[Freeipa-users] Error during ipa-replica-install
Marco Pizzoli
marco.pizzoli at gmail.com
Tue Mar 20 11:58:12 UTC 2012
Hi guys,
I'm running this version of FreeIPA:
[root at freeipa03 ~]# rpm -qa|grep freeipa
freeipa-server-selinux-2.1.90.rc1-0.fc16.x86_64
freeipa-server-2.1.90.rc1-0.fc16.x86_64
freeipa-admintools-2.1.90.rc1-0.fc16.x86_64
freeipa-client-2.1.90.rc1-0.fc16.x86_64
freeipa-python-2.1.90.rc1-0.fc16.x86_64
I'm having this problem:
[root at freeipa03 ~]# ipa-replica-install --setup-dns --no-forwarders
/var/lib/ipa/replica-info-freeipa03.unix.mydomain.it.gpg
Directory Manager (existing master) password:
Run connection check to master
Check connection from replica to remote master 'freeipa01.unix.mydomain.it':
Directory Service: Unsecure port (389): OK
Directory Service: Secure port (636): OK
Kerberos KDC: TCP (88): OK
Kerberos Kpasswd: TCP (464): OK
HTTP Server: Unsecure port (80): OK
HTTP Server: Secure port (443): OK
The following list of ports use UDP protocol and would need to be
checked manually:
Kerberos KDC: UDP (88): SKIPPED
Kerberos Kpasswd: UDP (464): SKIPPED
Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
admin at UNIX.MYDOMAIN.IT password:
Cannot acquire Kerberos ticket: kinit: Invalid message type while getting
initial credentials
Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck
parameter.
-------------------
I don't have any firewall between freeipa03 and freeipa01.
This is what I have in my /var/log/messages file:
Mar 20 12:03:51 freeipa03 sssd: Starting up
Mar 20 12:03:51 freeipa03 sssd[be[unix.mydomain.it]]: Starting up
Mar 20 12:03:52 freeipa03 ntpd_intres[773]: host name not found:
0.fedora.pool.ntp.org
Mar 20 12:03:52 freeipa03 ntpd_intres[773]: host name not found:
1.fedora.pool.ntp.org
Mar 20 12:03:52 freeipa03 ntpd_intres[773]: host name not found:
2.fedora.pool.ntp.org
Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Successfully called chroot().
Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Successfully dropped remaining
capabilities.
Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Loading service file
/services/ssh.service.
Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Loading service file
/services/udisks.service.
Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Network interface enumeration
completed.
Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Registering HINFO record with
values 'X86_64'/'LINUX'.
Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Server startup complete. Host
name is freeipa03.local. Local service cookie is 3668475942.
Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Service "freeipa03"
(/services/udisks.service) successfully established.
Mar 20 12:03:52 freeipa03 avahi-daemon[734]: Service "freeipa03"
(/services/ssh.service) successfully established.
Mar 20 12:03:52 freeipa03 systemd-logind[764]: New seat seat0.
Mar 20 12:03:53 freeipa03 sssd[pam]: Starting up
Mar 20 12:03:53 freeipa03 sssd[nss]: Starting up
Mar 20 12:03:53 freeipa03 network[765]: Bringing up loopback interface: [
OK ]
Mar 20 12:03:54 freeipa03 kernel: [ 25.724015] e1000: eth0 NIC Link is Up
1000 Mbps Full Duplex, Flow Control: None
Mar 20 12:03:55 freeipa03 avahi-daemon[734]: Registering new address record
for fe80::20c:29ff:fedc:9788 on eth0.*.
Mar 20 12:03:56 freeipa03 avahi-daemon[734]: Joining mDNS multicast group
on interface eth0.IPv4 with address 192.168.146.134.
Mar 20 12:03:56 freeipa03 avahi-daemon[734]: New relevant interface
eth0.IPv4 for mDNS.
Mar 20 12:03:56 freeipa03 avahi-daemon[734]: Registering new address record
for 192.168.146.134 on eth0.IPv4.
Mar 20 12:03:56 freeipa03 network[765]: Bringing up interface eth0: [ OK
]
Mar 20 12:03:57 freeipa03 kernel: [ 28.697268] 8021q: 802.1Q VLAN Support
v1.8
Mar 20 12:03:57 freeipa03 kernel: [ 28.697283] 8021q: adding VLAN 0 to HW
filter on device eth0
Mar 20 12:03:57 freeipa03 rpc.statd[994]: Version 1.2.5 starting
Mar 20 12:03:57 freeipa03 ntpd[741]: Listen normally on 4 eth0
192.168.146.134 UDP 123
Mar 20 12:03:57 freeipa03 ntpd[741]: Listen normally on 5 eth0
fe80::20c:29ff:fedc:9788 UDP 123
Mar 20 12:03:57 freeipa03 ntpd[741]: peers refreshed
Mar 20 12:03:57 freeipa03 sm-notify[995]: Version 1.2.5 starting
Mar 20 12:03:58 freeipa03 systemd[1]: PID file /run/sendmail.pid not
readable (yet?) after start.
