[Freeipa-users] Problem starting IPA after reboot

John Obaterspok john.obaterspok at gmail.com
Thu Jan 8 19:31:38 UTC 2015 

Hello,

I was trying out cifs mount when I ran into some problem where smb failed
to load. What I've done was:

1) ipa-getkeytab -s ipaserver  -p cifs/ipaserver.my.lan -k /etc/krb5.keytab

2) pdbedit -L on ipaserver (which failed since I'm using registry)

Then I got strange errors and tried reboot. Now initially smb failed to
start, then after a minute or two ipa + kadmin also fails.

I've noticed selinux complains about:
- SELinux is preventing /usr/sbin/krb5kdc from write access on the
sock_file /var/lib/sss/pipes/pac.
- SELinux is preventing /usr/sbin/krb5kdc from connectto access on the
unix_stream_socket /var/lib/sss/pipes/pac.

I see the following in journal -b

20:19:44 smbd[2065]: [2015/01/08 20:19:44.736247,  0]
../source3/smbd/server.c:1269(main)
20:19:44 smbd[2065]: standard input is not a socket, assuming -D option
20:19:44 systemd[1]: smb.service: Supervising process 2066 which is not our
child. We'll most likely not notice when it exits.
20:19:44 smbd[2066]: [2015/01/08 20:19:44.803085,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:44 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:44 smbd[2066]: [2015/01/08 20:19:44.803985,  0]
../source3/lib/smbldap.c:998(smbldap_connect_system)
20:19:44 smbd[2066]: failed to bind to server
ldapi://%2fvar%2frun%2fslapd-MY-LAN.socket with dn="[Anonymous bind]"
Error: Local error
20:19:44 smbd[2066]: (unknown)
20:19:45 smbd[2066]: [2015/01/08 20:19:45.815968,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:45 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:46 smbd[2066]: [2015/01/08 20:19:46.826820,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:46 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:47 smbd[2066]: [2015/01/08 20:19:47.837775,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:47 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:48 smbd[2066]: [2015/01/08 20:19:48.848497,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:48 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:49 smbd[2066]: [2015/01/08 20:19:49.859177,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:49 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:50 smbd[2066]: [2015/01/08 20:19:50.869958,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:50 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:51 smbd[2066]: [2015/01/08 20:19:51.880575,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:51 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:52 smbd[2066]: [2015/01/08 20:19:52.890531,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:52 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:53 smbd[2066]: [2015/01/08 20:19:53.901092,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:53 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:54 smbd[2066]: [2015/01/08 20:19:54.912209,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:54 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:55 smbd[2066]: [2015/01/08 20:19:55.922373,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:55 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:56 smbd[2066]: [2015/01/08 20:19:56.932368,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:56 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:57 smbd[2066]: [2015/01/08 20:19:57.942731,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:57 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:58 smbd[2066]: [2015/01/08 20:19:58.953319,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:58 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:19:59 named-pkcs11[1536]: OSSLRSA.cpp(999): RSA verify failed
(0x04091068)
20:19:59 named-pkcs11[1536]: pkcs11rsa_link.c:496: pkcs_C_VerifyFinal:
Error = 0x000000C0
20:19:59 named-pkcs11[1536]: OSSLRSA.cpp(999): RSA verify failed
(0x04091068)
20:19:59 named-pkcs11[1536]: pkcs11rsa_link.c:496: pkcs_C_VerifyFinal:
Error = 0x000000C0
20:19:59 smbd[2066]: [2015/01/08 20:19:59.963057,  0]
ipa_sam.c:4128(bind_callback_cleanup)
20:19:59 smbd[2066]: kerberos error: code=-1765328366, message=Clients
credentials have been revoked
20:20:00 smbd[2066]: [2015/01/08 20:20:00.964313,  0]
ipa_sam.c:4440(pdb_init_ipasam)
20:20:00 smbd[2066]: Failed to get base DN.
20:20:00 smbd[2066]: [2015/01/08 20:20:00.964644,  0]
../source3/passdb/pdb_interface.c:178(make_pdb_method_name)
20:20:00 smbd[2066]: pdb backend
ipasam:ldapi://%2fvar%2frun%2fslapd-MY-LAN.socket did not correctly init
(error was NT_STATUS_UNSUCCESSFUL)
20:20:00 systemd[1]: smb.service: main process exited, code=exited,
status=1/FAILURE
20:20:00 systemd[1]: Failed to start Samba SMB Daemon.
20:20:00 systemd[1]: Unit smb.service entered failed state.
20:20:00 systemd[1]: smb.service failed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150108/46797381/attachment.htm>

More information about the Freeipa-users mailing list