[Freeipa-users] /var/kerberos/krb5kdc/principal missing
Rob Crittenden
rcritten at redhat.com
Thu Oct 3 15:49:02 UTC 2013
Brian J. Murrell wrote:
> I have a FreeIPA server set up on EL 6.4 with the following package
> versions:
>
> ipa-admintools-3.0.0-26.el6_4.4.x86_64
> krb5-libs-1.10.3-10.el6_4.6.x86_64
> ipa-server-selinux-3.0.0-26.el6_4.4.x86_64
> ipa-client-3.0.0-26.el6_4.4.x86_64
> ipa-pki-common-theme-9.0.3-7.el6.noarch
> krb5-server-1.10.3-10.el6_4.6.x86_64
> ipa-server-3.0.0-26.el6_4.4.x86_64
> krb5-workstation-1.10.3-10.el6_4.6.x86_64
> ipa-python-3.0.0-26.el6_4.4.x86_64
>
> When I try to start it the startup fails:
>
> # ipactl start
> Starting Directory Service
> Starting dirsrv:
> EXAMPLE-COM... [ OK ]
> PKI-IPA... [ OK ]
> Starting KDC Service
> Starting Kerberos 5 KDC: krb5kdc: cannot initialize realm EXAMPLE.COM -
> see log file for details
> [FAILED]
> Failed to start KDC Service
> Shutting down
> Stopping Kerberos 5 KDC: [FAILED]
> Stopping Kerberos 5 Admin Server: [FAILED]
> Stopping httpd: [FAILED]
> Stopping pki-ca: [ OK ]
> Shutting down dirsrv:
> EXAMPLE-COM...
> [ OK ]
> PKI-IPA... [ OK ]
> Aborting ipactl
>
> So trying to start krb5kdc:
>
> # service krb5kdc start
> Starting Kerberos 5 KDC: krb5kdc: cannot initialize realm EXAMPLE.COM -
> see log file for details
> [FAILED]
>
> Unfortunately there is nothing in /var/log/krb5kdc.log. Looking in
> /var/log/messages I see:
>
> Oct 3 08:28:25 ipa0 krb5kdc[26676]: No such file or directory - while
> initializing database for realm EXAMPLE.COM
>
> Unfortunately it doesn't tell us which file is missing. Strace helps
> here though:
>
> # strace -f /usr/sbin/krb5kdc -r EXAMPLE.COM -P /var/run/krb5kdc.pid
> ...
> open("/var/kerberos/krb5kdc/principal", O_RDONLY) = -1 ENOENT (No such
> file or directory)
> gettimeofday({1380814261, 82991}, NULL) = 0
> open("/etc/localtime", O_RDONLY) = 4
> fstat(4, {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0
> fstat(4, {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> = 0x7f095f58d000
> read(4,
> "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., 4096)
> = 2819
> lseek(4, -1802, SEEK_CUR) = 1017
> read(4,
> "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\5\0\0\0\0"..., 4096)
> = 1802
> close(4) = 0
> munmap(0x7f095f58d000, 4096) = 0
> sendto(3, "<35>Oct 3 08:31:01 krb5kdc[2669"..., 115, MSG_NOSIGNAL,
> NULL, 0) = 115
> munmap(0x7f0956c7e000, 2200608) = 0
> write(2, "krb5kdc: cannot initialize realm"..., 74krb5kdc: cannot
> initialize realm EXAMPLE.COM - see log file for details
> ) = 74
> exit_group(1) = ?
>
> Sure enough /var/kerberos/krb5kdc/principal doesn't exist. I have no
> idea why though and no backup to restore from, yet. Was still in the
> process of setting this machine up.
>
> Is this a known issue? Any theories on why it went missing?
>
> And most importantly, any ideas on my recovery process here? Do I have
> to throw my KRB5 database away and start from scratch?
Can clues on how it got to this point? Files changed, etc?
What does the dbmodules section of /etc/krb5.conf look like?
rob
More information about the Freeipa-users
mailing list