[Freeipa-users] Errors upgrading 4.0.1 to 4.1

Martin Kosek mkosek at redhat.com
Fri Oct 24 07:44:00 UTC 2014


On 10/24/2014 05:17 AM, Michael Lasevich wrote:
> While upgrading from 4.0.1. to 4.1 on fedora 20 got following on one of the two
> boxes:
>
> Upgrade failed with attribute "allowWeakCipher" not allowed
> IPA upgrade failed.
> Unexpected error
> DuplicateEntry: This entry already exists
>
>
> It seems the ipa no longer starts up after this. The replica server seems to
> have had same error,but it runs just fine.
>
>  From digging around, it appears that there are a number of GSS errors in
> dirsrv and bind fails with something like:
>
> named-pkcs11[2212]: ObjectStore.cpp(74): Failed to open token
> e919db16-6329-406c-6ae4-120ad68508c4
> named-pkcs11[2212]: sha1.c:92: fatal error:
> named-pkcs11[2212]: RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST,
> isc_boolean_true, isc_boolean_false, isc_boolean_false, ((void *)0), 0) == 0)
> failed
>
> Any help would be appreciated
>
>
> -M

What Directory Server version do you use? This is an attribute introduced in 
389-ds-base 1.3.3+ which should be included in the FreeIPA Copr (DS 1.3.3 is 
native to F21+). CCing Ludwig to advise further.

Thanks,
Martin




More information about the Freeipa-users mailing list