[Freeipa-users] krb5kdc will not start (kerberos authentication error)
Gronde, Christopher (Contractor)
Christopher.Gronde at fincen.gov
Mon Nov 9 15:39:35 UTC 2015
Hello all!
On my replica IPA server after fixing a cert issue that had been going on for sometime, I have all my certs figured out but the krb5kdc service will not start.
# service krb5kdc start
Starting Kerberos 5 KDC: krb5kdc: cannot initialize realm ITMODEV.GOV - see log file for details [FAILED]
# cat /var/log/krb5kdc.log
krb5kdc: Server error - while fetching master key K/M for realm ITMODEV.GOV
krb5kdc: Server error - while fetching master key K/M for realm ITMODEV.GOV
krb5kdc: Server error - while fetching master key K/M for realm ITMODEV.GOV
I found this article online: http://research.imb.uq.edu.au/~l.rathbone/ldap/kerberos.shtml
Which stated it might be because The slave KDC does not have a stash file (.k5.EXAMPLE.COM). You need to create one. Tried the command listed:
# kdb5_util stash
kdb5_util: Server error while retrieving master entry
No further information found on the proceeding error above for the kdb5_util command.
Any thoughts?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151109/6dfb04b1/attachment.htm>
More information about the Freeipa-users
mailing list