there are somethign like these:
type=AVC msg=audit(1346710042.243:56): avc: denied { execute } for pid=4243
comm="gdm" name="arch" dev=dm-0 ino=786829
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
type=AVC msg=audit(1346710042.243:57): avc: denied { execute } for pid=4243
comm="gdm" name="arch" dev=dm-0 ino=786829
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
and some others like these:
type=AVC msg=audit(1346838993.154:2567): avc: denied { search } for
pid=17155 comm="java" name="gridengine" dev=dm-0 ino=391879
scontext=unconfined_u:system_r:pki_ca_t:s0
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir
type=AVC msg=audit(1346838993.154:2568): avc: denied { search } for
pid=17155 comm="java" name="gridengine" dev=dm-0 ino=391879
scontext=unconfined_u:system_r:pki_ca_t:s0
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir
And yes, I did yum update recently.
Where else should I look?
Thanks,
George
>________________________________
> From: Rob Crittenden <rcrit...@redhat.com>
>To: george he <george_...@yahoo.com>
>Cc: Ade Lee <a...@redhat.com>; "freeipa-users@redhat.com"
><freeipa-users@redhat.com>
>Sent: Wednesday, September 5, 2012 8:40 AM
>Subject: Re: [Freeipa-users] ipa host-del
>
>george he wrote:
>> here are the new errors:
>> # rm /var/log/pki-ca/*
>> # service dirsrv restart
>> # service pki-cad restart
>> # grep -i error /var/log/pki-ca/*
>> /var/log/pki-ca/catalina.2012-09-05.log:WARNING: Error while removing
>> context [/ca]
>> /var/log/pki-ca/catalina.2012-09-05.log:SEVERE: Error initializing
>> socket factory
>> /var/log/pki-ca/catalina.2012-09-05.log:java.lang.ClassNotFoundException:
>> Error
>> loading SSL Implementation
>> org.apache.tomcat.util.net.jss.JSSImplementation
>> :java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket
>> /var/log/pki-ca/catalina.2012-09-05.log:LifecycleException: Protocol
>> handler initialization failed: java.lang.ClassNotFoundException: Error
>> loading SSL Implementation
>> org.apache.tomcat.util.net.jss.JSSImplementation
>> :java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket
>> /var/log/pki-ca/catalina.2012-09-05.log:SEVERE: Error deploying web
>> application directory ca
>> /var/log/pki-ca/catalina.out:SEVERE: Error initializing socket factory
>> /var/log/pki-ca/catalina.out:java.lang.ClassNotFoundException: Error
>> loading SSL Implementation
>> org.apache.tomcat.util.net.jss.JSSImplementation
>> :java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket
>> /var/log/pki-ca/catalina.out:LifecycleException: Protocol handler
>> initialization failed: java.lang.ClassNotFoundException: Error loading
>> SSL Implementation org.apache.tomcat.util.net.jss.JSSImplementation
>> :java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket
>> /var/log/pki-ca/catalina.out:SEVERE: Error deploying web application
>> directory ca
>> /var/log/pki-ca/catalina.out:SEVERE: Error initializing socket factory
>> /var/log/pki-ca/catalina.out:java.lang.ClassNotFoundException: Error
>> loading SSL Implementation
>> org.apache.tomcat.util.net.jss.JSSImplementation
>> :java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket
>> /var/log/pki-ca/catalina.out:LifecycleException: Protocol handler
>> initialization failed: java.lang.ClassNotFoundException: Error loading
>> SSL Implementation org.apache.tomcat.util.net.jss.JSSImplementation
>> :java.lang.ClassNotFoundException: org.mozilla.jss.ssl.SSLSocket
>
>Hmm. Is there any additional information in the debug log? Any AVCs in
>/var/log/audit/audit.log?
>
>Have you updated any packages recently? I'm not sure why dogtag would be
>throwing this exception.
>
>rob
>
>>
>> ------------------------------------------------------------------------
>> *From:* Rob Crittenden <rcrit...@redhat.com>
>> *To:* george he <george_...@yahoo.com>
>> *Cc:* John Dennis <jden...@redhat.com>; "freeipa-users@redhat.com"
>> <freeipa-users@redhat.com>
>> *Sent:* Tuesday, September 4, 2012 9:49 PM
>> *Subject:* Re: [Freeipa-users] ipa host-del
>>
>> george he wrote:
>> > both of the commands "service dirsrv restart" and "service pki-cad
>> > restart" reported:
>> > stopping ... OK
>> > starting ... OK
>> > but host-del still has the same error.
