[Freeipa-users] IPA wont start, all services fail

Simpson Lachlan Lachlan.Simpson at petermac.org
Tue Jan 19 05:03:39 UTC 2016 

> -----Original Message-----
> From: Simpson Lachlan


I've rebooted the machine, confirmed that FreeIPA isn't functioning (nothing
in the browser, nothing in sc).

I run

sc start dirsrv at UNIX-CO-ORG-AU.service
ipactl start

Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting ipa_memcached Service
Starting httpd Service
Starting pki-tomcatd Service
Starting smb Service
Job for smb.service failed because the control process exited with error
code. See "systemctl status smb.service" and "journalctl -xe" for details.
Failed to start smb Service
Shutting down
Aborting ipactl


The samba problem again, great. We know how to fix that.

ipa-adtrust-install --netbios-name=UNIX

Finishes successfully.

Browser doesn't work, cli doesn't work, nothing works.

OK.

I run this list of commands successfully:

ipctl stop
sc start dirsrv at UNIX-CO-ORG-AU.service
sc start krb5kdc
sc start kadmin
kdestroy
kinit admin
sc start ipa_memcached
sc start httpd
sc restart pki-tomcatd.target
ipa-adtrust-install --netbios-name=UNIX


sc --failed shows:
- ipa.service loaded failed failed Identity, Policy, Audit
- smb.service loaded failed failed Samba SMB Daemon

An attempt to start smb fails as per ipaNTSecurityIdentifier error that I got yesterday.
An attempt to start ipa manually (sc start ipa) fails as per above, but also
brings down all working services, requiring that they be restarted manually if
needed for future testing.

Final note. When I run ipa-adtrust-install --netbios-name=UNIX I get what
looks like a success message, although the output contains the following,
neither of which I can fully understand:
	
DNS management was not enabled at install time.
Add the following service records to your DNS server for DNS zone
unix.co.org.au:
 - _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs
 - _ldap._tcp.dc._msdcs
 - _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs
 - _kerberos._tcp.dc._msdcs
 - _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs
 - _kerberos._udp.dc._msdcs


(my unix.co.org.au DNS is managed upstream by the AD PDC, presumably this
is dealt with?)

and

 [22/23]: starting CIFS services
ipa : CRITICAL CIFS services failed to start
  [23/23]: adding SIDs to existing users and groups
Done configuring CIFS.

(no idea?)


Cheers
L.

This email (including any attachments or links) may contain 
confidential and/or legally privileged information and is 
intended only to be read or used by the addressee.  If you 
are not the intended addressee, any use, distribution, 
disclosure or copying of this email is strictly 
prohibited.  
Confidentiality and legal privilege attached to this email 
(including any attachments) are not waived or lost by 
reason of its mistaken delivery to you.
If you have received this email in error, please delete it 
and notify us immediately by telephone or email.  Peter 
MacCallum Cancer Centre provides no guarantee that this 
transmission is free of virus or that it has not been 
intercepted or altered and will not be liable for any delay 
in its receipt.

More information about the Freeipa-users mailing list