[Freeipa-users] installation of ipa-server successful but sssd fails..
lejeczek
peljasz at yahoo.co.uk
Wed Feb 24 12:45:55 UTC 2016
On 24/02/16 11:26, Sumit Bose wrote:
> On Wed, Feb 24, 2016 at 11:21:13AM +0000, lejeczek wrote:
>> he everybody,
>> my first tampering with install gets me:
>>
>> Feb 24 11:04:22 my.host.fake sssd[be[host.fake]][17425]: Starting up
>> Feb 24 11:04:22 my.host.fake sssd[be[host.fake]][17425]: Failed to read
>> keytab [default]: Bad address
>> Feb 24 11:04:22 my.host.fake sssd[17406]: Exiting the SSSD. Could not
>> restart critical service [host.fake].
>> Feb 24 11:04:22 my.host.fake systemd[1]: sssd.service: control process
>> exited, code=exited status=1
>> Feb 24 11:04:22 my.host.fake systemd[1]: Failed to start System Security
>> Services Daemon.
>> Feb 24 11:04:22 my.host.fake systemd[1]: Unit sssd.service entered failed
>> state.
>> Feb 24 11:04:22 my.host.fake systemd[1]: sssd.service failed.
>>
>> And just after install process finishes I try:
>> $ kinit admin
>> kinit: Improper format of Kerberos configuration file while initializing
>> Kerberos 5 library
> I would recommend to check /etc/krb5.conf first. Since the library call
> SSSD uses the read the keytab will read /etc/krb5.conf as well, this
> might be the reason for the SSSD issue as well.
I said keytab, I meant config, which is below included.
>
> HTH
>
> bye,
> Sumit
>
>> here is keytab server installer created/amended: (one thing that I'm not
>> sure is the fact that my new "host.fake" domain is different from my
>> previously existing ldap search
>> "dc=xxx,dc=zzzzzzzz" - if it matters at all? Otherwise I have no clue.
>>
>> [domain/host.fake]
>>
>> cache_credentials = True
>> krb5_store_password_if_offline = True
>> ipa_domain = host.fake
>> id_provider = ipa
>> auth_provider = ipa
>> access_provider = ipa
>> ipa_hostname = my.host.fake
>> chpass_provider = ipa
>> ipa_server = my.host.fake
>> ipa_server_mode = True
>> ldap_tls_cacert = /etc/ipa/ca.crt
>> [domain/default]
>> autofs_provider = ldap
>> cache_credentials = True
>> krb5_realm = #
>> ldap_search_base = dc=xxx,dc=zzzzzzzz
>> id_provider = ldap
>> auth_provider = ldap
>> chpass_provider = ldap
>> ldap_uri = ldap://my.host.fake:1389/
>> ldap_id_use_start_tls = True
>> ldap_tls_cacertdir = /etc/openldap/cacerts
>>
>> krb5_server = my.host.fake:88
>> [sssd]
>> services = nss, sudo, pam, autofs, ssh
>> config_file_version = 2
>>
>> domains = host.fake
>>
>> [nss]
>> memcache_timeout = 600
>> homedir_substring = /home
>>
>>
>> regards.
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list