Brian J. Murrell wrote:
I have a FreeIPA server set up on EL 6.4 with the following package versions:ipa-admintools-3.0.0-26.el6_4.4.x86_64 krb5-libs-1.10.3-10.el6_4.6.x86_64 ipa-server-selinux-3.0.0-26.el6_4.4.x86_64 ipa-client-3.0.0-26.el6_4.4.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch krb5-server-1.10.3-10.el6_4.6.x86_64 ipa-server-3.0.0-26.el6_4.4.x86_64 krb5-workstation-1.10.3-10.el6_4.6.x86_64 ipa-python-3.0.0-26.el6_4.4.x86_64 When I try to start it the startup fails: # ipactl start Starting Directory Service Starting dirsrv: EXAMPLE-COM... [ OK ] PKI-IPA... [ OK ] Starting KDC Service Starting Kerberos 5 KDC: krb5kdc: cannot initialize realm EXAMPLE.COM - see log file for details [FAILED] Failed to start KDC Service Shutting down Stopping Kerberos 5 KDC: [FAILED] Stopping Kerberos 5 Admin Server: [FAILED] Stopping httpd: [FAILED] Stopping pki-ca: [ OK ] Shutting down dirsrv: EXAMPLE-COM... [ OK ] PKI-IPA... [ OK ] Aborting ipactl So trying to start krb5kdc: # service krb5kdc start Starting Kerberos 5 KDC: krb5kdc: cannot initialize realm EXAMPLE.COM - see log file for details [FAILED] Unfortunately there is nothing in /var/log/krb5kdc.log. Looking in /var/log/messages I see: Oct 3 08:28:25 ipa0 krb5kdc[26676]: No such file or directory - while initializing database for realm EXAMPLE.COM Unfortunately it doesn't tell us which file is missing. Strace helps here though: # strace -f /usr/sbin/krb5kdc -r EXAMPLE.COM -P /var/run/krb5kdc.pid ... open("/var/kerberos/krb5kdc/principal", O_RDONLY) = -1 ENOENT (No such file or directory) gettimeofday({1380814261, 82991}, NULL) = 0 open("/etc/localtime", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 fstat(4, {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f095f58d000 read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., 4096) = 2819 lseek(4, -1802, SEEK_CUR) = 1017 read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\5\0\0\0\0"..., 4096) = 1802 close(4) = 0 munmap(0x7f095f58d000, 4096) = 0 sendto(3, "<35>Oct 3 08:31:01 krb5kdc[2669"..., 115, MSG_NOSIGNAL, NULL, 0) = 115 munmap(0x7f0956c7e000, 2200608) = 0 write(2, "krb5kdc: cannot initialize realm"..., 74krb5kdc: cannot initialize realm EXAMPLE.COM - see log file for details ) = 74 exit_group(1) = ? Sure enough /var/kerberos/krb5kdc/principal doesn't exist. I have no idea why though and no backup to restore from, yet. Was still in the process of setting this machine up. Is this a known issue? Any theories on why it went missing? And most importantly, any ideas on my recovery process here? Do I have to throw my KRB5 database away and start from scratch?
Can clues on how it got to this point? Files changed, etc? What does the dbmodules section of /etc/krb5.conf look like? rob _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
