<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Yep, it was that [dbmodules] section that bit us. Thanks!<br>
<br>
<div class="moz-cite-prefix">On 05/19/2014 08:58 AM, Szymon Jazy
wrote:<br>
</div>
<blockquote
cite="mid:CAHhdjU9F57tz3YL0RuGUjO_V-ZBk=XAzVrtL56Di5Gw1v_aPaQ@mail.gmail.com"
type="cite">
<div dir="ltr">sth like:
<div><br>
</div>
<div>
<div><font face="times new roman, serif">[logging]</font></div>
<div><font face="times new roman, serif"> default =
<a class="moz-txt-link-freetext" href="FILE:/var/log/krb5libs.log">FILE:/var/log/krb5libs.log</a></font></div>
<div><font face="times new roman, serif"> kdc =
<a class="moz-txt-link-freetext" href="FILE:/var/log/krb5kdc.log">FILE:/var/log/krb5kdc.log</a></font></div>
<div><font face="times new roman, serif"> admin_server =
<a class="moz-txt-link-freetext" href="FILE:/var/log/kadmind.log">FILE:/var/log/kadmind.log</a></font></div>
<div><font face="times new roman, serif"><br>
</font></div>
<div><font face="times new roman, serif">[libdefaults]</font></div>
<div>
<font face="times new roman, serif"> default_realm = DOMAIN</font></div>
<div><font face="times new roman, serif"> dns_lookup_realm =
false</font></div>
<div><font face="times new roman, serif"> dns_lookup_kdc =
true</font></div>
<div><font face="times new roman, serif"> rdns = false</font></div>
<div><font face="times new roman, serif"> ticket_lifetime =
24h</font></div>
<div><font face="times new roman, serif"> forwardable = yes</font></div>
<div>
<font face="times new roman, serif"><br>
</font></div>
<div><font face="times new roman, serif">[realms]</font></div>
<div><font face="times new roman, serif"> DOMAIN = {</font></div>
<div><font face="times new roman, serif"> kdc = <a
moz-do-not-send="true" href="http://ipa1.foo.net:88">ipa1.foo.net:88</a></font></div>
<div><font face="times new roman, serif"> master_kdc = <a
moz-do-not-send="true" href="http://ipa1.foo.net:88">ipa1.foo.net:88</a></font></div>
<div><font face="times new roman, serif"> admin_server = <a
moz-do-not-send="true" href="http://ipa1.foo.net:749">ipa1.foo.net:749</a></font></div>
<div><font face="times new roman, serif"> default_domain =
domain</font></div>
<div><font face="times new roman, serif"> pkinit_anchors =
<a class="moz-txt-link-freetext" href="FILE:/etc/ipa/ca.crt">FILE:/etc/ipa/ca.crt</a></font></div>
<div><font face="times new roman, serif">}</font></div>
<div><font face="times new roman, serif"><br>
</font></div>
<div><font face="times new roman, serif">[domain_realm]</font></div>
<div><font face="times new roman, serif"> .domain = DOMAIN</font></div>
<div><font face="times new roman, serif"> domain = DOMAIN</font></div>
<div><font face="times new roman, serif"><br>
</font></div>
<div><font face="times new roman, serif">[dbmodules]</font></div>
<div><font face="times new roman, serif"> DOMAIN = {</font></div>
<div><font face="times new roman, serif"> db_library =
ipadb.so</font></div>
<div><font face="times new roman, serif"> }</font></div>
</div>
<div><br>
</div>
<div class="gmail_extra"><br clear="all">
<div><span style="font-size:x-small">Szymon</span></div>
<br>
<div class="gmail_quote">2014-05-19 14:52 GMT+02:00 Bret
Wortman <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:bret.wortman@damascusgrp.com"
target="_blank">bret.wortman@damascusgrp.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Okay, it looks like
our /etc/krb5.conf file got overwritten by an overeager
Puppet module that shouldn't have affected an IPA server
but did.<br>
<br>
Can someone provide some guidance as to what this file
is supposed to look like on an IPA server named "<a
moz-do-not-send="true" href="http://ipa1.foo.net"
target="_blank">ipa1.foo.net</a>" since ours is
obviously completely wrong and I don't have an
unadulterated server to look at for comparison? Thanks.<br>
<br>
<br>
Bret<br>
<br>
<div>On 05/19/2014 06:51 AM, Bret Wortman wrote:<br>
</div>
<blockquote type="cite"> Happy Monday to me -- I came in
