[Freeipa-users] BIND not starting after IPA install

Renier Gertzen renier.gertzen at adcock.com
Fri Sep 12 08:57:41 UTC 2014 

Hi

Before starting IPA install i did "yum -y  intstall bind*". I think that did it.

Regards,

On Fri, 2014-09-12 at 10:43 +0200, Petr Spacek wrote:


Hello!

On 12.9.2014 09:39, Renier Gertzen wrote:
> Issue resolved in the following manner
>
> I saved copies of my named.conf.
> ran yum remove bind
> cd /var/named
> rm -Rf * (be carefull)
> ran yum install bind
> copied my named.conf file back
> service named start
>
> And it started and works now.
> Thanks for the SDB tip.

Interesting. What did you change? Did you use plain "named" instead of
"named-sdb"?

How did you manage to install named-sdb? ipa-server-install doesn't do that.

Also, I haven't seen ipa-server-selinux package before... Who knows what else
was changed by Oracle repackaging?

Petr^2 Spacek

> From: freeipa-users-bounces at redhat.com<mailto:freeipa-users-bounces at redhat.com> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Renier Gertzen
> Sent: 12 September 2014 09:17 AM
> To: Petr Spacek; freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
> Subject: Re: [Freeipa-users] BIND not starting after IPA install
>
> Yes, I use IPA. I have checked /etc/krb5.conf and it does contain:
>
> [libdefaults]
> default_realm = IPA.EXAMPLE
>
>
>
> Versions are as follows:
> Name : bind-dyndb-ldap Relocations: (not relocatable)
> Version : 2.3 Vendor: Oracle America
> Release : 5.el6 Build Date: Fri 22 Nov 2013 01:29:26 AM SAST
> Install Date: Tue 09 Sep 2014 11:13:21 AM SAST Build Host: ca-build44.us.oracle.com
>
> Name : ipa-server-selinux Relocations: (not relocatable)
> Version : 3.0.0 Vendor: Oracle America
> Release : 37.el6 Build Date: Fri 22 Nov 2013 01:25:33 AM SAST
> Install Date: Wed 10 Sep 2014 04:40:05 PM SAST Build Host: ca-build44.us.oracle.com
>
> -----Original Message-----
> From: freeipa-users-bounces at redhat.com<mailto:freeipa-users-bounces at redhat.com><mailto:freeipa-users-bounces at redhat.com> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Petr Spacek
> Sent: 11 September 2014 07:08 PM
> To: freeipa-users at redhat.com<mailto:freeipa-users at redhat.com><mailto:freeipa-users at redhat.com>
> Subject: Re: [Freeipa-users] BIND not starting after IPA install
>
> On 11.9.2014 14:20, Renier Gertzen wrote:
>> Hi,
>>
>> My bind server refuses to start. I get the following:
>> Sep 11 14:14:40 orpst named-sdb[4343]: generating session key for
>> dynamic DNS Sep 11 14:14:40 orpst named-sdb[4343]: sizing zone task
>> pool based on 6 zones Sep 11 14:14:40 orpst named-sdb[4343]: set up managed keys zone for view _default, file 'dynamic/managed-keys.bind'
>> Sep 11 14:15:30 orpst named-sdb[4343]: Failed to retrieve default
>> realm (Configuration file does not specify default realm) Sep 11
>> 14:15:30 orpst named-sdb[4343]: Failed to init credentials
>> (Cryptosystem internal error) Sep 11 14:15:30 orpst named-sdb[4343]:
>> loading configuration: failure Sep 11 14:15:30 orpst named-sdb[4343]:
>> exiting (due to fatal error)
>>
>> System is running Oracle Linux 6.5
>>
>> The following is my config:
>> dynamic-db "ipa" {
>> library "ldap.so";
>> arg "uri ldapi://%2fvar%2frun%2fslapd-SUBDOM-EXAMPLE-COM.socket";
>> arg "base cn=dns, dc=subdom,dc=example,dc=com";
>> arg "fake_mname server.subdom.example.com.";
>> arg "auth_method sasl";
>> arg "sasl_mech GSSAPI";
>> arg "sasl_user DNS/server.subdom.example.com at SERVER.SUBDOM.COM<mailto:server.subdom.example.com at SERVER.SUBDOM.COM><mailto:DNS/server.subdom.example.com at SERVER.SUBDOM.COM>";
>> arg "zone_refresh 0";
>> arg "psearch yes";
>> arg "serial_autoincrement yes"; };
>>
>> Any assistance would be appreciated.
>
>
> Hello!
>
> Do you use IPA or not? Which version of IPA and bind-dyndb-ldap do you have?
>
> AFAIK bind-dyndb-ldap was never tested with sdb version of named...
>
> Anyway, I would try to look into /etc/krb5.conf and double check that is contains likes like these:
>
> [libdefaults]
> default_realm = IPA.EXAMPLE
>
> Have a nice day!
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
>
> Disclaimer
>
> http://www.adcock.com/email-disclaimer.htm<http://www.adcock.com/email-disclaimer.htm%20> itevomcid
>




--





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140912/b00ffcee/attachment.htm>

More information about the Freeipa-users mailing list