<div dir="ltr"><div><br></div><div><br></div><div>rpm -qa | grep krb5</div><div>pam_krb5-2.3.11-9.el6.x86_64</div><div><b>krb5-server-1.10.3-10.el6_4.6.x86_64</b></div><div>krb5-libs-1.10.3-10.el6_4.6.x86_64</div><div>krb5-workstation-1.10.3-10.el6_4.6.x86_64</div>

<div><br></div><div>I don't see any segfaults in messages.</div><div><br></div><div><span style="font-size:13px;font-family:arial,sans-serif">/var/log/dirsrv/slapd-</span><u style="font-size:13px;font-family:arial,sans-serif"></u><span style="font-size:13px;font-family:arial,sans-serif">MIOVISIO</span><span style="font-size:13px;font-family:arial,sans-serif">N-LINUX/</span>errors looks pretty clean:</div>

<div><br></div><div><div><span style="white-space:pre-wrap">      </span>389-Directory/<a href="http://1.2.11.15" target="_blank">1.2.11.15</a> B2013.337.1530</div><div><span style="white-space:pre-wrap">    </span>ipa1.miovision.linux:389 (/etc/dirsrv/slapd-MIOVISION-LINUX)</div>

<div><br></div><div>[04/Feb/2014:15:39:54 -0500] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database</div><div>[04/Feb/2014:15:39:54 -0500] - check_and_set_import_cache: pagesize: 4096, pages: 1497738, procpages: 51916</div>

<div>[04/Feb/2014:15:39:54 -0500] - Import allocates 2396380KB import cache.</div><div>[04/Feb/2014:15:39:55 -0500] - import userRoot: Beginning import job...</div><div>[04/Feb/2014:15:39:55 -0500] - import userRoot: Index buffering enabled with bucket size 100</div>

<div>[04/Feb/2014:15:39:56 -0500] - import userRoot: Processing file "/var/lib/dirsrv/boot.ldif"</div><div>[04/Feb/2014:15:39:56 -0500] - import userRoot: Finished scanning file "/var/lib/dirsrv/boot.ldif" (1 entries)</div>

<div>[04/Feb/2014:15:40:03 -0500] - import userRoot: Workers finished; cleaning up...</div><div>[04/Feb/2014:15:40:04 -0500] - import userRoot: Workers cleaned up.</div><div>[04/Feb/2014:15:40:05 -0500] - import userRoot: Cleaning up producer thread...</div>

<div>[04/Feb/2014:15:40:05 -0500] - import userRoot: Indexing complete.  Post-processing...</div><div>[04/Feb/2014:15:40:06 -0500] - import userRoot: Generating numSubordinates complete.</div><div>[04/Feb/2014:15:40:07 -0500] - Nothing to do to build ancestorid index</div>

<div>[04/Feb/2014:15:40:08 -0500] - import userRoot: Flushing caches...</div><div>[04/Feb/2014:15:40:08 -0500] - import userRoot: Closing files...</div><div>[04/Feb/2014:15:40:10 -0500] - All database threads now stopped</div>

<div>[04/Feb/2014:15:40:10 -0500] - import userRoot: Import complete.  Processed 1 entries in 15 seconds. (0.07 entries/sec)</div><div>[04/Feb/2014:15:40:18 -0500] - 389-Directory/<a href="http://1.2.11.15" target="_blank">1.2.11.15</a> B2013.337.1530 starting up</div>

<div>[04/Feb/2014:15:40:19 -0500] - Db home directory is not set. Possibly nsslapd-directory (optinally nsslapd-db-home-directory) is missing in the config file.</div><div>[04/Feb/2014:15:40:19 -0500] - I'm resizing my cache now...cache was 2453893120 and is now 8000000</div>

<div>[04/Feb/2014:15:40:36 -0500] - slapd started.  Listening on All Interfaces port 389 for LDAP requests</div><div>[04/Feb/2014:15:40:36 -0500] - slapd shutting down - signaling operation threads</div><div>[04/Feb/2014:15:40:37 -0500] - slapd shutting down - closing down internal subsystems and plugins</div>

<div>[04/Feb/2014:15:40:37 -0500] - Waiting for 4 database threads to stop</div><div>[04/Feb/2014:15:40:38 -0500] - All database threads now stopped</div><div>[04/Feb/2014:15:40:38 -0500] - slapd stopped.</div><div>[04/Feb/2014:15:40:40 -0500] - 389-Directory/<a href="http://1.2.11.15" target="_blank">1.2.11.15</a> B2013.337.1530 starting up</div>

