On 10/24/2014 09:44 AM, Martin Kosek wrote:
On 10/24/2014 05:17 AM, Michael Lasevich wrote:
While upgrading from 4.0.1. to 4.1 on fedora 20 got following on one
of the two
boxes:
Upgrade failed with attribute "allowWeakCipher" not allowed
IPA upgrade failed.
Unexpected error
DuplicateEntry: This entry already exists
It seems the ipa no longer starts up after this. The replica server
seems to
have had same error,but it runs just fine.
From digging around, it appears that there are a number of GSS
errors in
dirsrv and bind fails with something like:
named-pkcs11[2212]: ObjectStore.cpp(74): Failed to open token
e919db16-6329-406c-6ae4-120ad68508c4
named-pkcs11[2212]: sha1.c:92: fatal error:
named-pkcs11[2212]: RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST,
isc_boolean_true, isc_boolean_false, isc_boolean_false, ((void *)0),
0) == 0)
failed
Any help would be appreciated
-M
What Directory Server version do you use? This is an attribute
introduced in 389-ds-base 1.3.3+ which should be included in the
FreeIPA Copr (DS 1.3.3 is native to F21+). CCing Ludwig to advise
further.
can you check your schema files for the definition of the
nsEncryptionConfig objectclass, itshould be only in 01core389.ldif and
contain allowWeakCipher, but it could have been added also to
99user.ldif during replication when schema changes have been comsolodated.
Thanks,
Martin
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project