this morning to find all 3 of my IPA replicas are
down. When I tried to start one of them, I got this:<br>
<br>
<tt>[root@ipa1 ~]# ipactl start</tt><tt><br>
</tt><tt>Existing service file detected!</tt><tt><br>
</tt><tt>Assuming stale, cleaning and proceeding</tt><tt><br>
</tt><tt>Starting Directory Service</tt><tt><br>
</tt><tt>Starting krb5kdc Service</tt><tt><br>
</tt><tt>Job for krb5kdc.service failed. See
'systemctl status krb5kdc.service' and 'journalctl
-xn' for details.</tt><tt><br>
</tt><tt>Failed to start krb5kdc Service</tt><tt><br>
</tt><tt>Shutting down</tt><tt><br>
</tt><tt>Aborting ipactl</tt><tt><br>
</tt><tt>[root@ipa1 ~]# systemctl status
krb5kdc.service</tt><tt><br>
</tt><tt>krb5kdc.service - Kerberos 5 KDC</tt><tt><br>
</tt><tt> Loaded: loaded
(/usr/lib/systemd/system/krb5kdc.service; disabled)</tt><tt><br>
</tt><tt> Active: failed (Result: exit-code) since
Mon 2014-05-19 06:46:24 EDT; 51s ago</tt><tt><br>
</tt><tt> Process: 1835 ExecStart=/usr/sbin/krb5kdc
-P /var/run/krb5kdc.pid $KRB5KDC_ARGS (code=exited,
status=1/FAILURE)</tt><tt><br>
</tt><tt><br>
</tt><tt>May 19 06:46:24 <a moz-do-not-send="true"
href="http://ipa1.foo.net" target="_blank">ipa1.foo.net</a>
systemd[1]: krb5kdc.service: control process exited,
code=exited status=1</tt><tt><br>
</tt><tt>May 19 06:46:24 <a moz-do-not-send="true"
href="http://ipa1.foo.net" target="_blank">ipa1.foo.net</a>
systemd[1]: Failed to start Kerberos 5 KDC.</tt><tt><br>
</tt><tt>May 19 06:46:24 <a moz-do-not-send="true"
href="http://ipa1.foo.net" target="_blank">ipa1.foo.net</a>
systemd[1]: Unit krb5kdc.service entered failed
state.</tt><tt><br>
</tt><tt>May 19 06:46:24 <a moz-do-not-send="true"
href="http://ipa1.foo.net" target="_blank">ipa1.foo.net</a>
systemd[1]: Stopped Kerberos 5 KDC.</tt><tt><br>
</tt><tt>[root@ipa1 ~]# journalctl -xn</tt><tt><br>
</tt><tt>-- Logs begin at Tue 2014-05-13 09:50:44 EDT,
end at Mon 2014-05-19 06:47:03 EDT. --</tt><tt><br>
</tt><tt>May 19 06:46:42 <a moz-do-not-send="true"
href="http://ipa1.foo.net" target="_blank">ipa1.foo.net</a>
ntpd_intres[526]: host name not found: <a
moz-do-not-send="true"
href="http://2.fedora.pool.ntp.org"
target="_blank">2.fedora.pool.ntp.org</a></tt><tt><br>
</tt><tt>May 19 06:46:58 <a moz-do-not-send="true"
href="http://ipa1.foo.net" target="_blank">ipa1.foo.net</a>
sshd[1855]: error: AuthorizedKeysCommand
/usr/bin/sss_ssh_authorizedkeys returned status 1</tt><tt><br>
</tt><tt>May 19 06:47:00 <a moz-do-not-send="true"
href="http://ipa1.foo.net" target="_blank">ipa1.foo.net</a>
sshd[1855]: Accepted password for root from
192.168.2.13 port 42299 ssh2</tt><tt><br>
</tt><tt>May 19 06:47:00 <a moz-do-not-send="true"
href="http://ipa1.foo.net" target="_blank">ipa1.foo.net</a>
systemd[1]: Starting Session 5 of user root.</tt><tt><br>
</tt><tt>-- Subject: Unit session-5.scope has begun
with start-up</tt><tt><br>
</tt><tt>-- Defined-By: systemd</tt><tt><br>
</tt><tt>-- Support: <a moz-do-not-send="true"
href="http://lists.freedesktop.org/mailman/listinfo/systemd-devel"
target="_blank">http://lists.freedesktop.org/mailman/listinfo/systemd-devel</a></tt><tt><br>
</tt><tt>-- </tt><tt><br>
</tt><tt>-- Unit session-5.scope has begun starting
up.</tt><tt><br>
</tt><tt>May 19 06:47:00 <a moz-do-not-send="true"
href="http://ipa1.foo.net" target="_blank">ipa1.foo.net</a>
systemd-logind[495]: New session 5 of user root.</tt><tt><br>
</tt><tt>-- Subject: A new session 5 has been created
for user root</tt><tt><br>
</tt><tt>-- Defined-By: systemd</tt><tt><br>
</tt><tt>-- Support: <a moz-do-not-send="true"
href="http://lists.freedesktop.org/mailman/listinfo/systemd-devel"
target="_blank">http://lists.freedesktop.org/mailman/listinfo/systemd-devel</a></tt><tt><br>
</tt><tt>-- Documentation: <a moz-do-not-send="true"
href="http://www.freedesktop.org/wiki/Software/systemd/multiseat"
target="_blank">http://www.freedesktop.org/wiki/Software/systemd/multiseat</a></tt><tt><br>
</tt><tt>-- </tt><tt><br>
