Hi List I've just tried to restart my IPA services after recently adding a new replica (0 configuration changes on the IPA server otherwise!), but ipactl fails when starting up named:
--- [root@lolpr-xyz-mstr slapd-XYZ-LOCAL]# ipactl start Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting named Service Job for named.service failed. See 'systemctl status named.service' and 'journalctl -xn' for details. Failed to start named Service Shutting down Aborting ipactl --- I then manual start named service and try again, but then smb service fails: --- [root@lolpr-xyz-mstr ~]# ipactl start Existing service file detected! Assuming stale, cleaning and proceeding Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting named Service Starting ipa_memcached Service Starting httpd Service Starting pki-tomcatd Service Starting smb Service Job for smb.service failed. See 'systemctl status smb.service' and 'journalctl -xn' for details. Failed to start smb Service Shutting down Aborting ipactl --- systemctl status shows the following output for smb.service: --- [root@lolpr-xyz-mstr ~]# systemctl -l status smb.service smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled) Active: failed (Result: exit-code) since Wed 2015-04-01 09:21:10 AST; 1min 14s ago Process: 4662 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, status=1/FAILURE) Main PID: 4662 (code=exited, status=1/FAILURE) Status: "Starting process..." CGroup: /system.slice/smb.service Apr 01 09:21:09 lolpr-xyz-mstr.xyz.local smbd[4662]: GSSAPI client step 1 Apr 01 09:21:09 lolpr-xyz-mstr.xyz.local smbd[4662]: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server ldap/[email protected] not found in Kerberos database) Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local smbd[4662]: [2015/04/01 09:21:10.211028, 0] ipa_sam.c:4440(pdb_init_ipasam) Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local smbd[4662]: Failed to get base DN. Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local smbd[4662]: [2015/04/01 09:21:10.211210, 0] ../source3/passdb/pdb_interface.c:178(make_pdb_method_name) Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local smbd[4662]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-XYZ-LOCAL.socket did not correctly init (error was NT_STATUS_UNSUCCESSFUL) Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local systemd[1]: Failed to start Samba SMB Daemon. Apr 01 09:21:10 lolpr-xyz-mstr.xyz.local systemd[1]: Unit smb.service entered failed state. Apr 01 09:21:12 lolpr-xyz-mstr.xyz.local systemd[1]: Stopped Samba SMB Daemon. --- I manually try to start the smb service as follows, but can't (Of course the directory service is not up, so there's a little catch22 there and this many not mean much): --- [root@lolpr-xyz-mstr slapd-XYZ-LOCAL]# systemctl status smb.service smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled) Active: failed (Result: exit-code) since Wed 2015-04-01 09:50:38 AST; 57s ago Process: 8089 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, status=1/FAILURE) Main PID: 8089 (code=exited, status=1/FAILURE) Status: "Starting process..." Apr 01 09:50:36 lolpr-xyz-mstr.xyz.local smbd[8089]: kerberos error: code=-1765328228, message=Cannot contact any KDC for realm 'XYZ.LOCAL' Apr 01 09:50:37 lolpr-xyz-mstr.xyz.local smbd[8089]: [2015/04/01 09:50:37.573772, 0] ipa_sam.c:4128(bind_callback_cleanup) Apr 01 09:50:37 lolpr-xyz-mstr.xyz.local smbd[8089]: kerberos error: code=-1765328228, message=Cannot contact any KDC for realm 'XYZ.LOCAL' Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local smbd[8089]: [2015/04/01 09:50:38.574722, 0] ipa_sam.c:4440(pdb_init_ipasam) Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local smbd[8089]: Failed to get base DN. Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local smbd[8089]: [2015/04/01 09:50:38.574903, 0] ../source3/passdb/pdb_interface.c:178(make_pdb_method_name) Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local smbd[8089]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-XYZ-LOCAL.socket did not correctly init (error was NT_STATUS_UNSUCCESSFUL) Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local systemd[1]: Failed to start Samba SMB Daemon. Apr 01 09:50:38 lolpr-xyz-mstr.xyz.local systemd[1]: Unit smb.service entered failed state. [root@lolpr-xyz-mstr slapd-XYZ-LOCAL]# --- Please could someone advise me on how to drill deeper into debugging this issue to get ipactl to start ? NOTES: - This server is successfully in a Trust relationship with ActiveDirectory. - There are a number of replicas established which have been working fine til this morning - Another replica was added around the time of the failure using the same steps as usual (not sure how this could be related) Many thanks in advance, Traiano -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
