On 10/24/2014 05:17 AM, Michael Lasevich wrote:
While upgrading from 4.0.1. to 4.1 on fedora 20 got following on one of the two

Upgrade failed with attribute "allowWeakCipher" not allowed
IPA upgrade failed.
Unexpected error
DuplicateEntry: This entry already exists

It seems the ipa no longer starts up after this. The replica server seems to
have had same error,but it runs just fine.

 From digging around, it appears that there are a number of GSS errors in
dirsrv and bind fails with something like:

named-pkcs11[2212]: ObjectStore.cpp(74): Failed to open token
named-pkcs11[2212]: sha1.c:92: fatal error:
named-pkcs11[2212]: RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST,
isc_boolean_true, isc_boolean_false, isc_boolean_false, ((void *)0), 0) == 0)

Any help would be appreciated


What Directory Server version do you use? This is an attribute introduced in 389-ds-base 1.3.3+ which should be included in the FreeIPA Copr (DS 1.3.3 is native to F21+). CCing Ludwig to advise further.


Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to