This is a newly installed system. It does most of the things, but I just cannot
del the host that I have uninstalled ipa-client, which prvents me from
re-installing ipa-client.
Here are the versions:
pki-ca.noarch 9.0.3-24.el6
pki-common.noarch 9.0.3-24.el6
jss.x86_64 4.2.6-22.el6
nss.x86_64 3.13.5-1.el6_3
tomcat6.noarch 6.0.24-45.el6
java-1.5.0-gcj.x86_64 1.5.0.0-29.1.el6
java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.48.1.11.3.el6_2
java_cup.x86_64 1:0.10k-5.el6
Thanks for your help.
George
>________________________________
> From: Ade Lee <a...@redhat.com>
>To: george he <george_...@yahoo.com>
>Cc: Rob Crittenden <rcrit...@redhat.com>; "freeipa-users@redhat.com"
><freeipa-users@redhat.com>
>Sent: Wednesday, September 5, 2012 10:46 AM
>Subject: Re: [Freeipa-users] ipa host-del
>
>The logs seem to show that the CA cannot find JSS.
>
>What versions of the following are on your system?
>pki-ca, pki-common, jss, nss, tomcat6, tomcat, java
>
>Is this a system that was working and now fails to work? Or is this a
>new instance?
>
>Ade
>On Wed, 2012-09-05 at 06:41 -0700, george he wrote:
>> there are somethign like these:
>>
>> type=AVC msg=audit(1346710042.243:56): avc: denied { execute } for
>> pid=4243 comm="gdm" name="arch" dev=dm-0 ino=786829
>> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
>> tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
>> type=AVC msg=audit(1346710042.243:57): avc: denied { execute } for
>> pid=4243 comm="gdm" name="arch" dev=dm-0 ino=786829
>> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
>> tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
>>
>>
>>
>> and some others like these:
>> type=AVC msg=audit(1346838993.154:2567): avc: denied { search } for
>> pid=17155 comm="java" name="gridengine" dev=dm-0 ino=391879
>> scontext=unconfined_u:system_r:pki_ca_t:s0
>> tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir
>> type=AVC msg=audit(1346838993.154:2568): avc: denied { search } for
>> pid=17155 comm="java" name="gridengine" dev=dm-0 ino=391879
>> scontext=unconfined_u:system_r:pki_ca_t:s0
>> tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir
>>
>>
>>
>> And yes, I did yum update recently.
>> Where else should I look?
>> Thanks,
>> George
>>
>>
>> ______________________________________________________________
>> From: Rob Crittenden <rcrit...@redhat.com>
>> To: george he <george_...@yahoo.com>
>> Cc: Ade Lee <a...@redhat.com>; "freeipa-users@redhat.com"
>> <freeipa-users@redhat.com>
>> Sent: Wednesday, September 5, 2012 8:40 AM
>> Subject: Re: [Freeipa-users] ipa host-del
>>
>>
>> george he wrote:
>> > here are the new errors:
>> > # rm /var/log/pki-ca/*
>> > # service dirsrv restart
>> > # service pki-cad restart
>> > # grep -i error /var/log/pki-ca/*
>> > /var/log/pki-ca/catalina.2012-09-05.log:WARNING: Error while
>> removing
>> > context [/ca]
>> > /var/log/pki-ca/catalina.2012-09-05.log:SEVERE: Error
>> initializing
>> > socket factory
>> >
>>/var/log/pki-ca/catalina.2012-09-05.log:java.lang.ClassNotFoundException:
>>Error
>> > loading SSL Implementation
>> > org.apache.tomcat.util.net.jss.JSSImplementation
>> > :java.lang.ClassNotFoundException:
>> org.mozilla.jss.ssl.SSLSocket
>> > /var/log/pki-ca/catalina.2012-09-05.log:LifecycleException:
>> Protocol
>> > handler initialization failed:
>> java.lang.ClassNotFoundException: Error
>> > loading SSL Implementation
>> > org.apache.tomcat.util.net.jss.JSSImplementation
>> > :java.lang.ClassNotFoundException:
>> org.mozilla.jss.ssl.SSLSocket
>> > /var/log/pki-ca/catalina.2012-09-05.log:SEVERE: Error
>> deploying web
>> > application directory ca
>> > /var/log/pki-ca/catalina.out:SEVERE: Error initializing
>> socket factory
>> > /var/log/pki-ca/catalina.out:java.lang.ClassNotFoundException:
>>Error
>> > loading SSL Implementation
>> > org.apache.tomcat.util.net.jss.JSSImplementation
>> > :java.lang.ClassNotFoundException:
>> org.mozilla.jss.ssl.SSLSocket
>> > /var/log/pki-ca/catalina.out:LifecycleException: Protocol
>> handler
>> > initialization failed: java.lang.ClassNotFoundException:
>> Error loading
>> > SSL Implementation
>> org.apache.tomcat.util.net.jss.JSSImplementation
>> > :java.lang.ClassNotFoundException:
>> org.mozilla.jss.ssl.SSLSocket
>> > /var/log/pki-ca/catalina.out:SEVERE: Error deploying web
>> application
>> > directory ca
>> > /var/log/pki-ca/catalina.out:SEVERE: Error initializing
>> socket factory
>> > /var/log/pki-ca/catalina.out:java.lang.ClassNotFoundException:
>>Error
>> > loading SSL Implementation
>> > org.apache.tomcat.util.net.jss.JSSImplementation
>> > :java.lang.ClassNotFoundException:
>> org.mozilla.jss.ssl.SSLSocket
>> > /var/log/pki-ca/catalina.out:LifecycleException: Protocol
>> handler
>> > initialization failed: java.lang.ClassNotFoundException:
>> Error loading
>> > SSL Implementation
>> org.apache.tomcat.util.net.jss.JSSImplementation
>> > :java.lang.ClassNotFoundException:
>> org.mozilla.jss.ssl.SSLSocket
>>
>> Hmm. Is there any additional information in the debug log? Any
>> AVCs in
>> /var/log/audit/audit.log?
