[Freeipa-users] Errors upgrading 4.0.1 to 4.1
Martin Basti
mbasti at redhat.com
Thu Oct 30 18:12:32 UTC 2014
On 24/10/14 05:17, Michael Lasevich wrote:
> While upgrading from 4.0.1. to 4.1 on fedora 20 got following on one
> of the two boxes:
>
> Upgrade failed with attribute "allowWeakCipher" not allowed
> IPA upgrade failed.
> Unexpected error
> DuplicateEntry: This entry already exists
>
Named errors are caused by cascade effect, if ldap schema and entry
updates failed, there is misconfigured DS plugin which is responsible to
keep DNSSEC keys DN unique, what causes duplication errors.
DuplicateEntry exception is fatal, so dnskeysyncd installation will not
continue,
what causes there are not appropriate permissions for token database,
and named-pkcs11 can't read tokens.
>
>
> It seems the ipa no longer starts up after this. The replica server
> seems to have had same error,but it runs just fine.
>
> From digging around, it appears that there are a number of GSS errors
> in dirsrv and bind fails with something like:
>
> named-pkcs11[2212]: ObjectStore.cpp(74): Failed to open token
> e919db16-6329-406c-6ae4-120ad68508c4
> named-pkcs11[2212]: sha1.c:92: fatal error:
> named-pkcs11[2212]: RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST,
> isc_boolean_true, isc_boolean_false, isc_boolean_false, ((void *)0),
> 0) == 0) failed
>
> Any help would be appreciated
>
>
> -M
>
>
>
--
Martin Basti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141030/a27bd843/attachment.htm>
More information about the Freeipa-users
mailing list