[Freeipa-users] Problem starting IPA after reboot
John Obaterspok
john.obaterspok at gmail.com
Thu Jan 8 19:31:38 UTC 2015
Hello,
I was trying out cifs mount when I ran into some problem where smb failed
to load. What I've done was:
1) ipa-getkeytab -s ipaserver -p cifs/ipaserver.my.lan -k /etc/krb5.keytab
2) pdbedit -L on ipaserver (which failed since I'm using registry)
Then I got strange errors and tried reboot. Now initially smb failed to
start, then after a minute or two ipa + kadmin also fails.
I've noticed selinux complains about:
- SELinux is preventing /usr/sbin/krb5kdc from write access on the
sock_file /var/lib/sss/pipes/pac.
- SELinux is preventing /usr/sbin/krb5kdc from connectto access on the
unix_stream_socket /var/lib/sss/pipes/pac.
I see the following in journal -b
20:19:44 smbd[2065]: [2015/01/08 20:19:44.736247, 0]
../source3/smbd/server.c:1269(main)
20:19:44 smbd[2065]: standard input is not a socket, assuming -D option
20:19:44 systemd[1]: smb.service: Supervising process 2066 which is not our
child. We'll most likely not notice when it exits.
20:19:44 smbd[2066]: [2015/01/08 20:19:44.803085, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:44 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:44 smbd[2066]: [2015/01/08 20:19:44.803985, 0]
../source3/lib/smbldap.c:998(smbldap_connect_system)
20:19:44 smbd[2066]: failed to bind to server
ldapi://%2fvar%2frun%2fslapd-MY-LAN.socket with dn="[Anonymous bind]"
Error: Local error
20:19:44 smbd[2066]: (unknown)
20:19:45 smbd[2066]: [2015/01/08 20:19:45.815968, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:45 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:46 smbd[2066]: [2015/01/08 20:19:46.826820, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:46 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:47 smbd[2066]: [2015/01/08 20:19:47.837775, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:47 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:48 smbd[2066]: [2015/01/08 20:19:48.848497, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:48 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:49 smbd[2066]: [2015/01/08 20:19:49.859177, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:49 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:50 smbd[2066]: [2015/01/08 20:19:50.869958, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:50 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:51 smbd[2066]: [2015/01/08 20:19:51.880575, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:51 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:52 smbd[2066]: [2015/01/08 20:19:52.890531, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:52 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:53 smbd[2066]: [2015/01/08 20:19:53.901092, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:53 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:54 smbd[2066]: [2015/01/08 20:19:54.912209, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:54 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:55 smbd[2066]: [2015/01/08 20:19:55.922373, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:55 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:56 smbd[2066]: [2015/01/08 20:19:56.932368, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:56 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:57 smbd[2066]: [2015/01/08 20:19:57.942731, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:57 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:58 smbd[2066]: [2015/01/08 20:19:58.953319, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:58 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:59 named-pkcs11[1536]: OSSLRSA.cpp(999): RSA verify failed
(0x04091068)
20:19:59 named-pkcs11[1536]: pkcs11rsa_link.c:496: pkcs_C_VerifyFinal:
Error = 0x000000C0
20:19:59 named-pkcs11[1536]: OSSLRSA.cpp(999): RSA verify failed
(0x04091068)
20:19:59 named-pkcs11[1536]: pkcs11rsa_link.c:496: pkcs_C_VerifyFinal:
Error = 0x000000C0
20:19:59 smbd[2066]: [2015/01/08 20:19:59.963057, 0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:59 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:20:00 smbd[2066]: [2015/01/08 20:20:00.964313, 0]
ipa_sam.c:4440(pdb_init_ipasam)
20:20:00 smbd[2066]: Failed to get base DN.
20:20:00 smbd[2066]: [2015/01/08 20:20:00.964644, 0]
../source3/passdb/pdb_interface.c:178(make_pdb_method_name)
20:20:00 smbd[2066]: pdb backend
ipasam:ldapi://%2fvar%2frun%2fslapd-MY-LAN.socket did not correctly init
(error was NT_STATUS_UNSUCCESSFUL)
20:20:00 systemd[1]: smb.service: main process exited, code=exited,
status=1/FAILURE
20:20:00 systemd[1]: Failed to start Samba SMB Daemon.
20:20:00 systemd[1]: Unit smb.service entered failed state.
20:20:00 systemd[1]: smb.service failed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150108/46797381/attachment.htm>
More information about the Freeipa-users
mailing list