Dear list,
In trying to escape from the various issues facing the ubuntu freeipa, I
attempted to make the switch to Fedora 26 (same freeipa version 4.4.4).
This seemed to go well (adding new replica first, and then replacing the
ubuntu based installs), but I notice on my fedora boxes several warnings in
/v/l/messages (pasted below). Firstly, are these harmful, and what might I
need to rectify!? I have a half baked theory that this might relate to some
of the aspects that were broken in ubuntu and carrying their breakage
across to the new platform!
Secondly - could they relate to an issue I am seeing where one specific
LDAPS client application is failing to verify the ldap server cert (even
thought other clients are quite happy talking to it) since the ipa server
reinstall?
Advice appreciated, thank you in advance!
David
Jan 4 11:53:09 ipa3 server[1357]: WARNING: Problem with JAR file
[/usr/share/pki/server/common/lib/symkey.jar], exists: [false], canRead:
[false]
Jan 4 11:53:09 ipa3 ntpd[1200]: Soliciting pool server 45.79.111.114
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'enableOCSP' to 'false' did not find a matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderURL' to 'http://ipa3.thomac.net:9080/ca/ocsp' did not find a
matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspResponderCertNickname' to 'ocspSigningCert cert-pki-ca' did not find a
matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspCacheSize' to '1000' did not find a matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMinCacheEntryDuration' to '60' did not find a matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspMaxCacheEntryDuration' to '120' did not find a matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ocspTimeout' to '10' did not find a matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'strictCiphers' to 'true' did not find a matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslOptions' to 'ssl2=false,ssl3=false,tls=true' did not find a matching
property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ssl2Ciphers' to
'-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5'
did not find a matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'ssl3Ciphers' to
'-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'tlsCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeStream' to 'tls1_0:tls1_2' did not find a matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslVersionRangeDatagram' to 'tls1_1:tls1_2' did not find a matching
property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'sslRangeCiphers' to
'-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_RSA_WITH_AES_128_CBC_SHA,-TLS_DHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,-TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_RSA_WITH_AES_128_CBC_SHA256,-TLS_RSA_WITH_AES_256_CBC_SHA256,-TLS_RSA_WITH_AES_128_GCM_SHA256,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA'
did not find a matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'serverCertNickFile' to '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf'
did not find a matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'passwordFile' to '/var/lib/pki/pki-tomcat/conf/password.conf' did not find
a matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'passwordClass' to 'org.apache.tomcat.util.net.jss.PlainPasswordFile' did
not find a matching property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'certdbDir' to '/var/lib/pki/pki-tomcat/alias' did not find a matching
property.
Jan 4 11:53:10 ipa3 server[1357]: WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host/Valve} Setting property
'resolveHosts' to 'false' did not find a matching property.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
