[Freeipa-users] ipa-* tools throws errors

David Fitzgerald David.Fitzgerald at millersville.edu
Tue Mar 5 15:21:30 UTC 2013 

Hello everyone,

I have been running a freeIPA server on Scientific Linux 6.2 for about a year.  Yesterday I  started not being able to run any "ipa-" commands.  Running kinit admin gives me the proper tickets, but when I run any ipa- command I get the following error:

ipa: ERROR: Kerberos error: Service u'HTTP at cyclone.esci.millersville.edu' not found in Kerberos database/.

I have no idea where the cyclone.esci.millersville.edu is coming from, as that used to be a Windows Domain server that was decommissioned years ago and is no longer in DNS, nor in /etc/hosts.  I even grep -R  all of the files in /etc and none refer to cyclone.  I checked the ipa config and krb5.conf files and they are pointing at the proper ipa server.

Checking log files I get these messages when I try to run ipa commands:

/var/log/httpd/error log:
Tue Mar 05 08:57:54 2013] [error] ipa: ERROR: 500 Internal Server Error: xmlserver.__call__: KRB5CCNAME not defined in HTTP request environment

/var/log/ipa
Mar 05 09:57:00 aurora.esci.millersville.edu krb5kdc[12534](info): TGS_REQ (4 etypes {18 17 16 23}) 166.66.65.39: ISSUE: authtime 1362491436, etypes {rep=18 tkt=18 ses=18}, admin at LINUX.DIRSRV.LOCAL for krbtgt/LINUX.DIRSRV.LOCAL at LINUX.DIRSRV.LOCAL
Mar 05 09:57:00 aurora.esci.millersville.edu krb5kdc[12534](info): TGS_REQ (4 etypes {18 17 16 23}) 166.66.65.39: UNKNOWN_SERVER: authtime 0,  admin at LINUX.DIRSRV.LOCAL for HTTP/cyclone.esci.millersville.edu at LINUX.DIRSRV.LOCAL, Server not found in Kerberos database

I Googled these error messages, but none of the results seemed to apply to my situation or didn't solve the problem  Can anyone point me in the right direction? Any help is greatly appreciated.

For what they are worth, here are my /etc/krb5.conf and /etc/ipa/default.conf files:

/etc/krb5.conf:

includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = LINUX.DIRSRV.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes

[realms]
LINUX.DIRSRV.LOCAL = {
  kdc = aurora.esci.millersville.edu:88
  admin_server = aurora.esci.millersville.edu:749
  default_domain = esci.millersville.edu
  pkinit_anchors = FILE:/etc/ipa/ca.crt
}

[domain_realm]
.esci.millersville.edu = LINUX.DIRSRV.LOCAL
esci.millersville.edu = LINUX.DIRSRV.LOCAL

[dbmodules]
#  LINUX.DIRSRV.LOCAL = {
#    db_library = kldap
#    ldap_servers = ldapi://%2fvar%2frun%2fslapd-LINUX-DIRSRV-LOCAL.socket
#    ldap_kerberos_container_dn = cn=kerberos,dc=linux,dc=dirsrv,dc=local
#    ldap_kdc_dn = uid=kdc,cn=sysaccounts,cn=etc,dc=linux,dc=dirsrv,dc=local
#    ldap_kadmind_dn = uid=kdc,cn=sysaccounts,cn=etc,dc=linux,dc=dirsrv,dc=local
#    ldap_service_password_file = /var/kerberos/krb5kdc/ldappwd
#  }

  LINUX.DIRSRV.LOCAL = {
    db_library = ipadb.so
  }

/etc/ipa/default.conf

[global]
host=aurora.esci.millersville.edu
basedn=dc=linux,dc=dirsrv,dc=local
realm=LINUX.DIRSRV.LOCAL
domain=esci.millersville.edu
xmlrpc_uri=https://aurora.esci.millersville.edu/ipa/xml
ldap_uri=ldapi://%2fvar%2frun%2fslapd-LINUX-DIRSRV-LOCAL.socket
enable_ra=True
ra_plugin=dogtag
mode=production


+++++++++++++++++++++++
David Fitzgerald
Department of Earth Sciences
Millersville University
Millersville, PA 17551

Phone: 717-871-2394

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130305/f126e43f/attachment.htm>

More information about the Freeipa-users mailing list