<div>[04/Feb/2014:15:40:41 -0500] - slapd started.  Listening on All Interfaces port 389 for LDAP requests</div><div>[04/Feb/2014:15:40:43 -0500] - The change of nsslapd-ldapilisten will not take effect until the server is restarted</div>

<div>[04/Feb/2014:15:41:10 -0500] - Warning: Adding configuration attribute "nsslapd-security"</div><div>[04/Feb/2014:15:41:13 -0500] - slapd shutting down - signaling operation threads</div><div>[04/Feb/2014:15:41:14 -0500] - slapd shutting down - waiting for 30 threads to terminate</div>

<div>[04/Feb/2014:15:41:14 -0500] - slapd shutting down - closing down internal subsystems and plugins</div><div>[04/Feb/2014:15:41:15 -0500] - Waiting for 4 database threads to stop</div><div>[04/Feb/2014:15:41:17 -0500] - All database threads now stopped</div>

<div>[04/Feb/2014:15:41:17 -0500] - slapd stopped.</div><div>[04/Feb/2014:15:41:27 -0500] - 389-Directory/<a href="http://1.2.11.15" target="_blank">1.2.11.15</a> B2013.337.1530 starting up</div><div>[04/Feb/2014:15:41:27 -0500] attrcrypt - No symmetric key found for cipher AES in backend userRoot, attempting to create one...</div>

<div>[04/Feb/2014:15:41:28 -0500] attrcrypt - Key for cipher AES successfully generated and stored</div><div>[04/Feb/2014:15:41:29 -0500] attrcrypt - No symmetric key found for cipher 3DES in backend userRoot, attempting to create one...</div>

<div>[04/Feb/2014:15:41:29 -0500] attrcrypt - Key for cipher 3DES successfully generated and stored</div><div>[04/Feb/2014:15:41:31 -0500] - slapd started.  Listening on All Interfaces port 389 for LDAP requests</div><div>

[04/Feb/2014:15:41:31 -0500] - Listening on All Interfaces port 636 for LDAPS requests</div><div>[04/Feb/2014:15:41:32 -0500] - Listening on /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests</div><div>[04/Feb/2014:15:42:06 -0500] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which should be added before the CoS Definition.</div>

<div>[04/Feb/2014:15:44:31 -0500] - slapd shutting down - signaling operation threads</div><div>[04/Feb/2014:15:44:33 -0500] - slapd shutting down - closing down internal subsystems and plugins</div><div>[04/Feb/2014:15:44:44 -0500] - Waiting for 4 database threads to stop</div>

<div>[04/Feb/2014:15:44:47 -0500] - All database threads now stopped</div><div>[04/Feb/2014:15:44:47 -0500] - slapd stopped.</div><div>[04/Feb/2014:15:44:49 -0500] - 389-Directory/<a href="http://1.2.11.15" target="_blank">1.2.11.15</a> B2013.337.1530 starting up</div>

<div>[04/Feb/2014:15:44:51 -0500] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=miovision,dc=linux</div><div>[04/Feb/2014:15:44:52 -0500] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=miovision,dc=linux</div>

<div>[04/Feb/2014:15:44:52 -0500] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=miovision,dc=linux</div><div>[04/Feb/2014:15:44:52 -0500] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which should be added before the CoS Definition.</div>

<div>[04/Feb/2014:15:44:52 -0500] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which should be added before the CoS Definition.</div><div>[04/Feb/2014:15:44:53 -0500] - slapd started.  Listening on All Interfaces port 389 for LDAP requests</div>

<div>[04/Feb/2014:15:44:53 -0500] - Listening on All Interfaces port 636 for LDAPS requests</div><div>[04/Feb/2014:15:44:53 -0500] - Listening on /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests</div><div>[04/Feb/2014:15:44:53 -0500] - The change of nsslapd-maxdescriptors will not take effect until the server is restarted</div>

<div>[05/Feb/2014:09:51:59 -0500] - slapd shutting down - signaling operation threads</div><div>[05/Feb/2014:09:51:59 -0500] - slapd shutting down - waiting for 26 threads to terminate</div><div>[05/Feb/2014:09:52:00 -0500] - slapd shutting down - closing down internal subsystems and plugins</div>

<div>[05/Feb/2014:09:52:00 -0500] - Waiting for 4 database threads to stop</div><div>[05/Feb/2014:09:52:00 -0500] - All database threads now stopped</div><div>[05/Feb/2014:09:52:00 -0500] - slapd stopped.</div></div><div>

<br></div><div><br></div><div>Thanks,</div></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr"><span style="font-family:arial,sans-serif;font-size:16px"><strong>Steve Dainard </strong></span><span style="font-size:12px"></span><br>

