:s0")
Oct 05 22:32:02 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:32:02.844710214 -0400] - INFO - op_thread_cleanup - slapd 
shutting down - signaling operation threads - op stack size 2 max work q size 2 
max work q stack size 2
Oct 05 22:32:02 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:32:02.970635926 -0400] - INFO - slapd_daemon - slapd shutting 
down - waiting for 1 thread to terminate
Oct 05 22:32:03 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:32:03.083631335 -0400] - INFO - slapd_daemon - slapd shutting 
down - closing down internal subsystems and plugins
Oct 05 22:32:03 server.example.com dbus-daemon[1811]: [system] Successfully 
activated service 'org.fedoraproject.Setroubleshootd'
Oct 05 22:32:04 server.example.com setroubleshoot[3726887]: 
AnalyzeThread.run(): Cancel pending alarm
Oct 05 22:32:05 server.example.com dbus-daemon[1811]: [system] Activating service 
name='org.fedoraproject.SetroubleshootPrivileged' requested by ':1.168026' (uid=985 pid=3726887 
comm="/usr/libexec/platform-python -Es /usr/sbin/setroub" 
label="system_u:system_r:setroubleshootd_t:s0") (using servicehelper)
Oct 05 22:32:05 server.example.com dbus-daemon[1811]: [system] Successfully 
activated service 'org.fedoraproject.SetroubleshootPrivileged'
Oct 05 22:32:06 server.example.com setroubleshoot[3726887]: SELinux is 
preventing systemctl from getattr access on the filesystem /. For complete 
SELinux messages run: sealert -l 9e381eda-edb0-43f1-8254-cc8cef70df65
Oct 05 22:32:06 server.example.com setroubleshoot[3726887]: SELinux is 
preventing systemctl from getattr access on the filesystem /.

                                                               *****  Plugin 
catchall (100. confidence) suggests   **************************

                                                               If you believe 
that systemctl should be allowed getattr access on the  filesystem by default.
                                                               Then you should 
report this as a bug.
                                                               You can generate 
a local policy module to allow this access.
                                                               Do
                                                               allow this 
access for now by executing:
                                                               # ausearch -c 
'systemctl' --raw | audit2allow -M my-systemctl
                                                               # semodule -X 
300 -i my-systemctl.pp

Oct 05 22:32:06 server.example.com setroubleshoot[3726887]: 
AnalyzeThread.run(): Set alarm timeout to 10
Oct 05 22:32:13 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:32:13.440343371 -0400] - INFO - bdb_pre_close - Waiting for 5 
database threads to stop
Oct 05 22:32:14 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:32:14.181117121 -0400] - INFO - bdb_pre_close - All database 
threads now stopped
Oct 05 22:32:14 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:32:14.355126744 -0400] - INFO - 
ldbm_back_instance_set_destructor - Set of instances destroyed
Oct 05 22:32:14 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:32:14.404560032 -0400] - INFO - 
connection_post_shutdown_cleanup - slapd shutting down - freed 2 work q stack 
objects - freed 4 op stack objects
Oct 05 22:32:14 server.example.com ns-slapd[3726738]: 
[05/Oct/2025:22:32:14.454015755 -0400] - INFO - main - slapd stopped.
Oct 05 22:32:14 server.example.com platform-python[3726839]: detected unhandled 
Python exception in '/usr/libexec/ipa/ipa-dnskeysyncd'
Oct 05 22:32:16 server.example.com systemd[1]: [email protected]: 
Succeeded.
