On 30/10/14 19:18, Michael Lasevich wrote:
Makes sense. What is the solution here?
I have the latest 389-ds installed but still getting "allowWeakCipher"
error - how to I get around that?
Sorry I don't know, I CCied Ludwig, he is DS guru.
On 10/30/14, 11:12 AM, Martin Basti wrote:
On 24/10/14 05:17, Michael Lasevich wrote:
While upgrading from 4.0.1. to 4.1 on fedora 20 got following on one
of the two boxes:
Upgrade failed with attribute "allowWeakCipher" not allowed
IPA upgrade failed.
DuplicateEntry: This entry already exists
Named errors are caused by cascade effect, if ldap schema and entry
updates failed, there is misconfigured DS plugin which is responsible
to keep DNSSEC keys DN unique, what causes duplication errors.
DuplicateEntry exception is fatal, so dnskeysyncd installation will
what causes there are not appropriate permissions for token database,
and named-pkcs11 can't read tokens.
It seems the ipa no longer starts up after this. The replica server
seems to have had same error,but it runs just fine.
From digging around, it appears that there are a number of GSS
errors in dirsrv and bind fails with something like:
named-pkcs11: ObjectStore.cpp(74): Failed to open token
named-pkcs11: sha1.c:92: fatal error:
named-pkcs11: RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST,
isc_boolean_true, isc_boolean_false, isc_boolean_false, ((void *)0),
0) == 0) failed
Any help would be appreciated
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project