[Freeipa-users] IPA down hard. Kerberos?

Bret Wortman bret.wortman at damascusgrp.com
Mon May 19 12:52:08 UTC 2014 

Okay, it looks like our /etc/krb5.conf file got overwritten by an 
overeager Puppet module that shouldn't have affected an IPA server but did.

Can someone provide some guidance as to what this file is supposed to 
look like on an IPA server named "ipa1.foo.net" since ours is obviously 
completely wrong and I don't have an unadulterated server to look at for 
comparison? Thanks.


Bret

On 05/19/2014 06:51 AM, Bret Wortman wrote:
> Happy Monday to me -- I came in this morning to find all 3 of my IPA 
> replicas are down. When I tried to start one of them, I got this:
>
> [root at ipa1 ~]# ipactl start
> Existing service file detected!
> Assuming stale, cleaning and proceeding
> Starting Directory Service
> Starting krb5kdc Service
> Job for krb5kdc.service failed. See 'systemctl status krb5kdc.service' 
> and 'journalctl -xn' for details.
> Failed to start krb5kdc Service
> Shutting down
> Aborting ipactl
> [root at ipa1 ~]# systemctl status krb5kdc.service
> krb5kdc.service - Kerberos 5 KDC
>    Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; disabled)
>    Active: failed (Result: exit-code) since Mon 2014-05-19 06:46:24 
> EDT; 51s ago
>   Process: 1835 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid 
> $KRB5KDC_ARGS (code=exited, status=1/FAILURE)
>
> May 19 06:46:24 ipa1.foo.net systemd[1]: krb5kdc.service: control 
> process exited, code=exited status=1
> May 19 06:46:24 ipa1.foo.net systemd[1]: Failed to start Kerberos 5 KDC.
> May 19 06:46:24 ipa1.foo.net systemd[1]: Unit krb5kdc.service entered 
> failed state.
> May 19 06:46:24 ipa1.foo.net systemd[1]: Stopped Kerberos 5 KDC.
> [root at ipa1 ~]# journalctl -xn
> -- Logs begin at Tue 2014-05-13 09:50:44 EDT, end at Mon 2014-05-19 
> 06:47:03 EDT. --
> May 19 06:46:42 ipa1.foo.net ntpd_intres[526]: host name not found: 
> 2.fedora.pool.ntp.org
> May 19 06:46:58 ipa1.foo.net sshd[1855]: error: AuthorizedKeysCommand 
> /usr/bin/sss_ssh_authorizedkeys returned status 1
> May 19 06:47:00 ipa1.foo.net sshd[1855]: Accepted password for root 
> from 192.168.2.13 port 42299 ssh2
> May 19 06:47:00 ipa1.foo.net systemd[1]: Starting Session 5 of user root.
> -- Subject: Unit session-5.scope has begun with start-up
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit session-5.scope has begun starting up.
> May 19 06:47:00 ipa1.foo.net systemd-logind[495]: New session 5 of 
> user root.
> -- Subject: A new session 5 has been created for user root
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- Documentation: 
> http://www.freedesktop.org/wiki/Software/systemd/multiseat
> -- 
> -- A new session with the ID 5 has been created for the user root.
> -- 
> -- The leading process of the session is 1855.
> May 19 06:47:00 ipa1.foo.net systemd[1]: Started Session 5 of user root.
> -- Subject: Unit session-5.scope has finished start-up
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit session-5.scope has finished starting up.
> -- 
> -- The start-up result is done.
> May 19 06:47:00 ipa1.foo.net sshd[1855]: pam_unix(sshd:session): 
> session opened for user root by (uid=0)
> May 19 06:47:03 ipa1.foo.net systemd[1]: Stopped 389 Directory Server 
> WEDGEOFLI-ME..
> -- Subject: Unit dirsrv at WEDGEOFLI-ME.service has finished shutting down
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit dirsrv at WEDGEOFLI-ME.service has finished shutting down.
> May 19 06:47:03 ipa1.foo.net systemd[1]: Stopping 389 Directory Server.
> -- Subject: Unit dirsrv.target has begun shutting down
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit dirsrv.target has begun shutting down.
> May 19 06:47:03 ipa1.foo.net systemd[1]: Stopped target 389 Directory 
> Server.
> -- Subject: Unit dirsrv.target has finished shutting down
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> -- 
> -- Unit dirsrv.target has finished shutting down.
> [root at ipa1 ~]#
>
> Any thoughts on where to look next? There's nothing at all logged in 
> /var/log/krb5kdc.log when I try to start it up, and there are so many 
> pieces to this that I'm not sure where to focus my efforts.
>
> Thanks!
>
>
> -- 
> *Bret Wortman*
>
> http://damascusgrp.com/
> http://about.me/wortmanbret
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140519/d82a00a3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 28526 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140519/d82a00a3/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140519/d82a00a3/attachment.p7s>

More information about the Freeipa-users mailing list