Oct 05 22:32:16 server.example.com ipa-dnskeysyncd[3726839]: Traceback (most 
recent call last):
Oct 05 22:32:16 server.example.com ipa-dnskeysyncd[3726839]:   File 
"/usr/libexec/ipa/ipa-dnskeysyncd", line 130, in <module>
Oct 05 22:32:16 server.example.com ipa-dnskeysyncd[3726839]:     while 
ldap_connection.syncrepl_poll(all=1, msgid=ldap_search):
Oct 05 22:32:16 server.example.com ipa-dnskeysyncd[3726839]:   File 
"/usr/lib64/python3.6/site-packages/ldap/syncrepl.py", line 465, in 
syncrepl_poll
Oct 05 22:32:16 server.example.com ipa-dnskeysyncd[3726839]:     
self.syncrepl_refreshdone()
Oct 05 22:32:16 server.example.com ipa-dnskeysyncd[3726839]:   File 
"/usr/lib/python3.6/site-packages/ipaserver/dnssec/keysyncer.py", line 126, in 
syncrepl_refreshdone
Oct 05 22:32:16 server.example.com ipa-dnskeysyncd[3726839]:     
self.hsm_replica_sync()
Oct 05 22:32:16 server.example.com ipa-dnskeysyncd[3726839]:   File 
"/usr/lib/python3.6/site-packages/ipaserver/dnssec/keysyncer.py", line 192, in 
hsm_replica_sync
Oct 05 22:32:16 server.example.com ipa-dnskeysyncd[3726839]:     
ipautil.run([paths.IPA_DNSKEYSYNCD_REPLICA])
Oct 05 22:32:16 server.example.com ipa-dnskeysyncd[3726839]:   File 
"/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 600, in run
Oct 05 22:32:16 server.example.com ipa-dnskeysyncd[3726839]:     p.returncode, 
arg_string, output_log, error_log
Oct 05 22:32:16 server.example.com ipa-dnskeysyncd[3726839]: 
ipapython.ipautil.CalledProcessError: CalledProcessError(Command 
['/usr/libexec/ipa/ipa-dnskeysync-replica'] returned non-zero exit status 1: 
"ipa-dnskeysync-replica: INFO     To increase debugging set debug=True in dns.conf 
See default.conf(5) for details\nipa-dnskeysync-replica: ERROR    LDAP server is down: 
cannot connect to 'ldapi://%2Frun%2Fslapd-EXAMPLE-COM.socket': Connection reset by 
peer\n")
Oct 05 22:32:16 server.example.com systemd[1]: ipa-dnskeysyncd.service: Main 
process exited, code=exited, status=1/FAILURE
Oct 05 22:32:16 server.example.com systemd[1]: ipa-dnskeysyncd.service: Failed 
with result 'exit-code'.
Oct 05 22:32:16 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:16.695927840 -0400] - INFO - slapd_extract_cert - CA CERT 
NAME: EXAMPLE.COM IPA CA
Oct 05 22:32:16 server.example.com systemd[1]: setroubleshootd.service: 
Succeeded.
Oct 05 22:32:17 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:17.092452511 -0400] - WARN - Security Initialization - SSL 
alert: Sending pin request to SVRCore. You may need to run 
systemd-tty-ask-password-agent to provide the password.
Oct 05 22:32:17 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:17.279604704 -0400] - INFO - slapd_extract_cert - SERVER 
CERT NAME: Server-Cert
Oct 05 22:32:17 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:17.945423352 -0400] - INFO - Security Initialization - SSL 
info: Enabling default cipher set.
Oct 05 22:32:18 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:18.153089500 -0400] - INFO - Security Initialization - SSL 
info: Configured NSS Ciphers
Oct 05 22:32:18 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:18.336100046 -0400] - INFO - Security Initialization - SSL 
info:         TLS_AES_128_GCM_SHA256: enabled
Oct 05 22:32:18 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:18.498114331 -0400] - INFO - Security Initialization - SSL 
info:         TLS_CHACHA20_POLY1305_SHA256: enabled
Oct 05 22:32:18 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:18.615208755 -0400] - INFO - Security Initialization - SSL 
info:         TLS_AES_256_GCM_SHA384: enabled
Oct 05 22:32:18 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:18.790719632 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
Oct 05 22:32:18 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:18.857871078 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
Oct 05 22:32:19 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:19.000003307 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
Oct 05 22:32:19 server.example.com sssd_be[3404906]: Backend is offline
Oct 05 22:32:19 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:19.225362290 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
Oct 05 22:32:19 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:19.368506556 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
Oct 05 22:32:19 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:19.502023339 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
Oct 05 22:32:19 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:19.602144319 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
Oct 05 22:32:19 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:19.668927559 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
Oct 05 22:32:19 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:19.794031134 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
Oct 05 22:32:19 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:19.885921091 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
Oct 05 22:32:19 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:19.994398896 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
Oct 05 22:32:20 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:20.102883433 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
Oct 05 22:32:20 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:20.219679636 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
Oct 05 22:32:20 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:20.336688942 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
Oct 05 22:32:20 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:20.469996623 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
Oct 05 22:32:20 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:20.545441124 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
Oct 05 22:32:20 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:20.637203324 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
Oct 05 22:32:20 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:20.745908617 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
Oct 05 22:32:20 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:20.871177487 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
Oct 05 22:32:20 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:20.979627188 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
Oct 05 22:32:21 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:21.179804810 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
Oct 05 22:32:21 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:21.288725770 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_128_CBC_SHA: enabled
Oct 05 22:32:21 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:21.347141232 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
