[Freeipa-users] Asking for help with crashed freeIPA istance
Daniel Schimpfoessl
daniel at schimpfoessl.com
Mon Dec 19 18:15:17 UTC 2016
Good day and happy holidays,
I have been running a freeIPA instance for a few years and been very happy.
Recently the certificate expired and I updated it using the documented
methods. At first all seemed fine. Added a Nagios monitor for the
certificate expiration and restarted the server (single server). I have
weekly snapshots, daily backups (using Amanda on the entire disk).
One day the services relying on IPA failed to authenticate. Looking at the
server the ipa service had stopped. Restarting the service fails. Restoring
a few weeks old snapshot does not start either. Resetting the date to a few
month back does not work either as httpd fails to start .
I am at a loss.
Here a few details:
# ipa --version
VERSION: 4.4.0, API_VERSION: 2.213
# /usr/sbin/ipactl start
...
out -> Failed to start pki-tomcatd Service
/var/log/pki/pki-tomcat/ca/debug -> Could not connect to LDAP server host
ipa.myorg.com port 636 Error netscape.ldap.LDAPException: Authentication
failed (48)
2016-12-19T03:02:16Z DEBUG The CA status is: check interrupted due to
error: Retrieving CA status failed with status 500
Any help would be appreciated as all connected services are now down.
Thanks,
Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161219/81ea1bb6/attachment.htm>
More information about the Freeipa-users
mailing list