I checked the logs that turned up after running the find command suggested
by Jochen and only a couple of them turned up anything that mention pki or
pki-tomcat:

from /var/log/audit/audit.log:
type=SERVICE_START msg=audit(1508873851.623:163448): pid=1 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='unit=pki-tomcatd@pki-tomcat comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

from /var/log/messages:
Oct 26 16:01:58 ipa1 ns-slapd: [26/Oct/2017:16:01:58.077129423 -0600] - ERR
- slapi_ldap_bind - Error: could not bind id [cn=Replication Manager
cloneAgreement1-ipa2.chem.byu.edu-pki-tomcat,ou=csusers,cn=config]
authentication mechanism [SIMPLE]: error 32 (No such object)
Oct 26 16:01:58 ipa1 named-pkcs11[16463]: client 192.168.105.11#37937:
request has invalid signature: TSIG DHCP_UPDATER: tsig verify failure
(BADKEY)



On Thu, Oct 26, 2017 at 2:32 PM, Jochen Hein <joc...@jochen.org> wrote:

> Kristian Petersen via FreeIPA-users
> <freeipa-users@lists.fedorahosted.org> writes:
>
> > The dirsrv log just shows a bunch of the following:
> > [13/Oct/2017:14:32:07.132312021 -0600] - ERR - slapi_ldap_bind - Error:
> > could not bind id [cn=Replication Manager cloneAgreement1-ipa
> > 2.chem.byu.edu-pki-tomcat,ou=csusers,cn=config] authentication mechanism
> > [SIMPLE]: error 32 (No such object)
> >
> > That makes sense though since pki-tomcat won't start.  Rob was asking
> what
> > was in the logs located at /var/log/pki/pki-tomcat/ca/debug, but that
> path
> > doesn't exist on any of my IPA servers.  He said that would normally be
> the
> > first place to look.  Hence, I am looking for other solutions.
>
> Brute force: reproduce the error and run "find /var/log -mmin -1 -type f
> -ls".
> This finds the files changed in the last minute - one of these might
> help.
>
> Jochen
>
> --
> This space is intentionally left blank.
>



-- 
Kristian Petersen
System Administrator
Dept. of Chemistry and Biochemistry
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to