Oct 05 22:32:21 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:21.413964961 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_256_CBC_SHA: enabled
Oct 05 22:32:21 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:21.489063658 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
Oct 05 22:32:21 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:21.589753403 -0400] - INFO - Security Initialization - 
slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3
Oct 05 22:32:21 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:21.656310791 -0400] - INFO - Security Initialization - 
slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3
Oct 05 22:32:21 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:21.781628467 -0400] - INFO - main - 389-Directory/1.4.3.39 
B2025.254.1138 starting up
Oct 05 22:32:21 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:21.915024006 -0400] - INFO - main - Setting the maximum file 
descriptor limit to: 262144
Oct 05 22:32:23 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:23.010983738 -0400] - INFO - PBKDF2_SHA256 - Based on CPU 
performance, chose 2048 rounds
Oct 05 22:32:23 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:23.086207009 -0400] - INFO - 
ldbm_instance_config_cachememsize_set - force a minimal value 512000
Oct 05 22:32:23 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:23.188750776 -0400] - INFO - 
ldbm_instance_config_cachememsize_set - force a minimal value 512000
Oct 05 22:32:23 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:23.287901380 -0400] - INFO - 
ldbm_instance_config_cachememsize_set - force a minimal value 512000
Oct 05 22:32:23 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:23.371228487 -0400] - NOTICE - ldbm_back_start - found 
16023608k physical memory
Oct 05 22:32:23 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:23.450597048 -0400] - NOTICE - ldbm_back_start - found 
11550492k available
Oct 05 22:32:23 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:23.535109088 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: db cache: 1001475k
Oct 05 22:32:23 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:23.627077079 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: userRoot entry cache (3 total): 917504k
Oct 05 22:32:23 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:23.727566082 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: userRoot dn cache (3 total): 131072k
Oct 05 22:32:23 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:23.819562974 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: ipaca entry cache (3 total): 917504k
Oct 05 22:32:23 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:23.886774125 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: ipaca dn cache (3 total): 131072k
Oct 05 22:32:23 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:23.978814822 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: changelog entry cache (3 total): 917504k
Oct 05 22:32:24 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:24.045591863 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: changelog dn cache (3 total): 131072k
Oct 05 22:32:24 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:24.129238627 -0400] - NOTICE - ldbm_back_start - total cache 
size: 4246736384 B;
Oct 05 22:32:24 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:24.267232294 -0400] - ERR - schema-compat-plugin - scheduled 
schema-compat-plugin tree scan in about 5 seconds after the server startup!
Oct 05 22:32:24 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:24.357548476 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=groups,cn=compat,dc=example,dc=com does not exist
Oct 05 22:32:24 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:24.422623675 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=computers,cn=compat,dc=example,dc=com does not exist
Oct 05 22:32:24 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:24.547907102 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=ng,cn=compat,dc=example,dc=com does not exist
Oct 05 22:32:24 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:24.631511909 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target ou=sudoers,dc=example,dc=com does not exist
Oct 05 22:32:24 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:24.690151510 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=users,cn=compat,dc=example,dc=com does not exist
Oct 05 22:32:24 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:24.740626981 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:32:24 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:24.848931682 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:32:24 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:24.932859277 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:32:25 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:25.066925855 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:32:25 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:25.167146108 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:32:25 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:25.300618180 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:32:25 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:25.359350936 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:32:25 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:25.426463511 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:32:25 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:25.527088025 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:32:25 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:25.610680736 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:32:25 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:25.669854175 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:32:25 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:25.765600799 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=casigningcert 
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
Oct 05 22:32:25 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:25.828845087 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=casigningcert 
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
Oct 05 22:32:25 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:25.992764828 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist
Oct 05 22:32:26 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:26.083061936 -0400] - INFO - slapi_vattrspi_regattr - 
Because krbPwdPolicyReference is a new registered virtual attribute , 
nsslapd-ignore-virtual-attrs was set to 'off'
Oct 05 22:32:26 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:26.155166397 -0400] - ERR - cos-plugin - cos_dn_defs_cb - 
Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no 
CoS Templates found, which should be added before the CoS Definition.
