[Freeipa-users] krb5kdc will not start (kerberos authentication error)
Alexander Bokovoy
abokovoy at redhat.com
Mon Nov 9 15:50:52 UTC 2015
On Mon, 09 Nov 2015, Gronde, Christopher (Contractor) wrote:
>Hello all!
>
>On my replica IPA server after fixing a cert issue that had been going on for sometime, I have all my certs figured out but the krb5kdc service will not start.
>
># service krb5kdc start
>Starting Kerberos 5 KDC: krb5kdc: cannot initialize realm ITMODEV.GOV - see log file for details [FAILED]
>
># cat /var/log/krb5kdc.log
>krb5kdc: Server error - while fetching master key K/M for realm ITMODEV.GOV
>krb5kdc: Server error - while fetching master key K/M for realm ITMODEV.GOV
>krb5kdc: Server error - while fetching master key K/M for realm ITMODEV.GOV
>
>I found this article online: http://research.imb.uq.edu.au/~l.rathbone/ldap/kerberos.shtml
>
>Which stated it might be because The slave KDC does not have a stash
>file (.k5.EXAMPLE.COM). You need to create one. Tried the command
>listed:
>
># kdb5_util stash
>kdb5_util: Server error while retrieving master entry
>
>No further information found on the proceeding error above for the kdb5_util command.
>
>Any thoughts?
First: don't use instructions which are not related to IPA, please.
FreeIPA has its own LDAP driver for KDC and instructions for anything
else do not apply here at all.
If you see 'Server error - while fetching master key ..' it means KDC
LDAP driver was unable to contact LDAP server. Does LDAP server work on
the replica? What is in its error log (/var/log/dirsrv/slapd-ITMODEV-GOV/errors)?
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list