Makes sense. What is the solution here?
I have the latest 389-ds installed but still getting "allowWeakCipher"
error - how to I get around that?
On 10/30/14, 11:12 AM, Martin Basti wrote:
> On 24/10/14 05:17, Michael Lasevich wrote:
>> While upgrading from 4.0.1. to 4.1 on fedora 20 got following on one
>> of the two boxes:
>> Upgrade failed with attribute "allowWeakCipher" not allowed
>> IPA upgrade failed.
>> Unexpected error
>> DuplicateEntry: This entry already exists
> Named errors are caused by cascade effect, if ldap schema and entry
> updates failed, there is misconfigured DS plugin which is responsible
> to keep DNSSEC keys DN unique, what causes duplication errors.
> DuplicateEntry exception is fatal, so dnskeysyncd installation will
> not continue,
> what causes there are not appropriate permissions for token database,
> and named-pkcs11 can't read tokens.
>> It seems the ipa no longer starts up after this. The replica server
>> seems to have had same error,but it runs just fine.
>> From digging around, it appears that there are a number of GSS errors
>> in dirsrv and bind fails with something like:
>> named-pkcs11: ObjectStore.cpp(74): Failed to open token
>> named-pkcs11: sha1.c:92: fatal error:
>> named-pkcs11: RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST,
>> isc_boolean_true, isc_boolean_false, isc_boolean_false, ((void *)0),
>> 0) == 0) failed
>> Any help would be appreciated
> Martin Basti
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project