Oct 05 22:32:26 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:26.451656515 -0400] - ERR - set_krb5_creds - Could not get 
initial credentials for principal [ldap/[email protected]] in 
keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328324 (Generic error (see e-text))
Oct 05 22:32:26 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:26.560182890 -0400] - ERR - schema-compat-plugin - 
schema-compat-plugin tree scan will start in about 5 seconds!
Oct 05 22:32:26 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:26.608684542 -0400] - INFO - 
validate_num_config_reservedescriptors - reserve descriptors changed from 64 to 
231
Oct 05 22:32:26 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:26.667281393 -0400] - INFO - connection_table_new - 
conntablesize:64000
Oct 05 22:32:26 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:26.817862827 -0400] - INFO - slapd_daemon - slapd started.  
Listening on All Interfaces port 389 for LDAP requests
Oct 05 22:32:26 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:26.876010504 -0400] - INFO - slapd_daemon - Listening on All 
Interfaces port 636 for LDAPS requests
Oct 05 22:32:27 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:27.001152221 -0400] - INFO - slapd_daemon - Listening on 
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
Oct 05 22:32:27 server.example.com ldapmodify[3727036]: DIGEST-MD5 common mech 
free
Oct 05 22:32:27 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:27.359538861 -0400] - ERR - sidgen_task_thread - [file 
ipa_sidgen_task.c, line 194]: Sidgen task starts ...
Oct 05 22:32:27 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:27.581024803 -0400] - ERR - find_sid_for_ldap_entry - [file 
ipa_sidgen_common.c, line 533]: Cannot convert Posix ID [10] into an unused SID.
Oct 05 22:32:27 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:27.677458301 -0400] - ERR - do_work - [file 
ipa_sidgen_task.c, line 154]: Cannot add SID to existing entry.
Oct 05 22:32:27 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:27.813856487 -0400] - ERR - sidgen_task_thread - [file 
ipa_sidgen_task.c, line 199]: Sidgen task finished [32].
Oct 05 22:32:28 server.example.com dbus-daemon[1811]: [system] Activating service 
name='org.freedesktop.problems' requested by ':1.168032' (uid=0 pid=3727063 
comm="/usr/libexec/platform-python /usr/bin/abrt-action-" 
label="system_u:system_r:abrt_t:s0-s0:c0.c1023") (using servicehelper)
Oct 05 22:32:30 server.example.com dbus-daemon[1811]: [system] Successfully 
activated service 'org.freedesktop.problems'
Oct 05 22:32:31 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:31.582885802 -0400] - ERR - schema-compat-plugin - warning: 
no entries set up under cn=computers, cn=compat,dc=example,dc=com
Oct 05 22:32:31 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:32:31.657444867 -0400] - ERR - schema-compat-plugin - Finished 
plugin initialization.
Oct 05 22:33:02 server.example.com sssd_be[3404906]: Backend is online
Oct 05 22:33:16 server.example.com systemd[1]: ipa-dnskeysyncd.service: Service 
RestartSec=1min expired, scheduling restart.
Oct 05 22:33:16 server.example.com systemd[1]: ipa-dnskeysyncd.service: 
Scheduled restart job, restart counter is at 2.
Oct 05 22:33:17 server.example.com ipa-dnskeysyncd[3727108]: ipa-dnskeysyncd: 
INFO     To increase debugging set debug=True in dns.conf See default.conf(5) 
for details
Oct 05 22:33:19 server.example.com ipa-dnskeysyncd[3727108]: ipa-dnskeysyncd: 
INFO     LDAP bind...
