[Freeipa-devel] [krb5kdc] LDAP handle unavailable: Can't contact LDAP server on kinit
Zoran Pericic
zpericic at inet.hr
Sun Dec 26 20:09:34 UTC 2010
Hi,
I have strange problem with krb5 krb5-server-ldap and FC14. Tried to
resolve it my self, but i'am stuck. Stangest thing is that all of this
work perfectly with fc13 so it's no config issue. I could not find any
major difference in krb5 from fc13 to fc14. Only thing is that libldap
from openldap-clients is compiled with mozilla nss (fc14) instead of
OpenSSL (fc13) but krb5kdc is connected to ldap servers which I
confirmed in ldap server logs, so it should not be TLS related problem.
krb5kdc bind for first time and get realm related stuff. But when I run
kinit it returns "kinit: Generic error (see e-text) while getting
initial credentials".
Strangest this is that all works perfectly if I manually run krb5kdc
"/usr/sbin/krb5kdc -r ST -P /var/run/krb5kdc.pid" instead of using
initscripts.
Attached krb5.conf, patch to enhance krb5kdc debugging and log file
created with this patch included.
This may not be right list but I think that freeipa should have same
bug. Feel free to ask for more debugging or probing new patches.
Best regards,
Zoran Pericic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5-1.8.2-debug.patch
Type: text/x-patch
Size: 5646 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20101226/8e59f2ef/attachment.bin>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: krb5.conf
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20101226/8e59f2ef/attachment.conf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5kdc.log
Type: text/x-log
Size: 3974 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20101226/8e59f2ef/attachment-0001.bin>
More information about the Freeipa-devel
mailing list