Mar 20 12:04:04 freeipa03 ntpd_intres[773]: host name not found:
0.fedora.pool.ntp.org
Mar 20 12:04:07 freeipa03 systemd[1]: PID file /var/run/krb5kdc.pid not
readable (yet?) after start.
Mar 20 12:04:09 freeipa03 ntpd_intres[773]: host name not found:
1.fedora.pool.ntp.org
Mar 20 12:04:10 freeipa03 named[1113]: starting BIND
9.8.2rc2-RedHat-9.8.2-0.4.rc2.fc16 -u named
Mar 20 12:04:10 freeipa03 named[1113]: built with
'--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu'
'--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr'
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include'
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var'
'--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static'
'--disable-openssl-version-check' '--enable-exportlib'
'--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include'
'--includedir=/usr/include/bind9'
'--with-pkcs11=/usr/lib64/pkcs11/PKCS11_API.so' '--with-dlz-ldap=yes'
'--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
'--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego'
'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu'
'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE'
Mar 20 12:04:10 freeipa03 named[1113]:
----------------------------------------------------
Mar 20 12:04:10 freeipa03 named[1113]: BIND 9 is maintained by Internet
Systems Consortium,
Mar 20 12:04:10 freeipa03 named[1113]: Inc. (ISC), a non-profit 501(c)(3)
public-benefit
Mar 20 12:04:10 freeipa03 named[1113]: corporation. Support and training
for BIND 9 are
Mar 20 12:04:10 freeipa03 named[1113]: available at
https://www.isc.org/support
Mar 20 12:04:10 freeipa03 named[1113]:
----------------------------------------------------
Mar 20 12:04:10 freeipa03 named[1113]: adjusted limit on open files from
4096 to 1048576
Mar 20 12:04:10 freeipa03 named[1113]: found 1 CPU, using 1 worker thread
Mar 20 12:04:10 freeipa03 named[1113]: using up to 4096 sockets
Mar 20 12:04:10 freeipa03 named[1113]: loading configuration from
'/etc/named.conf'
Mar 20 12:04:10 freeipa03 named[1113]: using default UDP/IPv4 port range:
[1024, 65535]
Mar 20 12:04:10 freeipa03 named[1113]: using default UDP/IPv6 port range:
[1024, 65535]
Mar 20 12:04:10 freeipa03 named[1113]: listening on IPv6 interfaces, port 53
Mar 20 12:04:10 freeipa03 named[1113]: listening on IPv4 interface lo,
127.0.0.1#53
Mar 20 12:04:10 freeipa03 named[1113]: listening on IPv4 interface eth0,
192.168.146.134#53
Mar 20 12:04:10 freeipa03 named[1113]: generating session key for dynamic
DNS
Mar 20 12:04:10 freeipa03 named[1113]: sizing zone task pool based on 6
zones
Mar 20 12:04:10 freeipa03 named[1113]: set up managed keys zone for view
_default, file 'managed-keys.bind'
Mar 20 12:04:10 freeipa03 named[1113]: Warning:
'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty
zones
Mar 20 12:04:10 freeipa03 named[1113]: automatic empty zone:
127.IN-ADDR.ARPA
Mar 20 12:04:10 freeipa03 named[1113]: automatic empty zone:
254.169.IN-ADDR.ARPA
Mar 20 12:04:10 freeipa03 named[1113]: automatic empty zone:
2.0.192.IN-ADDR.ARPA
Mar 20 12:04:10 freeipa03 named[1113]: automatic empty zone:
100.51.198.IN-ADDR.ARPA
Mar 20 12:04:10 freeipa03 named[1113]: automatic empty zone:
113.0.203.IN-ADDR.ARPA
Mar 20 12:04:10 freeipa03 named[1113]: automatic empty zone:
255.255.255.255.IN-ADDR.ARPA