Oct 05 22:33:19 server.example.com ipa-dnskeysyncd[3727108]: ipa-dnskeysyncd: 
INFO     Commencing sync process
Oct 05 22:33:19 server.example.com ipa-dnskeysyncd[3727108]: 
ipaserver.dnssec.keysyncer: INFO     Initial LDAP dump is done, sychronizing 
with ODS and BIND
Oct 05 22:33:22 server.example.com platform-python[3727112]: 
Configuration.cpp(96): Missing log.level in configuration. Using default value: 
INFO
Oct 05 22:33:22 server.example.com platform-python[3727112]: 
Configuration.cpp(96): Missing slots.mechanisms in configuration. Using default 
value: ALL
Oct 05 22:33:22 server.example.com platform-python[3727112]: 
Configuration.cpp(124): Missing slots.removable in configuration. Using default 
value: false
Oct 05 22:37:34 server.example.com systemd[1]: 
[email protected]:113-198.235.24.26:57794.service: Succeeded.
Oct 05 22:37:36 server.example.com dbus-daemon[1811]: [system] Activating via systemd: service 
name='org.fedoraproject.Setroubleshootd' unit='setroubleshootd.service' requested by ':1.72' (uid=0 
pid=1365 comm="/usr/sbin/sedispatch " label="system_u:system_r:auditd_t:s0")
Oct 05 22:37:36 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:37:36.536697733 -0400] - INFO - op_thread_cleanup - slapd 
shutting down - signaling operation threads - op stack size 7 max work q size 2 
max work q stack size 2
Oct 05 22:37:36 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:37:36.593042086 -0400] - INFO - slapd_daemon - slapd shutting 
down - closing down internal subsystems and plugins
Oct 05 22:37:36 server.example.com dbus-daemon[1811]: [system] Successfully 
activated service 'org.fedoraproject.Setroubleshootd'
Oct 05 22:37:37 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:37:37.221961710 -0400] - INFO - bdb_pre_close - Waiting for 5 
database threads to stop
Oct 05 22:37:38 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:37:38.087821118 -0400] - INFO - bdb_pre_close - All database 
threads now stopped
Oct 05 22:37:38 server.example.com setroubleshoot[3727353]: 
AnalyzeThread.run(): Cancel pending alarm
Oct 05 22:37:38 server.example.com ipa-dnskeysyncd[3727108]: ipa-dnskeysyncd: ERROR    
syncrepl_poll: LDAP error ({'result': -1, 'desc': "Can't contact LDAP server", 
'ctrls': []})
Oct 05 22:37:38 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:37:38.466828760 -0400] - INFO - 
ldbm_back_instance_set_destructor - Set of instances destroyed
Oct 05 22:37:38 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:37:38.524525531 -0400] - INFO - 
connection_post_shutdown_cleanup - slapd shutting down - freed 2 work q stack 
objects - freed 7 op stack objects
Oct 05 22:37:38 server.example.com ns-slapd[3726996]: 
[05/Oct/2025:22:37:38.598948982 -0400] - INFO - main - slapd stopped.
Oct 05 22:37:38 server.example.com systemd[1]: ipa-dnskeysyncd.service: Main 
process exited, code=exited, status=1/FAILURE
Oct 05 22:37:38 server.example.com systemd[1]: ipa-dnskeysyncd.service: Failed 
with result 'exit-code'.
Oct 05 22:37:39 server.example.com dbus-daemon[1811]: [system] Activating service 
name='org.fedoraproject.SetroubleshootPrivileged' requested by ':1.168048' (uid=985 pid=3727353 
comm="/usr/libexec/platform-python -Es /usr/sbin/setroub" 
label="system_u:system_r:setroubleshootd_t:s0") (using servicehelper)
Oct 05 22:37:40 server.example.com dbus-daemon[1811]: [system] Successfully 
activated service 'org.fedoraproject.SetroubleshootPrivileged'
Oct 05 22:37:41 server.example.com setroubleshoot[3727353]: SELinux is 
preventing systemctl from getattr access on the filesystem /. For complete 
SELinux messages run: sealert -l 9e381eda-edb0-43f1-8254-cc8cef70df65
Oct 05 22:37:41 server.example.com setroubleshoot[3727353]: SELinux is 
preventing systemctl from getattr access on the filesystem /.

