[Freeipa-users] installation of ipa-server successful but sssd fails..
Sumit Bose
sbose at redhat.com
Wed Feb 24 14:22:38 UTC 2016
On Wed, Feb 24, 2016 at 12:45:55PM +0000, lejeczek wrote:
> On 24/02/16 11:26, Sumit Bose wrote:
> >On Wed, Feb 24, 2016 at 11:21:13AM +0000, lejeczek wrote:
> >>he everybody,
> >>my first tampering with install gets me:
> >>
> >>Feb 24 11:04:22 my.host.fake sssd[be[host.fake]][17425]: Starting up
> >>Feb 24 11:04:22 my.host.fake sssd[be[host.fake]][17425]: Failed to read
> >>keytab [default]: Bad address
> >>Feb 24 11:04:22 my.host.fake sssd[17406]: Exiting the SSSD. Could not
> >>restart critical service [host.fake].
> >>Feb 24 11:04:22 my.host.fake systemd[1]: sssd.service: control process
> >>exited, code=exited status=1
> >>Feb 24 11:04:22 my.host.fake systemd[1]: Failed to start System Security
> >>Services Daemon.
> >>Feb 24 11:04:22 my.host.fake systemd[1]: Unit sssd.service entered failed
> >>state.
> >>Feb 24 11:04:22 my.host.fake systemd[1]: sssd.service failed.
> >>
> >>And just after install process finishes I try:
> >>$ kinit admin
> >>kinit: Improper format of Kerberos configuration file while initializing
> >>Kerberos 5 library
> >I would recommend to check /etc/krb5.conf first. Since the library call
> >SSSD uses the read the keytab will read /etc/krb5.conf as well, this
> >might be the reason for the SSSD issue as well.
> I said keytab, I meant config, which is below included.
This is the SSSD config file /etc/sssd/sssd.conf, I really meant
/etc/krb5.conf.
bye,
Sumit
> >
> >HTH
> >
> >bye,
> >Sumit
> >
> >>here is keytab server installer created/amended: (one thing that I'm not
> >>sure is the fact that my new "host.fake" domain is different from my
> >>previously existing ldap search
> >>"dc=xxx,dc=zzzzzzzz" - if it matters at all? Otherwise I have no clue.
> >>
> >>[domain/host.fake]
> >>
> >>cache_credentials = True
> >>krb5_store_password_if_offline = True
> >>ipa_domain = host.fake
> >>id_provider = ipa
> >>auth_provider = ipa
> >>access_provider = ipa
> >>ipa_hostname = my.host.fake
> >>chpass_provider = ipa
> >>ipa_server = my.host.fake
> >>ipa_server_mode = True
> >>ldap_tls_cacert = /etc/ipa/ca.crt
> >>[domain/default]
> >>autofs_provider = ldap
> >>cache_credentials = True
> >>krb5_realm = #
> >>ldap_search_base = dc=xxx,dc=zzzzzzzz
> >>id_provider = ldap
> >>auth_provider = ldap
> >>chpass_provider = ldap
> >>ldap_uri = ldap://my.host.fake:1389/
> >>ldap_id_use_start_tls = True
> >>ldap_tls_cacertdir = /etc/openldap/cacerts
> >>
> >>krb5_server = my.host.fake:88
> >>[sssd]
> >>services = nss, sudo, pam, autofs, ssh
> >>config_file_version = 2
> >>
> >>domains = host.fake
> >>
> >>[nss]
> >>memcache_timeout = 600
> >>homedir_substring = /home
> >>
> >>
> >>regards.
> >>
> >>--
> >>Manage your subscription for the Freeipa-users mailing list:
> >>https://www.redhat.com/mailman/listinfo/freeipa-users
> >>Go to http://freeipa.org for more info on the project
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list