Hello,
after Updating my FreeIPA Machine with the following Packages 389-ds-base-1.4.1.8-4.fc30.x86_64 and 389-ds-base-libs-1.4.1.8-4.fc30.x86_64
my IPAServer will not start because of a Dirsrv Error:
[28/Oct/2019:15:24:33.197006547 +0100] - INFO - main - 389-Directory/1.4.1.8 B2019.288.179 starting up [28/Oct/2019:15:24:33.305073561 +0100] - INFO - main - Setting the maximum file descriptor limit to: 524288 [28/Oct/2019:15:24:34.015432996 +0100] - INFO - PBKDF2_SHA256 - Based on CPU performance, chose 2048 rounds [28/Oct/2019:15:24:34.148313874 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [28/Oct/2019:15:24:34.183483952 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [28/Oct/2019:15:24:34.216059053 +0100] - INFO - ldbm_instance_config_cachememsize_set - force a minimal value 512000 [28/Oct/2019:15:24:34.249251920 +0100] - NOTICE - ldbm_back_start - found 2034812k physical memory [28/Oct/2019:15:24:34.271787887 +0100] - NOTICE - ldbm_back_start - found 627800k available [28/Oct/2019:15:24:34.305153307 +0100] - NOTICE - ldbm_back_start - cache autosizing: db cache: 50870k [28/Oct/2019:15:24:34.346820319 +0100] - NOTICE - ldbm_back_start - cache autosizing: userRoot entry cache (3 total): 65536k [28/Oct/2019:15:24:34.380215639 +0100] - NOTICE - ldbm_back_start - cache autosizing: userRoot dn cache (3 total): 65536k [28/Oct/2019:15:24:34.413883565 +0100] - NOTICE - ldbm_back_start - cache autosizing: ipaca entry cache (3 total): 65536k [28/Oct/2019:15:24:34.446900772 +0100] - NOTICE - ldbm_back_start - cache autosizing: ipaca dn cache (3 total): 65536k [28/Oct/2019:15:24:34.480404651 +0100] - NOTICE - ldbm_back_start - cache autosizing: changelog entry cache (3 total): 65536k [28/Oct/2019:15:24:34.513586337 +0100] - NOTICE - ldbm_back_start - cache autosizing: changelog dn cache (3 total): 65536k [28/Oct/2019:15:24:34.545455448 +0100] - NOTICE - ldbm_back_start - total cache size: 444326133 B; [28/Oct/2019:15:24:34.660654207 +0100] - INFO - dblayer_start - Resizing db cache size: 82532761 -> 41672949 [28/Oct/2019:15:24:35.305068723 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher AES [28/Oct/2019:15:24:35.346977418 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [28/Oct/2019:15:24:35.389013473 +0100] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher 3DES [28/Oct/2019:15:24:35.430350643 +0100] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [28/Oct/2019:15:24:35.472051056 +0100] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption. [28/Oct/2019:15:24:35.712098113 +0100] - ERR - schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after the server startup! [28/Oct/2019:15:24:35.767825035 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:35.847642467 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:35.889335963 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:35.906058664 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:35.922645682 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:35.939342751 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:35.973017877 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:35.997578015 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:36.047582540 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:36.122682002 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:36.175397700 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:36.222712999 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:36.255979639 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:36.400353621 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:36.464434060 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:36.570672924 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:36.638393241 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:36.697648930 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=ipatest,dc=intranet,dc=xxx,dc=de does not exist [28/Oct/2019:15:24:36.839033805 +0100] - WARN - NSACLPlugin - acl_parse - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist [28/Oct/2019:15:24:36.903400951 +0100] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=ipatest,dc=intranet,dc=xxx,dc=de--no CoS Templates found, which should be added before the CoS Definition. [28/Oct/2019:15:24:37.113354944 +0100] - ERR - set_krb5_creds - Could not get initial credentials for principal [ldap/ipa4.ipatest.intranet.XXX.de@IPATEST.INTRANET.XXX.DE] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested realm) [28/Oct/2019:15:24:37.132921236 +0100] - ERR - set_krb5_creds - Could not get initial credentials for principal [ldap/ipa4.ipatest.intranet.XXX.de@IPATEST.INTRANET.XXX.DE] in keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested realm) [28/Oct/2019:15:24:37.152041659 +0100] - INFO - slapd_daemon - slapd started. Listening on All Interfaces port 389 for LDAP requests [28/Oct/2019:15:24:37.165159407 +0100] - INFO - slapd_daemon - Listening on All Interfaces port 636 for LDAPS requests [28/Oct/2019:15:24:37.184192580 +0100] - INFO - slapd_daemon - Listening on /var/run/slapd-IPATEST-INTRANET-XXX-DE.socket for LDAPI requests [28/Oct/2019:15:24:37.249042042 +0100] - ERR - schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds! [28/Oct/2019:15:24:42.261321976 +0100] - ERR - schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=ipatest,dc=intranet,dc=XXX,dc=de [28/Oct/2019:15:24:42.336666961 +0100] - ERR - schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=ipatest,dc=intranet,dc=XXX,dc=de [28/Oct/2019:15:24:42.381915111 +0100] - ERR - schema-compat-plugin - Finished plugin initialization. [28/Oct/2019:15:51:27.596490424 +0100] - INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 3 max work q size 4 max work q stack size 4 [28/Oct/2019:15:51:27.885286001 +0100] - INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins
This IPA Server is one of my replica setup here at work at the other works fine. At home after the update i have the same problems, Any Help?
Regards
Dirk
freeipa-users@lists.fedorahosted.org