                                                               *****  Plugin 
catchall (100. confidence) suggests   **************************

                                                               If you believe 
that systemctl should be allowed getattr access on the  filesystem by default.
                                                               Then you should 
report this as a bug.
                                                               You can generate 
a local policy module to allow this access.
                                                               Do
                                                               allow this 
access for now by executing:
                                                               # ausearch -c 
'systemctl' --raw | audit2allow -M my-systemctl
                                                               # semodule -X 
300 -i my-systemctl.pp

Oct 05 22:37:41 server.example.com setroubleshoot[3727353]: 
AnalyzeThread.run(): Set alarm timeout to 10
Oct 05 22:37:41 server.example.com systemd[1]: [email protected]: 
Succeeded.
Oct 05 22:37:42 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:42.340060511 -0400] - INFO - slapd_extract_cert - CA CERT 
NAME: EXAMPLE.COM IPA CA
Oct 05 22:37:42 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:42.460527605 -0400] - WARN - Security Initialization - SSL 
alert: Sending pin request to SVRCore. You may need to run 
systemd-tty-ask-password-agent to provide the password.
Oct 05 22:37:42 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:42.630190667 -0400] - INFO - slapd_extract_cert - SERVER 
CERT NAME: Server-Cert
Oct 05 22:37:42 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:42.962547018 -0400] - INFO - Security Initialization - SSL 
info: Enabling default cipher set.
Oct 05 22:37:43 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:43.046774337 -0400] - INFO - Security Initialization - SSL 
info: Configured NSS Ciphers
Oct 05 22:37:43 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:43.163491511 -0400] - INFO - Security Initialization - SSL 
info:         TLS_AES_128_GCM_SHA256: enabled
Oct 05 22:37:43 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:43.271927506 -0400] - INFO - Security Initialization - SSL 
info:         TLS_CHACHA20_POLY1305_SHA256: enabled
Oct 05 22:37:43 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:43.355431395 -0400] - INFO - Security Initialization - SSL 
info:         TLS_AES_256_GCM_SHA384: enabled
Oct 05 22:37:43 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:43.413836276 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
Oct 05 22:37:43 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:43.513945433 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
Oct 05 22:37:43 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:43.616265715 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: enabled
Oct 05 22:37:43 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:43.691467889 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
Oct 05 22:37:43 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:43.749911078 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
Oct 05 22:37:43 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:43.858347249 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
Oct 05 22:37:43 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:43.983654123 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
Oct 05 22:37:44 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:44.060712697 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
Oct 05 22:37:44 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:44.127475740 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
Oct 05 22:37:44 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:44.202573563 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
Oct 05 22:37:44 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:44.302651932 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
Oct 05 22:37:44 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:44.386103901 -0400] - INFO - Security Initialization - SSL 
info:         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
Oct 05 22:37:44 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:44.486180282 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
Oct 05 22:37:44 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:44.579081876 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: enabled
Oct 05 22:37:44 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:44.665213352 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
Oct 05 22:37:44 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:44.757005141 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
Oct 05 22:37:44 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:44.840419043 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
Oct 05 22:37:44 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:44.965529687 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
Oct 05 22:37:45 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:45.059700105 -0400] - INFO - Security Initialization - SSL 
info:         TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
Oct 05 22:37:45 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:45.184820450 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
Oct 05 22:37:45 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:45.268258904 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
Oct 05 22:37:45 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:45.349830088 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_128_CBC_SHA: enabled
Oct 05 22:37:45 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:45.441560982 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
Oct 05 22:37:45 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:45.558303104 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_256_CBC_SHA: enabled
Oct 05 22:37:45 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:45.641898097 -0400] - INFO - Security Initialization - SSL 
info:         TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
Oct 05 22:37:45 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:45.749936323 -0400] - INFO - Security Initialization - 
slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3