>> > More suggestions?
>>
>> Check the logs again. The service starting does not mean it kept
>> running.
>>
>> rob
>>
>> > Thanks,
>> > George
>> >
>> >
>> ------------------------------------------------------------------------
>> > *From:* Rob Crittenden <rcrit...@redhat.com
>> <mailto:rcrit...@redhat.com>>
>> > *To:* george he <george_...@yahoo.com
>> <mailto:george_...@yahoo.com>>
>> > *Cc:* John Dennis <jden...@redhat.com
>> <mailto:jden...@redhat.com>>; "freeipa-users@redhat.com
>> <mailto:freeipa-users@redhat.com>"
>> > <freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>>
>> > *Sent:* Tuesday, September 4, 2012 4:20 PM
>> > *Subject:* Re: [Freeipa-users] ipa host-del
>> >
>> > george he wrote:
>> > > I'm running centos 6.3
>> > > # uname -r
>> > > 2.6.32-279.5.2.el6.x86_64
>> > >
>> > > pki-ca: unrecognized service
>> > >
>> > > There are tons of errors in /var/log/pki-ca/*, some of
>> them are:
>> > > /var/log/pki-ca/system:11605.main - [30/Aug/2012:16:34:56 EDT]
>> > [3] [3]
>> > > Cannot build CA chain. Error
>> java.security.cert.CertificateException:
>> > > Certificate is not a PKCS #11 certificate
>> > > /var/log/pki-ca/system:11605.main - [30/Aug/2012:16:34:56 EDT]
>> > [13] [3]
>> > > authz instance DirAclAuthz initialization failed and skipped,
>> > > error=Property internaldb.ldapconn.port missing value
>> > > /var/log/pki-ca/system:11605.http-9445-1 -
>> [30/Aug/2012:16:35:01 EDT]
>> > > [3] [3] Cannot build CA chain. Error
>> > > java.security.cert.CertificateException: Certificate is not a
>> > PKCS #11
>> > > certificate
>> > > /var/log/pki-ca/system:11605.http-9445-1 -
>> [30/Aug/2012:16:35:10 EDT]
>> > > [3] [3] CASigningUnit: Object certificate not found. Error
>> > > org.mozilla.jss.crypto.ObjectNotFoundException
>> > > /var/log/pki-ca/system:3281.main - [31/Aug/2012:17:54:28
>> EDT] [8]
>> > [3] In
>> > > Ldap (bound) connection pool to host
>> cushing.psych.yale.edu port
>> > 7389,
>> > > Cannot connect to LDAP server. Error:
>> netscape.ldap.LDAPException:
>> > > failed to connect to server
>> ldap://cushing.psych.yale.edu:7389 (91)
>> > >
>> > > /var/log/pki-ca/catalina.2012-09-03.log:SEVERE: Error
>> initializing
>> > > socket factory
>> > >
>> >
>> /var/log/pki-ca/catalina.2012-09-03.log:java.lang.ClassNotFoundException:
>> > Error
>> > > loading SSL Implementation
>> > > org.apache.tomcat.util.net.jss.JSSImplementation
>> > > :java.lang.ClassNotFoundException:
>> org.mozilla.jss.ssl.SSLSocket
>> > >
>> /var/log/pki-ca/catalina.2012-09-03.log:LifecycleException: Protocol
>> > > handler initialization failed:
>> java.lang.ClassNotFoundException:
>> > Error
>> > > loading SSL Implementation
>> > > org.apache.tomcat.util.net.jss.JSSImplementation
>> > > :java.lang.ClassNotFoundException:
>> org.mozilla.jss.ssl.SSLSocket
>> > > /var/log/pki-ca/catalina.2012-09-03.log:SEVERE: Error
>> deploying web
>> > > application directory ca
>> >
>> > The problem looks to be that the dogtag 389-ds instance is not
>> started.
>> > I'd try: service dirsrv restart PKI-IPA
>> >
>> > Then service pki-cad restart
>> >
>> > rob
>> >
>> >
>> >
>> >
>>
>>
>>
>
>
>
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users