Thank you for your answer. There is no record in the /var/log/dirsrv/slapd-REALM/access logfile at the time of `ipact start`, which means it didn't even get to the query.
To get kinit and ldapsearch to work I had to reinstall ipa, when I do I get a valid kerberos token and a good result, see at the bottom. Then I try `ipactl restart` and I get the same bug again, now the services are down and I can't bring them up, unless I reinstall. My team is trying different installation methods and OSes, maybe we can figure it out. Any help is appreciated. [root@ipa-innovation slapd-PRIVATE-ACUS-EU]# klist Ticket cache: KCM:0 Default principal: [email protected] Valid starting Expires Service principal 05/09/2024 15:39:44 05/10/2024 15:04:45 krbtgt/[email protected] [root@ipa-innovation slapd-PRIVATE-ACUS-EU]# ldapsearch -o ldif-wrap=no -LLL -Q -Y GSSAPI -b cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu "(&(objectClass=ipaConfigObject)(|(ipaConfigString=enabledService)(ipaConfigString=hiddenService)))" cn ipaConfigString dn: cn=KDC,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu cn: KDC ipaConfigString: startOrder 10 ipaConfigString: pacTktSignSupported ipaConfigString: kdcProxyEnabled ipaConfigString: enabledService dn: cn=KPASSWD,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu cn: KPASSWD ipaConfigString: startOrder 20 ipaConfigString: enabledService dn: cn=KEYS,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu cn: KEYS ipaConfigString: startOrder 41 ipaConfigString: enabledService dn: cn=OTPD,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu cn: OTPD ipaConfigString: startOrder 80 ipaConfigString: enabledService dn: cn=HTTP,cn=ipa-innovation.private.acus.eu,cn=masters,cn=ipa,cn=etc,dc=private,dc=acus,dc=eu cn: HTTP ipaConfigString: startOrder 40 ipaConfigString: enabledService -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