Oct 05 22:37:45 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:45.827559431 -0400] - INFO - Security Initialization - 
slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3
Oct 05 22:37:45 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:45.936250422 -0400] - INFO - main - 389-Directory/1.4.3.39 
B2025.254.1138 starting up
Oct 05 22:37:46 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:46.011057447 -0400] - INFO - main - Setting the maximum file 
descriptor limit to: 262144
Oct 05 22:37:47 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:47.097132587 -0400] - INFO - PBKDF2_SHA256 - Based on CPU 
performance, chose 2048 rounds
Oct 05 22:37:47 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:47.147943785 -0400] - INFO - 
ldbm_instance_config_cachememsize_set - force a minimal value 512000
Oct 05 22:37:47 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:47.225546806 -0400] - INFO - 
ldbm_instance_config_cachememsize_set - force a minimal value 512000
Oct 05 22:37:47 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:47.324760767 -0400] - INFO - 
ldbm_instance_config_cachememsize_set - force a minimal value 512000
Oct 05 22:37:47 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:47.391146930 -0400] - NOTICE - ldbm_back_start - found 
16023608k physical memory
Oct 05 22:37:47 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:47.470470537 -0400] - NOTICE - ldbm_back_start - found 
11411956k available
Oct 05 22:37:47 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:47.553932694 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: db cache: 1001475k
Oct 05 22:37:47 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:47.663901124 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: userRoot entry cache (3 total): 917504k
Oct 05 22:37:47 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:47.772538534 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: userRoot dn cache (3 total): 131072k
Oct 05 22:37:47 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:47.889321884 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: ipaca entry cache (3 total): 917504k
Oct 05 22:37:47 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:47.997741757 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: ipaca dn cache (3 total): 131072k
Oct 05 22:37:48 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:48.131200608 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: changelog entry cache (3 total): 917504k
Oct 05 22:37:48 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:48.231267899 -0400] - NOTICE - ldbm_back_start - cache 
autosizing: changelog dn cache (3 total): 131072k
Oct 05 22:37:48 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:48.306633320 -0400] - NOTICE - ldbm_back_start - total cache 
size: 4246736384 B;
Oct 05 22:37:48 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:48.497356626 -0400] - ERR - schema-compat-plugin - scheduled 
schema-compat-plugin tree scan in about 5 seconds after the server startup!
Oct 05 22:37:48 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:48.634437759 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=groups,cn=compat,dc=example,dc=com does not exist
Oct 05 22:37:48 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:48.765382891 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=computers,cn=compat,dc=example,dc=com does not exist
Oct 05 22:37:48 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:48.848817646 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=ng,cn=compat,dc=example,dc=com does not exist
Oct 05 22:37:48 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:48.943756601 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target ou=sudoers,dc=example,dc=com does not exist
Oct 05 22:37:49 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:49.018793289 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=users,cn=compat,dc=example,dc=com does not exist
Oct 05 22:37:49 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:49.127597503 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:37:49 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:49.210676087 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:37:49 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:49.311831255 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:37:49 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:49.378791455 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:37:49 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:49.544729372 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:37:49 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:49.697339524 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:37:49 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:49.789043002 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:37:49 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:49.872426667 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:37:49 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:49.972583722 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:37:50 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:50.055464974 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:37:50 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:50.163882998 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
Oct 05 22:37:50 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:50.242169855 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=casigningcert 
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
Oct 05 22:37:50 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:50.325550775 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=casigningcert 
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
Oct 05 22:37:50 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:50.495690437 -0400] - WARN - NSACLPlugin - acl_parse - The 
ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist
Oct 05 22:37:50 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:50.588487771 -0400] - INFO - slapi_vattrspi_regattr - 
Because krbPwdPolicyReference is a new registered virtual attribute , 
nsslapd-ignore-virtual-attrs was set to 'off'
Oct 05 22:37:50 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:50.668680563 -0400] - ERR - cos-plugin - cos_dn_defs_cb - 
Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no 
CoS Templates found, which should be added before the CoS Definition.
