[Freeipa-users] IPA down hard. Kerberos?

Bret Wortman bret.wortman at damascusgrp.com
Mon May 19 10:51:05 UTC 2014 

Happy Monday to me -- I came in this morning to find all 3 of my IPA 
replicas are down. When I tried to start one of them, I got this:

[root at ipa1 ~]# ipactl start
Existing service file detected!
Assuming stale, cleaning and proceeding
Starting Directory Service
Starting krb5kdc Service
Job for krb5kdc.service failed. See 'systemctl status krb5kdc.service' 
and 'journalctl -xn' for details.
Failed to start krb5kdc Service
Shutting down
Aborting ipactl
[root at ipa1 ~]# systemctl status krb5kdc.service
krb5kdc.service - Kerberos 5 KDC
    Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; disabled)
    Active: failed (Result: exit-code) since Mon 2014-05-19 06:46:24 
EDT; 51s ago
   Process: 1835 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid 
$KRB5KDC_ARGS (code=exited, status=1/FAILURE)

May 19 06:46:24 ipa1.foo.net systemd[1]: krb5kdc.service: control 
process exited, code=exited status=1
May 19 06:46:24 ipa1.foo.net systemd[1]: Failed to start Kerberos 5 KDC.
May 19 06:46:24 ipa1.foo.net systemd[1]: Unit krb5kdc.service entered 
failed state.
May 19 06:46:24 ipa1.foo.net systemd[1]: Stopped Kerberos 5 KDC.
[root at ipa1 ~]# journalctl -xn
-- Logs begin at Tue 2014-05-13 09:50:44 EDT, end at Mon 2014-05-19 
06:47:03 EDT. --
May 19 06:46:42 ipa1.foo.net ntpd_intres[526]: host name not found: 
2.fedora.pool.ntp.org
May 19 06:46:58 ipa1.foo.net sshd[1855]: error: AuthorizedKeysCommand 
/usr/bin/sss_ssh_authorizedkeys returned status 1
May 19 06:47:00 ipa1.foo.net sshd[1855]: Accepted password for root from 
192.168.2.13 port 42299 ssh2
May 19 06:47:00 ipa1.foo.net systemd[1]: Starting Session 5 of user root.
-- Subject: Unit session-5.scope has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit session-5.scope has begun starting up.
May 19 06:47:00 ipa1.foo.net systemd-logind[495]: New session 5 of user 
root.
-- Subject: A new session 5 has been created for user root
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
-- 
-- A new session with the ID 5 has been created for the user root.
-- 
-- The leading process of the session is 1855.
May 19 06:47:00 ipa1.foo.net systemd[1]: Started Session 5 of user root.
-- Subject: Unit session-5.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit session-5.scope has finished starting up.
-- 
-- The start-up result is done.
May 19 06:47:00 ipa1.foo.net sshd[1855]: pam_unix(sshd:session): session 
opened for user root by (uid=0)
May 19 06:47:03 ipa1.foo.net systemd[1]: Stopped 389 Directory Server 
WEDGEOFLI-ME..
-- Subject: Unit dirsrv at WEDGEOFLI-ME.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit dirsrv at WEDGEOFLI-ME.service has finished shutting down.
May 19 06:47:03 ipa1.foo.net systemd[1]: Stopping 389 Directory Server.
-- Subject: Unit dirsrv.target has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit dirsrv.target has begun shutting down.
May 19 06:47:03 ipa1.foo.net systemd[1]: Stopped target 389 Directory 
Server.
-- Subject: Unit dirsrv.target has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit dirsrv.target has finished shutting down.
[root at ipa1 ~]#

Any thoughts on where to look next? There's nothing at all logged in 
/var/log/krb5kdc.log when I try to start it up, and there are so many 
pieces to this that I'm not sure where to focus my efforts.

Thanks!


-- 
*Bret Wortman*

http://damascusgrp.com/
http://about.me/wortmanbret

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140519/3558ab72/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 51f7de33e4b08d2bdb8b4860
Type: image/png
Size: 28526 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140519/3558ab72/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140519/3558ab72/attachment.p7s>

More information about the Freeipa-users mailing list