</tt><tt>-- A new session with the ID 5 has been
created for the user root.</tt><tt><br>
</tt><tt>-- </tt><tt><br>
</tt><tt>-- The leading process of the session is
1855.</tt><tt><br>
</tt><tt>May 19 06:47:00 <a moz-do-not-send="true"
href="http://ipa1.foo.net" target="_blank">ipa1.foo.net</a>
systemd[1]: Started Session 5 of user root.</tt><tt><br>
</tt><tt>-- Subject: Unit session-5.scope has finished
start-up</tt><tt><br>
</tt><tt>-- Defined-By: systemd</tt><tt><br>
</tt><tt>-- Support: <a moz-do-not-send="true"
href="http://lists.freedesktop.org/mailman/listinfo/systemd-devel"
target="_blank">http://lists.freedesktop.org/mailman/listinfo/systemd-devel</a></tt><tt><br>
</tt><tt>-- </tt><tt><br>
</tt><tt>-- Unit session-5.scope has finished starting
up.</tt><tt><br>
</tt><tt>-- </tt><tt><br>
</tt><tt>-- The start-up result is done.</tt><tt><br>
</tt><tt>May 19 06:47:00 <a moz-do-not-send="true"
href="http://ipa1.foo.net" target="_blank">ipa1.foo.net</a>
sshd[1855]: pam_unix(sshd:session): session opened
for user root by (uid=0)</tt><tt><br>
</tt><tt>May 19 06:47:03 <a moz-do-not-send="true"
href="http://ipa1.foo.net" target="_blank">ipa1.foo.net</a>
systemd[1]: Stopped 389 Directory Server
WEDGEOFLI-ME..</tt><tt><br>
</tt><tt>-- Subject: Unit <a moz-do-not-send="true"
href="mailto:dirsrv@WEDGEOFLI-ME.service"
target="_blank">dirsrv@WEDGEOFLI-ME.service</a>
has finished shutting down</tt><tt><br>
</tt><tt>-- Defined-By: systemd</tt><tt><br>
</tt><tt>-- Support: <a moz-do-not-send="true"
href="http://lists.freedesktop.org/mailman/listinfo/systemd-devel"
target="_blank">http://lists.freedesktop.org/mailman/listinfo/systemd-devel</a></tt><tt><br>
</tt><tt>-- </tt><tt><br>
</tt><tt>-- Unit <a moz-do-not-send="true"
href="mailto:dirsrv@WEDGEOFLI-ME.service"
target="_blank">dirsrv@WEDGEOFLI-ME.service</a>
has finished shutting down.</tt><tt><br>
</tt><tt>May 19 06:47:03 <a moz-do-not-send="true"
href="http://ipa1.foo.net" target="_blank">ipa1.foo.net</a>
systemd[1]: Stopping 389 Directory Server.</tt><tt><br>
</tt><tt>-- Subject: Unit dirsrv.target has begun
shutting down</tt><tt><br>
</tt><tt>-- Defined-By: systemd</tt><tt><br>
</tt><tt>-- Support: <a moz-do-not-send="true"
href="http://lists.freedesktop.org/mailman/listinfo/systemd-devel"
target="_blank">http://lists.freedesktop.org/mailman/listinfo/systemd-devel</a></tt><tt><br>
</tt><tt>-- </tt><tt><br>
</tt><tt>-- Unit dirsrv.target has begun shutting
down.</tt><tt><br>
</tt><tt>May 19 06:47:03 <a moz-do-not-send="true"
href="http://ipa1.foo.net" target="_blank">ipa1.foo.net</a>
systemd[1]: Stopped target 389 Directory Server.</tt><tt><br>
</tt><tt>-- Subject: Unit dirsrv.target has finished
shutting down</tt><tt><br>
</tt><tt>-- Defined-By: systemd</tt><tt><br>
</tt><tt>-- Support: <a moz-do-not-send="true"
href="http://lists.freedesktop.org/mailman/listinfo/systemd-devel"
target="_blank">http://lists.freedesktop.org/mailman/listinfo/systemd-devel</a></tt><span
class="HOEnZb"><font color="#888888"><tt><br>
</tt><tt>-- </tt><tt><br>
</tt><tt>-- Unit dirsrv.target has finished
shutting down.</tt><tt><br>
</tt><tt>[root@ipa1 ~]#</tt><br>
<div><br>
Any thoughts on where to look next? There's
nothing at all logged in /var/log/krb5kdc.log
when I try to start it up, and there are so many
pieces to this that I'm not sure where to focus
my efforts.<br>
<br>
Thanks!<br>
<br>
<br>
-- <br>
<div><b>Bret Wortman</b></div>
<div><img
src="cid:part30.08040309.03030801@damascusgrp.com"
height="53/" width="200"><br>
</div>
<div><a moz-do-not-send="true"
href="http://damascusgrp.com/"
target="_blank">http://damascusgrp.com/</a><br>
</div>
<div><a moz-do-not-send="true"
href="http://about.me/wortmanbret"
target="_blank">http://about.me/wortmanbret</a><br>
<br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</font></span></blockquote>
<br>
</div>
<br>
_______________________________________________<br>
Freeipa-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<br>
</body>
</html>