Mar 20 12:04:10 freeipa03 named[1113]: automatic empty zone:
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Mar 20 12:04:10 freeipa03 named[1113]: automatic empty zone: D.F.IP6.ARPA
Mar 20 12:04:10 freeipa03 named[1113]: automatic empty zone: 8.E.F.IP6.ARPA
Mar 20 12:04:10 freeipa03 named[1113]: automatic empty zone: 9.E.F.IP6.ARPA
Mar 20 12:04:10 freeipa03 named[1113]: automatic empty zone: A.E.F.IP6.ARPA
Mar 20 12:04:10 freeipa03 named[1113]: automatic empty zone: B.E.F.IP6.ARPA
Mar 20 12:04:10 freeipa03 named[1113]: automatic empty zone:
8.B.D.0.1.0.0.2.IP6.ARPA
Mar 20 12:04:11 freeipa03 named[1113]: command channel listening on
127.0.0.1#953
Mar 20 12:04:11 freeipa03 named[1113]: command channel listening on ::1#953
Mar 20 12:04:11 freeipa03 named[1113]: zone 0.in-addr.arpa/IN: loaded
serial 0
Mar 20 12:04:11 freeipa03 named[1113]: zone 1.0.0.127.in-addr.arpa/IN:
loaded serial 0
Mar 20 12:04:11 freeipa03 named[1113]: zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:
loaded serial 0
Mar 20 12:04:11 freeipa03 named[1113]: zone localhost.localdomain/IN:
loaded serial 0
Mar 20 12:04:11 freeipa03 named[1113]: zone localhost/IN: loaded serial 0
Mar 20 12:04:11 freeipa03 named[1113]: managed-keys-zone ./IN: loaded
serial 0
Mar 20 12:04:11 freeipa03 named[1113]: running
Mar 20 12:04:11 freeipa03 named[1107]: Starting named: [ OK ]
Mar 20 12:04:12 freeipa03 systemd[1]: PID file /var/run/httpd/httpd.pid not
readable (yet?) after start.
Mar 20 12:04:13 freeipa03 ipactl[974]: Starting Directory Service
Mar 20 12:04:13 freeipa03 ipactl[974]: Starting KDC Service
Mar 20 12:04:13 freeipa03 ipactl[974]: Starting KPASSWD Service
Mar 20 12:04:13 freeipa03 ipactl[974]: Starting DNS Service
Mar 20 12:04:13 freeipa03 ipactl[974]: Starting HTTP Service
Mar 20 12:04:13 freeipa03 ipactl[974]: Starting CA Service
Mar 20 12:04:14 freeipa03 ntpd_intres[773]: host name not found:
2.fedora.pool.ntp.org
Mar 20 12:04:17 freeipa03 kernel: [ 49.099554] hrtimer: interrupt took
17369081 ns
Mar 20 12:05:15 freeipa03 systemd[1]: Startup finished in 2s 98ms 878us
(kernel) + 5s 40ms 620us (initrd) + 1min 40s 13ms 749us (userspace) = 1min
47s 153ms 247us.
Mar 20 12:06:18 freeipa03 ntpd_intres[773]: host name not found:
0.fedora.pool.ntp.org
Mar 20 12:06:23 freeipa03 ntpd_intres[773]: host name not found:
1.fedora.pool.ntp.org
Mar 20 12:06:28 freeipa03 ntpd_intres[773]: host name not found:
2.fedora.pool.ntp.org
Mar 20 12:09:59 freeipa03 systemd-logind[764]: New session 1 of user root.
Mar 20 12:10:35 freeipa03 ntpd_intres[773]: host name not found:
0.fedora.pool.ntp.org
Mar 20 12:10:40 freeipa03 ntpd_intres[773]: host name not found:
1.fedora.pool.ntp.org
Mar 20 12:10:45 freeipa03 ntpd_intres[773]: host name not found:
2.fedora.pool.ntp.org
Mar 20 12:16:31 freeipa03 python: GSSAPI Error: Unspecified GSS failure.
Minor code may provide more information (Credentials cache file
'/tmp/krb5cc_0' not found)
Mar 20 12:18:28 freeipa03 systemd-tmpfiles[1438]: Successfully loaded
SELinux database in 232ms 225us, size on heap is 485K.
Mar 20 12:18:29 freeipa03 systemd-tmpfiles[1438]: Two or more conflicting
lines for /var/run/dirsrv configured, ignoring.
Mar 20 12:18:29 freeipa03 systemd-tmpfiles[1438]: Two or more conflicting
lines for /var/lock/dirsrv configured, ignoring.
