[Freeipa-users] Latest FreeIPA update causing problems

Rich Megginson rmeggins at redhat.com
Thu Feb 16 15:37:28 UTC 2012 

On 02/16/2012 08:26 AM, Dan Scott wrote:
> Hi,
>
> I have recently upgraded one of my FreeIPA servers (Fedora 16) with
> the latest package versions:
>
> Feb 15 14:10:19 Updated: libselinux-2.1.6-6.fc16.x86_64
> Feb 15 14:10:20 Updated: krb5-libs-1.9.2-6.fc16.x86_64
> Feb 15 14:10:21 Updated: systemd-37-13.fc16.x86_64
> Feb 15 14:10:22 Updated: systemd-units-37-13.fc16.x86_64
> Feb 15 14:10:22 Updated: device-mapper-libs-1.02.65-6.fc16.x86_64
> Feb 15 14:10:22 Updated: device-mapper-1.02.65-6.fc16.x86_64
> Feb 15 14:10:23 Updated: rpm-4.9.1.2-5.fc16.x86_64
> Feb 15 14:10:24 Updated: rpm-libs-4.9.1.2-5.fc16.x86_64
> Feb 15 14:10:24 Updated: device-mapper-event-libs-1.02.65-6.fc16.x86_64
> Feb 15 14:10:26 Updated: freeipa-python-2.1.4-5.fc16.x86_64
> Feb 15 14:10:26 Updated: systemd-sysv-37-13.fc16.x86_64
> Feb 15 14:10:27 Updated: krb5-server-1.9.2-6.fc16.x86_64
> Feb 15 14:10:27 Updated: krb5-server-ldap-1.9.2-6.fc16.x86_64
> Feb 15 14:10:27 Updated: device-mapper-event-1.02.65-6.fc16.x86_64
> Feb 15 14:10:28 Updated: lvm2-libs-2.02.86-6.fc16.x86_64
> Feb 15 14:10:28 Updated: rpm-build-libs-4.9.1.2-5.fc16.x86_64
> Feb 15 14:10:28 Updated: mod_auth_kerb-5.4-8.fc16.x86_64
> Feb 15 14:10:28 Updated: 389-ds-base-libs-1.2.10-0.10.rc1.fc16.x86_64
> Feb 15 14:10:30 Updated: 389-ds-base-1.2.10-0.10.rc1.fc16.x86_64
> Feb 15 14:10:31 Updated: krb5-pkinit-openssl-1.9.2-6.fc16.x86_64
> Feb 15 14:10:31 Updated: krb5-workstation-1.9.2-6.fc16.x86_64
> Feb 15 14:10:31 Updated: freeipa-client-2.1.4-5.fc16.x86_64
> Feb 15 14:10:31 Updated: freeipa-admintools-2.1.4-5.fc16.x86_64
> Feb 15 14:11:47 Updated: freeipa-server-2.1.4-5.fc16.x86_64
> Feb 15 14:15:19 Updated: freeipa-server-selinux-2.1.4-5.fc16.x86_64
> Feb 15 14:15:19 Updated: rpm-python-4.9.1.2-5.fc16.x86_64
> Feb 15 14:15:20 Updated: lvm2-2.02.86-6.fc16.x86_64
> Feb 15 14:15:20 Updated: libselinux-python-2.1.6-6.fc16.x86_64
> Feb 15 14:15:20 Updated: libselinux-utils-2.1.6-6.fc16.x86_64
> Feb 15 14:15:21 Updated: alsa-lib-1.0.25-1.fc16.x86_64
> Feb 15 14:15:30 Installed: kernel-3.2.6-3.fc16.x86_64
>
> I am having major problems with freeipa services (I replaced my real
> domain with example.com):
>
> [root at fileserver3 ~]# ipactl status
> Directory Service: STOPPED
> Unknown error when retrieving list of services from LDAP: [Errno 111]
> Connection refused
> [root at fileserver3 ~]# ipactl start
> Starting Directory Service
> Failed to read data from Directory Service: Failed to get list of
> services to probe status!
> Configured hostname 'fileserver3.example.com' does not match any
> master server in LDAP:
> No master found because of error: {'matched': 'dc=example,dc=com',
> 'desc': 'No such object'}
> Shutting down
> [root at fileserver3 ~]#
>
> None of the IPA processes will start. The dirsrv error log shows:
>
> [16/Feb/2012:10:20:23 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328
> starting up
> [16/Feb/2012:10:20:23 -0500] schema-compat-plugin - warning: no
> entries set up under cn=groups, cn=compat,dc=example,dc=com
> [16/Feb/2012:10:20:23 -0500] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=example,dc=com
> [16/Feb/2012:10:20:23 -0500] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=example,dc=com
> [16/Feb/2012:10:20:23 -0500] schema-compat-plugin - warning: no
> entries set up under cn=users, cn=compat,dc=example,dc=com
> [16/Feb/2012:10:20:23 -0500] dna-plugin - dna_parse_config_entry:
> Unable to locate shared configuration entry
> (cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com)
> [16/Feb/2012:10:20:23 -0500] dna-plugin - dna_parse_config_entry:
> Invalid config entry [cn=posix ids,cn=distributed numeric assignment
> plugin,cn=plugins,cn=config] skipped
> [16/Feb/2012:10:20:23 -0500] - slapd started.  Listening on All
> Interfaces port 389 for LDAP requests
> [16/Feb/2012:10:20:23 -0500] - Listening on All Interfaces port 636
> for LDAPS requests
> [16/Feb/2012:10:20:23 -0500] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [16/Feb/2012:10:20:23 -0500] - slapd shutting down - signaling operation threads
> [16/Feb/2012:10:20:23 -0500] - slapd shutting down - closing down
> internal subsystems and plugins
> [16/Feb/2012:10:20:24 -0500] - Waiting for 4 database threads to stop
> [16/Feb/2012:10:20:24 -0500] - All database threads now stopped
> [16/Feb/2012:10:20:24 -0500] - slapd stopped.
>
> Can someone help?
start your directory server - systemctl start dirsrv.target
do a search for the dna entries:
ldapsearch -xLLL -D "cn=directory manager" -W -s one -b 
"cn=dna,cn=ipa,cn=etc,dc=example,dc=com"

and
ldapsearch -xLLL -D "cn=directory manager" -W -s one -b "cn=distributed 
numeric assignment
plugin,cn=plugins,cn=config"

> Thanks,
>
> Dan
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list