[Freeipa-users] krb5kdc: Server error
Dmitri Pal
dpal at redhat.com
Wed Apr 8 18:11:24 UTC 2015
On 04/08/2015 06:54 AM, Ben .T.George wrote:
> HI Traino,
>
> thanks for the info
>
> i have checked the hots and confirmed that entry was <ip> <FQDN>
> <Alias> format
>
> And the DNS everything is working
>
> [root at kwtprsolipa01 slapd-SUN-LOCAL]# for i in _ldap._tcp
> _kerberos._tcp _kerberos._udp _kerberos-master._tcp
> _kerberos-master._udp _ntp._udp; do echo ""; dig @mha.local
> ${i}.SUN.LOCAL srv +nocmd +noquestion +nocomments +nostats +noaa
> +noadditional +noauthority; done | egrep -v "^;" | egrep _
>
> _ldap._tcp.SUN.LOCAL. 21965 IN SRV 0 100 389
> kwtprsolipa01.sun.local.
> _kerberos._tcp.SUN.LOCAL. 1957 IN SRV 0 100 88
> kwtprsolipa01.sun.local.
> _kerberos._udp.SUN.LOCAL. 86400 IN SRV 0 100 88
> kwtprsolipa01.sun.local.
> _kerberos-master._tcp.SUN.LOCAL. 86400 IN SRV 0 100 88
> kwtprsolipa01.sun.local.
> _kerberos-master._udp.SUN.LOCAL. 9112 IN SRV 0 100 88
> kwtprsolipa01.sun.local.
> _ntp._udp.SUN.LOCAL. 86400 IN SRV 0 100 123
> kwtprsolipa01.sun.local.
>
> [root at kwtprsolipa01 slapd-SUN-LOCAL]# for i in _ldap._tcp
> _kerberos._tcp _kerberos._udp _kerberos-master._tcp
> _kerberos-master._udp _ntp._udp; do echo ""; dig @mha.local
> ${i}.MHA.LOCAL srv +nocmd +noquestion +nocomments +nostats +noaa
> +noadditional +noauthority; done | egrep -v "^;" | egrep _
>
> _ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
> dxbprdc002.mha.local.
> _ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
> kwtprdc001.mha.local.
> _ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
> dxbprdc001.mha.local.
> _ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
> rusmosprdc002.mha.local.
> _ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
> kwtprdc002.mha.local.
> _kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
> kwtprdc001.mha.local.
> _kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
> dxbprdc002.mha.local.
> _kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
> dxbprdc001.mha.local.
> _kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
> kwtprdc002.mha.local.
> _kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
> kwtprdc002.mha.local.
> _kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
> dxbprdc002.mha.local.
> _kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
> kwtprdc001.mha.local.
> _kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
> dxbprdc001.mha.local.
>
> [root at kwtprsolipa01 slapd-SUN-LOCAL]# host 172.16.99.99
> 99.99.16.172.in-addr.arpa domain name pointer kwtprsolipa01.sun.local.
> [root at kwtprsolipa01 slapd-SUN-LOCAL]# host kwtprsolipa01.sun.local
> kwtprsolipa01.sun.local has address 172.16.99.99
>
> [root at kwtprsolipa01 slapd-SUN-LOCAL]# host mha.local
> mha.local has address 172.16.98.171
> mha.local has address 172.16.100.180
> mha.local has address 10.10.10.11
> mha.local has address 10.10.10.10
>
>
> [root at kwtprsolipa01 slapd-SUN-LOCAL]# dig kwtprsolipa01.sun.local
>
> ; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7 <<>> kwtprsolipa01.sun.local
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23767
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4000
> ;; QUESTION SECTION:
> ;kwtprsolipa01.sun.local. IN A
>
> ;; ANSWER SECTION:
> kwtprsolipa01.sun.local. 38 IN A 172.16.99.99
>
> ;; Query time: 0 msec
> ;; SERVER: 172.16.100.180#53(172.16.100.180)
> ;; WHEN: Wed Apr 08 13:54:02 AST 2015
> ;; MSG SIZE rcvd: 68
>
>
>
> On Wed, Apr 8, 2015 at 1:27 PM, Traiano Welcome <traiano at gmail.com
> <mailto:traiano at gmail.com>> wrote:
>
> Hi Ben
>
>
>
> On Wed, Apr 8, 2015 at 12:39 PM, Ben .T.George
> <bentech4you at gmail.com <mailto:bentech4you at gmail.com>> wrote:
> > HI
> >
> > i am getting krb5kdc: Server error on ligs:
> >
> > krb5kdc: Server error - while fetching master key K/M for realm
> SUN.LOCAL
> >
> > and the ipactl status is taking long time. Web interface is not
> able to
> > athenticate.
> >
> > If i issue ipactl restart, noting is happening
> >
> > to solve this issue currently i am restarting full server..
> >
> >
> > How can i fix this?
> >
>
> Check the tail-end of this thread:
>
> https://www.redhat.com/archives/freeipa-users/2015-April/msg00011.html
>
> You may want to begin by checking /etc/hosts for the right format (<ip
> address> <fqdn> <hostname>).
> DNS is probably the very next thing you want to check... thoroughly.
>
>
>
>
>
>
> > Regards,
> > Ben
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
>
>
>
>
Anything in the DS logs?
The DS might not be starting because there is not enough space or some
file corruption.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150408/bba33299/attachment.htm>
More information about the Freeipa-users
mailing list