<span style="font-family:arial,sans-serif;font-size:12px">IT Infrastructure Manager<br>
<a href="http://miovision.com/" target="_blank">Miovision</a> | <em>Rethink Traffic</em><br>
519-513-2407 ex.250<br>
877-646-8476 (toll-free)<br>
<br>
<strong style="font-family:arial,sans-serif;font-size:13px;color:#999999"><a href="http://miovision.com/blog" target="_blank">Blog</a>  |  </strong><font color="#999999" style="font-family:arial,sans-serif;font-size:13px"><strong><a href="https://www.linkedin.com/company/miovision-technologies" target="_blank">LinkedIn</a>  |  <a href="https://twitter.com/miovision" target="_blank">Twitter</a>  |  <a href="https://www.facebook.com/miovision" target="_blank">Facebook</a></strong></font> </span>
<hr style="font-family:arial,sans-serif;font-size:13px;color:#333333;clear:both">
<div style="color:#999999;font-family:arial,sans-serif;font-size:13px;padding-top:5px">
        <span style="font-family:arial,sans-serif;font-size:12px">Miovision Technologies Inc. | 148 Manitou Drive, Suite 101, Kitchener, ON, Canada | N2C 1L3</span><br>
        <span style="font-family:arial,sans-serif;font-size:12px">This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.</span></div>
</div></div>
<br><br><div class="gmail_quote">On Wed, Feb 5, 2014 at 11:50 AM, Rob Crittenden <span dir="ltr"><<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Steve Dainard wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
Following this guide:<br>
<a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html" target="_blank">https://access.redhat.com/<u></u>site/documentation/en-US/Red_<u></u>Hat_Enterprise_Linux/6/html/<u></u>Identity_Management_Guide/<u></u>trust-diff-dns-domains.html</a><br>