Mar 20 12:18:48 freeipa03 ntpd_intres[773]: DNS 0.fedora.pool.ntp.org ->
212.45.144.206
Mar 20 12:18:49 freeipa03 ntpd_intres[773]: DNS 1.fedora.pool.ntp.org ->
212.45.144.88
Mar 20 12:18:49 freeipa03 ntpd_intres[773]: DNS 2.fedora.pool.ntp.org ->
77.242.176.254
Mar 20 12:19:49 freeipa03 ntpd[741]: frequency error 531 PPM exceeds
tolerance 500 PPM
Mar 20 12:24:45 freeipa03 systemd-logind[764]: New session 2 of user root.
Mar 20 12:24:46 freeipa03 systemd-logind[764]: Removed session 2.
Mar 20 12:27:46 freeipa03 ntpd[741]: frequency error 558 PPM exceeds
tolerance 500 PPM
Mar 20 12:29:56 freeipa03 ntpd[741]: frequency error 516 PPM exceeds
tolerance 500 PPM
Mar 20 12:32:08 freeipa03 systemd[1]: pki-cad at pki-ca.service: main process
exited, code=exited, status=143
Mar 20 12:32:08 freeipa03 systemd[1]: Unit pki-cad at pki-ca.service entered
failed state.
Mar 20 12:32:21 freeipa03 named[1113]: received control channel command
'stop'
Mar 20 12:32:21 freeipa03 named[1113]: shutting down: flushing changes
Mar 20 12:32:21 freeipa03 named[1113]: stopping command channel on
127.0.0.1#953
Mar 20 12:32:21 freeipa03 named[1113]: stopping command channel on ::1#953
Mar 20 12:32:21 freeipa03 named[1113]: no longer listening on ::#53
Mar 20 12:32:21 freeipa03 named[1113]: no longer listening on 127.0.0.1#53
Mar 20 12:32:21 freeipa03 named[1113]: no longer listening on
192.168.146.134#53
Mar 20 12:32:22 freeipa03 named[1113]: exiting
Mar 20 12:32:23 freeipa03 named[1538]: Stopping named: .[ OK ]
Mar 20 12:32:24 freeipa03 systemd[1]: kadmin.service: main process exited,
code=exited, status=2
Mar 20 12:32:24 freeipa03 systemd[1]: Unit kadmin.service entered failed
state.
Mar 20 12:32:28 freeipa03 ipactl[1458]: Stopping CA Service
Mar 20 12:32:28 freeipa03 ipactl[1458]: Stopping HTTP Service
Mar 20 12:32:28 freeipa03 ipactl[1458]: Stopping DNS Service
Mar 20 12:32:28 freeipa03 ipactl[1458]: Stopping KPASSWD Service
Mar 20 12:32:28 freeipa03 ipactl[1458]: Stopping KDC Service
Mar 20 12:32:28 freeipa03 ipactl[1458]: Stopping Directory Service
Mar 20 12:36:43 freeipa03 ntpd[741]: frequency error 546 PPM exceeds
tolerance 500 PPM
Mar 20 12:48:50 freeipa03 ntpd[741]: frequency error 579 PPM exceeds
tolerance 500 PPM
I can add this info:
[root at freeipa03 ~]# kinit admin
kinit: Cannot contact any KDC for realm 'UNIX.MYDOMAIN.IT' while getting
initial credentials
[root at freeipa03 ~]# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = UNIX.MYDOMAIN.IT
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
UNIX.MYDOMAIN.IT = {
kdc = freeipa03.unix.mydomain.it:88
admin_server = freeipa03.unix.mydomain.it:749
default_domain = unix.mydomain.it
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.unix.mydomain.it = UNIX.MYDOMAIN.IT
unix.mydomain.it = UNIX.MYDOMAIN.IT
[dbmodules]
# UNIX.MYDOMAIN.IT = {
# db_library = kldap
# ldap_servers = ldapi://%2fvar%2frun%2fslapd-UNIX-MYDOMAIN-IT.socket
# ldap_kerberos_container_dn = cn=kerberos,dc=unix,dc=mydomain,dc=it
# ldap_kdc_dn = uid=kdc,cn=sysaccounts,cn=etc,dc=unix,dc=mydomain,dc=it
# ldap_kadmind_dn =
uid=kdc,cn=sysaccounts,cn=etc,dc=unix,dc=mydomain,dc=it
# ldap_service_password_file = /var/kerberos/krb5kdc/ldappwd
# }
UNIX.MYDOMAIN.IT = {
db_library = ipadb.so
}
Thanks as usual
Marco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120320/2fed92d0/attachment.htm>
More information about the Freeipa-users
mailing list