[Freeipa-users] IPA down hard. Kerberos?

Bret Wortman bret.wortman at damascusgrp.com
Mon May 19 11:19:10 UTC 2014 

For completeness:

[root at ipa1 ~]# rpm -qa | grep ipa
libipa_hbac-python-1.11.5.1-1.fc20.x86_64
python-iniparse-0.4-9.fc20.noarch
libipa_hbac-1.11.5.1-1.fc20.x86_64
freeipa-python-3.3.5-1.fc20.x86_64
freeipa-admintools-3.3.5-1.fc20.x86_64
freeipa-server-3.3.5-1.fc20.x86_64
sssd-ipa-1.11.5.1-1.fc20.x86_64
freeipa-client-3.3.5-1.fc20.x86_64
[root at ipa1 ~]# rpm -qa | grep krb
krb5-libs-1.11.5-5.fc20.x86_64
pam_krb5-2.4.8-1.fc20.x86_64
sssd-krb5-1.11.5.1-1.fc20.x86_64
krb5-pkinit-1.11.5-5.fc20.x86_64
krb5-workstation-1.11.5-5.fc20.x86_64
python-krbV-1.0.90-7.fc20.x86_64
krb5-server-1.11.5-5.fc20.x86_64
sssd-krb5-common-1.11.5.1-1.fc20.x86_64
[root at ipa1 ~]# rpm -qa | grep 389
389-ds-base-libs-1.3.2.16-1.fc20.x86_64
389-ds-base-1.3.2.16-1.fc20.x86_64
[root at ipa1 ~]#

On 05/19/2014 06:51 AM, Bret Wortman wrote:
> Happy Monday to me -- I came in this morning to find all 3 of my IPA 
> replicas are down. When I tried to start one of them, I got this:
>
> [root at ipa1 ~]# ipactl start
> Existing service file detected!
> Assuming stale, cleaning and proceeding
> Starting Directory Service
> Starting krb5kdc Service
> Job for krb5kdc.service failed. See 'systemctl status krb5kdc.service' 
> and 'journalctl -xn' for details.
> Failed to start krb5kdc Service
> Shutting down
> Aborting ipactl
> [root at ipa1 ~]# systemctl status krb5kdc.service
> krb5kdc.service - Kerberos 5 KDC
>    Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; disabled)
>    Active: failed (Result: exit-code) since Mon 2014-05-19 06:46:24 
> EDT; 51s ago
>   Process: 1835 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid 
> $KRB5KDC_ARGS (code=exited, status=1/FAILURE)
>
> May 19 06:46:24 ipa1.foo.net systemd[1]: krb5kdc.service: control 
> process exited, code=exited status=1
> May 19 06:46:24 ipa1.foo.net systemd[1]: Failed to start Kerberos 5 KDC.
> May 19 06:46:24 ipa1.foo.net systemd[1]: Unit krb5kdc.service entered 
> failed state.
> May 19 06:46:24 ipa1.foo.net systemd[1]: Stopped Kerberos 5 KDC.
> [root at ipa1 ~]# journalctl -xn
> -- Logs begin at Tue 2014-05-13 09:50:44 EDT, end at Mon 2014-05-19 
> 06:47:03 EDT. --
> May 19 06:46:42 ipa1.foo.net ntpd_intres[526]: host name not found: 
> 2.fedora.pool.ntp.org
> May 19 06:46:58 ipa1.foo.net sshd[1855]: error: AuthorizedKeysCommand 
> /usr/bin/sss_ssh_authorizedkeys returned status 1
> May 19 06:47:00 ipa1.foo.net sshd[1855]: Accepted password for root 
> from 192.168.2.13 port 42299 ssh2
> May 19 06:47:00 ipa1.foo.net systemd[1]: Starting Session 5 of user root.
> -- Subject: Unit session-5.scope has begun with start-up
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit session-5.scope has begun starting up.
> May 19 06:47:00 ipa1.foo.net systemd-logind[495]: New session 5 of 
> user root.
> -- Subject: A new session 5 has been created for user root
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- Documentation: 
> http://www.freedesktop.org/wiki/Software/systemd/multiseat
> -- 
> -- A new session with the ID 5 has been created for the user root.
> -- 
> -- The leading process of the session is 1855.
> May 19 06:47:00 ipa1.foo.net systemd[1]: Started Session 5 of user root.
> -- Subject: Unit session-5.scope has finished start-up
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit session-5.scope has finished starting up.
> -- 
> -- The start-up result is done.
> May 19 06:47:00 ipa1.foo.net sshd[1855]: pam_unix(sshd:session): 
> session opened for user root by (uid=0)
> May 19 06:47:03 ipa1.foo.net systemd[1]: Stopped 389 Directory Server 
> WEDGEOFLI-ME..
> -- Subject: Unit dirsrv at WEDGEOFLI-ME.service has finished shutting down
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit dirsrv at WEDGEOFLI-ME.service has finished shutting down.
> May 19 06:47:03 ipa1.foo.net systemd[1]: Stopping 389 Directory Server.
> -- Subject: Unit dirsrv.target has begun shutting down
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit dirsrv.target has begun shutting down.
> May 19 06:47:03 ipa1.foo.net systemd[1]: Stopped target 389 Directory 
> Server.
> -- Subject: Unit dirsrv.target has finished shutting down
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit dirsrv.target has finished shutting down.
> [root at ipa1 ~]#
>
> Any thoughts on where to look next? There's nothing at all logged in 
> /var/log/krb5kdc.log when I try to start it up, and there are so many 
> pieces to this that I'm not sure where to focus my efforts.
>
> Thanks!
>
>
> -- 
> *Bret Wortman*
>
> http://damascusgrp.com/
> http://about.me/wortmanbret
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140519/69bae477/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 28526 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140519/69bae477/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140519/69bae477/attachment.p7s>

More information about the Freeipa-users mailing list