<br>
STEP 4:<br>
ipa-server-install --setup-dns -p '<password>' -a '<password>' -r<br>
MIOVISION.LINUX -n miovision.linux --hostname ipa1.miovision.linux<br>
--forwarder=10.0.0.2 --forwarder=10.0.0.5<br>
<br>
Server host name [ipa1.miovision.linux]:<br>
<br>
Warning: skipping DNS resolution of host ipa1.miovision.linux<br>
Unable to resolve IP address for host name<br>
Please provide the IP address to be used for this host name: 10.0.6.3<br>
Adding [10.0.6.3 ipa1.miovision.linux] to your /etc/hosts file<br>
Do you want to configure the reverse zone? [yes]:<br>
Please specify the reverse zone name [6.0.10.in-addr.arpa.]:<br>
Using reverse zone 6.0.10.in-addr.arpa.<br>
<br>
The IPA Master Server will be configured with:<br>
Hostname:      ipa1.miovision.linux<br>
IP address:    10.0.6.3<br>
Domain name:   miovision.linux<br>
Realm name:    MIOVISION.LINUX<br>
<br>
BIND DNS server will be configured to serve IPA domain with:<br>
Forwarders:    10.0.0.2, 10.0.0.5<br>
Reverse zone:  6.0.10.in-addr.arpa.<br>
<br>
Continue to configure the system with these values? [no]: yes<br>
<br>
The following operations may take some minutes to complete.<br>
Please wait until the prompt is returned.<br>
<br>
Configuring NTP daemon (ntpd)<br>
   [1/4]: stopping ntpd<br>
<br>
...<br>
<br>
Done configuring directory server (dirsrv).<br>
Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds<br>
   [1/10]: adding sasl mappings to the directory<br>
   [2/10]: adding kerberos container to the directory<br>
   [3/10]: configuring KDC<br>
   [4/10]: initialize kerberos container<br>
Failed to initialize the realm container<br>
   [5/10]: adding default ACIs<br>
   [6/10]: creating a keytab for the directory<br>
Unexpected error - see /var/log/ipaserver-install.log for details:<br>
CalledProcessError: Command 'kadmin.local -q addprinc -randkey<br>
ldap/ipa1.miovision.linux@<u></u>MIOVISION.LINUX -x<br>
ipa-setup-override-<u></u>restrictions' returned non-zero exit status 1<br>
<br></div></div>
*/var/log/ipaserver-install.<u></u>log*<div><div class="h5"><br>
<br>
add aci:<br>
<br>
(target="ldap:///cn=*,cn=ca_<u></u>renewal,cn=ipa,cn=etc,dc=<u></u>miovision,dc=linux")(<u></u>targetattr="userCertificate")(<u></u>version<br>
3.0; acl "Modify CA Certificates for renewals"; allow(write) userdn =<br>
"ldap:///fqdn=ipa1.miovision.<u></u>linux,cn=computers,cn=<u></u>accounts,dc=miovision,dc=<u></u>linux";)<br>
modifying entry "cn=ipa,cn=etc,dc=miovision,<u></u>dc=linux"<br>
modify complete<br>
<br>
<br>
2014-02-04T20:45:51Z DEBUG stderr=ldap_initialize(<br>
ldapi://%2Fvar%2Frun%2Fslapd-<u></u>MIOVISION-LINUX.socket/??base )<br>
<br>
2014-02-04T20:45:51Z DEBUG   duration: 6 seconds<br>
2014-02-04T20:45:51Z DEBUG   [6/10]: creating a keytab for the directory<br>
2014-02-04T20:45:51Z DEBUG args=kadmin.local -q addprinc -randkey<br>
ldap/ipa1.miovision.linux@<u></u>MIOVISION.LINUX -x ipa-setup-override-<u></u>restrictions<br>
2014-02-04T20:45:51Z DEBUG stdout=Authenticating as principal<br>
root/admin@MIOVISION.LINUX with password.<br>
<br>
2014-02-04T20:45:51Z DEBUG stderr=kadmin.local: No such entry in the<br>
database while initializing kadmin.local interface<br>
<br>
2014-02-04T20:45:51Z INFO   File<br>
"/usr/lib/python2.6/site-<u></u>packages/ipaserver/install/<u></u>installutils.py",<br>
line 614, in run_script<br>
     return_value = main_function()<br>
<br>
   File "/usr/sbin/ipa-server-install"<u></u>, line 1024, in main<br>
     subject_base=options.subject)<br>
<br>
   File<br>
"/usr/lib/python2.6/site-<u></u>packages/ipaserver/install/<u></u>krbinstance.py",<br>
line 183, in create_instance<br>
     self.start_creation(runtime=<u></u>30)<br>
<br>
   File "/usr/lib/python2.6/site-<u></u>packages/ipaserver/install/<u></u>service.py",<br>
line 358, in start_creation<br>
     method()<br>
<br>
   File<br>
"/usr/lib/python2.6/site-<u></u>packages/ipaserver/install/<u></u>krbinstance.py",<br>
line 386, in __create_ds_keytab<br>
     installutils.kadmin_addprinc(<u></u>ldap_principal)<br>
<br>
   File<br>
"/usr/lib/python2.6/site-<u></u>packages/ipaserver/install/<u></u>installutils.py",<br>
line 369, in kadmin_addprinc<br>
     kadmin("addprinc -randkey " + principal)<br>
<br>
   File<br>
"/usr/lib/python2.6/site-<u></u>packages/ipaserver/install/<u></u>installutils.py",<br>
line 366, in kadmin<br>
     "-x", "ipa-setup-override-<u></u>restrictions"])<br>
<br>
   File "/usr/lib/python2.6/site-<u></u>packages/ipapython/ipautil.py"<u></u>, line<br>
316, in run<br>
     raise CalledProcessError(p.<u></u>returncode, args)<br>
<br>
2014-02-04T20:45:51Z INFO The ipa-server-install command failed,<br>
exception: CalledProcessError: Command 'kadmin.local -q addprinc<br>
-randkey ldap/ipa1.miovision.linux@<u></u>MIOVISION.LINUX -x<br>
ipa-setup-override-<u></u>restrictions' returned non-zero exit status 1<br>
<br>
</div></div></blockquote>
<br>
Steve sent me the logs out-of-band. I think the problem is an earlier failure after generating the master key:<br>
<br>
2014-02-04T20:45:45Z DEBUG args=kdb5_util create -s -r MIOVISION.LINUX -x ipa-setup-override-<u></u>restrictions<br>
2014-02-04T20:45:45Z DEBUG stdout=Loading random data<br>
Initializing database '/var/kerberos/krb5kdc/<u></u>principal' for realm 'MIOVISION.LINUX',<br>
master key name 'K/M@MIOVISION.LINUX'<br>
You will be prompted for the database Master Password.<br>
It is important that you NOT FORGET this password.<br>
Enter KDC database master key:<br>
Re-enter KDC database master key to verify:<br>
<br>
<br>
2014-02-04T20:45:45Z DEBUG stderr=kdb5_util: add.c:124: ldap_add_ext: Assertion `ld != ((void *)0)' failed.<br>
<br>
What version of krb5_server is installed? Does /var/log/messages indicate a segfault? Are there any failures in /var/log/dirsrv/slapd-<u></u>MIOVISION-LINUX/errors?<span class="HOEnZb"><font color="#888888"><br>
<br>
rob<br>
</font></span></blockquote></div><br></div>