[Freeipa-users] krb5kdc: Server error

Dmitri Pal dpal at redhat.com
Wed Apr 8 18:11:24 UTC 2015 

On 04/08/2015 06:54 AM, Ben .T.George wrote:
> HI Traino,
>
> thanks for the info
>
> i have checked the hots and confirmed that entry was <ip> <FQDN> 
> <Alias> format
>
> And the DNS everything is working
>
> [root at kwtprsolipa01 slapd-SUN-LOCAL]# for i in _ldap._tcp 
> _kerberos._tcp _kerberos._udp _kerberos-master._tcp 
> _kerberos-master._udp _ntp._udp; do echo ""; dig @mha.local 
> ${i}.SUN.LOCAL srv +nocmd +noquestion +nocomments +nostats +noaa 
> +noadditional +noauthority; done | egrep -v "^;" | egrep _
>
> _ldap._tcp.SUN.LOCAL.   21965   IN      SRV     0 100 389 
> kwtprsolipa01.sun.local.
> _kerberos._tcp.SUN.LOCAL. 1957  IN      SRV     0 100 88 
> kwtprsolipa01.sun.local.
> _kerberos._udp.SUN.LOCAL. 86400 IN      SRV     0 100 88 
> kwtprsolipa01.sun.local.
> _kerberos-master._tcp.SUN.LOCAL. 86400 IN SRV   0 100 88 
> kwtprsolipa01.sun.local.
> _kerberos-master._udp.SUN.LOCAL. 9112 IN SRV    0 100 88 
> kwtprsolipa01.sun.local.
> _ntp._udp.SUN.LOCAL.    86400   IN      SRV     0 100 123 
> kwtprsolipa01.sun.local.
>
> [root at kwtprsolipa01 slapd-SUN-LOCAL]# for i in _ldap._tcp 
> _kerberos._tcp _kerberos._udp _kerberos-master._tcp 
> _kerberos-master._udp _ntp._udp; do echo ""; dig @mha.local 
> ${i}.MHA.LOCAL srv +nocmd +noquestion +nocomments +nostats +noaa 
> +noadditional +noauthority; done | egrep -v "^;" | egrep _
>
> _ldap._tcp.MHA.LOCAL.   600     IN      SRV     0 100 389 
> dxbprdc002.mha.local.
> _ldap._tcp.MHA.LOCAL.   600     IN      SRV     0 100 389 
> kwtprdc001.mha.local.
> _ldap._tcp.MHA.LOCAL.   600     IN      SRV     0 100 389 
> dxbprdc001.mha.local.
> _ldap._tcp.MHA.LOCAL.   600     IN      SRV     0 100 389 
> rusmosprdc002.mha.local.
> _ldap._tcp.MHA.LOCAL.   600     IN      SRV     0 100 389 
> kwtprdc002.mha.local.
> _kerberos._tcp.MHA.LOCAL. 600   IN      SRV     0 100 88 
> kwtprdc001.mha.local.
> _kerberos._tcp.MHA.LOCAL. 600   IN      SRV     0 100 88 
> dxbprdc002.mha.local.
> _kerberos._tcp.MHA.LOCAL. 600   IN      SRV     0 100 88 
> dxbprdc001.mha.local.
> _kerberos._tcp.MHA.LOCAL. 600   IN      SRV     0 100 88 
> kwtprdc002.mha.local.
> _kerberos._udp.MHA.LOCAL. 600   IN      SRV     0 100 88 
> kwtprdc002.mha.local.
> _kerberos._udp.MHA.LOCAL. 600   IN      SRV     0 100 88 
> dxbprdc002.mha.local.
> _kerberos._udp.MHA.LOCAL. 600   IN      SRV     0 100 88 
> kwtprdc001.mha.local.
> _kerberos._udp.MHA.LOCAL. 600   IN      SRV     0 100 88 
> dxbprdc001.mha.local.
>
> [root at kwtprsolipa01 slapd-SUN-LOCAL]# host 172.16.99.99
> 99.99.16.172.in-addr.arpa domain name pointer kwtprsolipa01.sun.local.
> [root at kwtprsolipa01 slapd-SUN-LOCAL]# host kwtprsolipa01.sun.local
> kwtprsolipa01.sun.local has address 172.16.99.99
>
> [root at kwtprsolipa01 slapd-SUN-LOCAL]# host mha.local
> mha.local has address 172.16.98.171
> mha.local has address 172.16.100.180
> mha.local has address 10.10.10.11
> mha.local has address 10.10.10.10
>
>
> [root at kwtprsolipa01 slapd-SUN-LOCAL]# dig kwtprsolipa01.sun.local
>
> ; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7 <<>> kwtprsolipa01.sun.local
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23767
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4000
> ;; QUESTION SECTION:
> ;kwtprsolipa01.sun.local.       IN      A
>
> ;; ANSWER SECTION:
> kwtprsolipa01.sun.local. 38     IN      A 172.16.99.99
>
> ;; Query time: 0 msec
> ;; SERVER: 172.16.100.180#53(172.16.100.180)
> ;; WHEN: Wed Apr 08 13:54:02 AST 2015
> ;; MSG SIZE  rcvd: 68
>
>
>
> On Wed, Apr 8, 2015 at 1:27 PM, Traiano Welcome <traiano at gmail.com 
> <mailto:traiano at gmail.com>> wrote:
>
>     Hi Ben
>
>
>
>     On Wed, Apr 8, 2015 at 12:39 PM, Ben .T.George
>     <bentech4you at gmail.com <mailto:bentech4you at gmail.com>> wrote:
>     > HI
>     >
>     > i am getting krb5kdc: Server error on ligs:
>     >
>     > krb5kdc: Server error - while fetching master key K/M for realm
>     SUN.LOCAL
>     >
>     > and the ipactl status is taking long time. Web interface is not
>     able to
>     > athenticate.
>     >
>     > If i issue ipactl restart, noting is happening
>     >
>     > to solve this issue currently i am restarting full server..
>     >
>     >
>     > How can i fix this?
>     >
>
>     Check the tail-end of  this thread:
>
>     https://www.redhat.com/archives/freeipa-users/2015-April/msg00011.html
>
>     You may want to begin by checking /etc/hosts for the right format (<ip
>     address> <fqdn> <hostname>).
>     DNS is probably the very next thing you want to check... thoroughly.
>
>
>
>
>
>
>     > Regards,
>     > Ben
>     >
>     > --
>     > Manage your subscription for the Freeipa-users mailing list:
>     > https://www.redhat.com/mailman/listinfo/freeipa-users
>     > Go to http://freeipa.org for more info on the project
>
>
>
>


Anything in the DS logs?
The DS might not be starting because there is not enough space or some 
file corruption.

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150408/bba33299/attachment.htm>

More information about the Freeipa-users mailing list