Oct 05 22:37:50 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:50.864870299 -0400] - ERR - set_krb5_creds - Could not get 
initial credentials for principal [ldap/[email protected]] in 
keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328324 (Generic error (see e-text))
Oct 05 22:37:50 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:50.969483272 -0400] - INFO - 
validate_num_config_reservedescriptors - reserve descriptors changed from 64 to 
231
Oct 05 22:37:51 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:51.044941348 -0400] - ERR - schema-compat-plugin - 
schema-compat-plugin tree scan will start in about 5 seconds!
Oct 05 22:37:51 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:51.136631896 -0400] - INFO - connection_table_new - 
conntablesize:64000
Oct 05 22:37:51 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:51.290605689 -0400] - INFO - slapd_daemon - slapd started.  
Listening on All Interfaces port 389 for LDAP requests
Oct 05 22:37:51 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:51.380731529 -0400] - INFO - slapd_daemon - Listening on All 
Interfaces port 636 for LDAPS requests
Oct 05 22:37:51 server.example.com systemd[1]: setroubleshootd.service: 
Succeeded.
Oct 05 22:37:51 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:51.509841964 -0400] - INFO - slapd_daemon - Listening on 
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
Oct 05 22:37:51 server.example.com ldapmodify[3727470]: DIGEST-MD5 common mech 
free
Oct 05 22:37:51 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:51.719731955 -0400] - ERR - sidgen_task_thread - [file 
ipa_sidgen_task.c, line 194]: Sidgen task starts ...
Oct 05 22:37:51 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:51.963509837 -0400] - ERR - find_sid_for_ldap_entry - [file 
ipa_sidgen_common.c, line 533]: Cannot convert Posix ID [10] into an unused SID.
Oct 05 22:37:52 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:52.059796528 -0400] - ERR - do_work - [file 
ipa_sidgen_task.c, line 154]: Cannot add SID to existing entry.
Oct 05 22:37:52 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:52.126719622 -0400] - ERR - sidgen_task_thread - [file 
ipa_sidgen_task.c, line 199]: Sidgen task finished [32].
Oct 05 22:37:55 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:55.990752127 -0400] - ERR - schema-compat-plugin - warning: 
no entries set up under cn=computers, cn=compat,dc=example,dc=com
Oct 05 22:37:56 server.example.com ns-slapd[3727433]: 
[05/Oct/2025:22:37:56.062592800 -0400] - ERR - schema-compat-plugin - Finished 
plugin initialization.
Oct 05 22:38:38 server.example.com systemd[1]: ipa-dnskeysyncd.service: Service 
RestartSec=1min expired, scheduling restart.
Oct 05 22:38:38 server.example.com systemd[1]: ipa-dnskeysyncd.service: 
Scheduled restart job, restart counter is at 3.
Oct 05 22:38:39 server.example.com ipa-dnskeysyncd[3727487]: ipa-dnskeysyncd: 
INFO     To increase debugging set debug=True in dns.conf See default.conf(5) 
for details
Oct 05 22:38:42 server.example.com ipa-dnskeysyncd[3727487]: ipa-dnskeysyncd: 
INFO     LDAP bind...
Oct 05 22:38:42 server.example.com ipa-dnskeysyncd[3727487]: ipa-dnskeysyncd: 
INFO     Commencing sync process
Oct 05 22:38:42 server.example.com ipa-dnskeysyncd[3727487]: 
ipaserver.dnssec.keysyncer: INFO     Initial LDAP dump is done, sychronizing 
with ODS and BIND
Oct 05 22:38:45 server.example.com platform-python[3727504]: 
Configuration.cpp(96): Missing log.level in configuration. Using default value: 
INFO
Oct 05 22:38:45 server.example.com platform-python[3727504]: 
Configuration.cpp(96): Missing slots.mechanisms in configuration. Using default 
value: ALL
Oct 05 22:38:45 server.example.com platform-python[3727504]: 
Configuration.cpp(124): Missing slots.removable in configuration. Using default 
value: false
Oct 05 22:40:01 server.example.com systemd[1]: sysstat-collect.service: 
Succeeded.

Cheers,
b.

--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue




--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland

--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Freeipa-users] Re: Failed to authenticate: KDC returned error string: PAC_ENFORCEMENT_TGT_WITHOUT_PAC

Reply via email to