>>
>> Have you updated any packages recently? I'm not sure why
>> dogtag would be
>> throwing this exception.
>>
>> rob
>>
>> >
>> >
>>
>>------------------------------------------------------------------------
>> > *From:* Rob Crittenden <rcrit...@redhat.com>
>> > *To:* george he <george_...@yahoo.com>
>> > *Cc:* John Dennis <jden...@redhat.com>;
>> "freeipa-users@redhat.com"
>> > <freeipa-users@redhat.com>
>> > *Sent:* Tuesday, September 4, 2012 9:49 PM
>> > *Subject:* Re: [Freeipa-users] ipa host-del
>> >
>> > george he wrote:
>> > > both of the commands "service dirsrv restart" and
>> "service pki-cad
>> > > restart" reported:
>> > > stopping ... OK
>> > > starting ... OK
>> > > but host-del still has the same error.
>> > > More suggestions?
>> >
>> > Check the logs again. The service starting does not mean
>> it kept
>> > running.
>> >
>> > rob
>> >
>> > > Thanks,
>> > > George
>> > >
>> > >
>> >
>>
>>------------------------------------------------------------------------
>> > > *From:* Rob Crittenden <rcrit...@redhat.com
>> > <mailto:rcrit...@redhat.com>>
>> > > *To:* george he <george_...@yahoo.com
>> > <mailto:george_...@yahoo.com>>
>> > > *Cc:* John Dennis <jden...@redhat.com
>> > <mailto:jden...@redhat.com>>; "freeipa-users@redhat.com
>> > <mailto:freeipa-users@redhat.com>"
>> > > <freeipa-users@redhat.com
>> <mailto:freeipa-users@redhat.com>>
>> > > *Sent:* Tuesday, September 4, 2012 4:20 PM
>> > > *Subject:* Re: [Freeipa-users] ipa host-del
>> > >
>> > > george he wrote:
>> > > > I'm running centos 6.3
>> > > > # uname -r
>> > > > 2.6.32-279.5.2.el6.x86_64
>> > > >
>> > > > pki-ca: unrecognized service
>> > > >
>> > > > There are tons of errors in /var/log/pki-ca/*,
>> some of
>> > them are:
>> > > > /var/log/pki-ca/system:11605.main -
>> [30/Aug/2012:16:34:56 EDT]
>> > > [3] [3]
>> > > > Cannot build CA chain. Error
>> > java.security.cert.CertificateException:
>> > > > Certificate is not a PKCS #11 certificate
>> > > > /var/log/pki-ca/system:11605.main -
>> [30/Aug/2012:16:34:56 EDT]
>> > > [13] [3]
>> > > > authz instance DirAclAuthz initialization
>> failed and skipped,
>> > > > error=Property internaldb.ldapconn.port
>> missing value
>> > > > /var/log/pki-ca/system:11605.http-9445-1 -
>> > [30/Aug/2012:16:35:01 EDT]
>> > > > [3] [3] Cannot build CA chain. Error
>> > > > java.security.cert.CertificateException:
>> Certificate is not a
>> > > PKCS #11
>> > > > certificate
>> > > > /var/log/pki-ca/system:11605.http-9445-1 -
>> > [30/Aug/2012:16:35:10 EDT]
>> > > > [3] [3] CASigningUnit: Object certificate not
>> found. Error
>> > > > org.mozilla.jss.crypto.ObjectNotFoundException
>> > > > /var/log/pki-ca/system:3281.main -
>> [31/Aug/2012:17:54:28
>> > EDT] [8]
>> > > [3] In
>> > > > Ldap (bound) connection pool to host
>> > cushing.psych.yale.edu port
>> > > 7389,
>> > > > Cannot connect to LDAP server. Error:
>> > netscape.ldap.LDAPException:
>> > > > failed to connect to server
>> > ldap://cushing.psych.yale.edu:7389 (91)
>> > > >
>> > >
>> > /var/log/pki-ca/catalina.2012-09-03.log:SEVERE: Error
>> > initializing
>> > > > socket factory
>> > > >
>> > >
>> >
>>
>>/var/log/pki-ca/catalina.2012-09-03.log:java.lang.ClassNotFoundException:
>> > > Error
>> > > > loading SSL Implementation
>> > > >
>> org.apache.tomcat.util.net.jss.JSSImplementation
>> > > > :java.lang.ClassNotFoundException:
>> > org.mozilla.jss.ssl.SSLSocket
>> > > >
>> >
>> /var/log/pki-ca/catalina.2012-09-03.log:LifecycleException:
>> Protocol
>> > > > handler initialization failed:
>> > java.lang.ClassNotFoundException:
>> > > Error
>> > > > loading SSL Implementation
>> > > >
>> org.apache.tomcat.util.net.jss.JSSImplementation
>> > > > :java.lang.ClassNotFoundException:
>> > org.mozilla.jss.ssl.SSLSocket
>> > >
>> > /var/log/pki-ca/catalina.2012-09-03.log:SEVERE: Error
>> > deploying web
>> > > > application directory ca
>> > >
>> > > The problem looks to be that the dogtag 389-ds
>> instance is not
>> > started.
>> > > I'd try: service dirsrv restart PKI-IPA
>> > >
>> > > Then service pki-cad restart
>> > >
>> > > rob
>> > >
>> > >
>> > >
>> > >
>> >
>> >
>> >
>>
>>
>>
>>
>
>
>
>
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users