[Freeipa-users] F20 Problem upgrading to 4.1
John Obaterspok
john.obaterspok at gmail.com
Sun Oct 26 20:39:08 UTC 2014
Hi,
I enabled mkosek-freeipa repo for F20 and updated freeipa-server from 3.3.5
to 4.1. The yum update reported just a single error:
Could not load host key: /etc/ssh/ssh_host_dsa_key
After reboot I had 3 services that failed to start:
ipa, kadmin, named-pkcs11
Doing "strace -f named-pkcs11 -u named -f -g" I can see:
"/var/lib/softhsm/tokens/" => -1 EACCES (Permission denied)
initializing DST: PKCS#11 initialization failed
exiting (due to fatal error)
For kadmin the error is due to not being able to connect to sldap
I noticed that softhsm2-util --show-slots reported "ERROR: Could not
initialize the library." But that seemed to be because krb5-libs/openssl
wasn't part of the update. After that I could show the default slot and
then I manually called following (as root):
"/usr/bin/softhsm2-util --init-token --slot 0 --label ipaDNSSEC --pin
XXXXXXXX --so-pin XXXXXXXX"
But the problems won't go away. Any clues?
-- john
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141026/068ff10f/attachment.htm>
More information about the Freeipa-users
mailing list