Hello all! On my replica IPA server after fixing a cert issue that had been going on for sometime, I have all my certs figured out but the krb5kdc service will not start.
# service krb5kdc start Starting Kerberos 5 KDC: krb5kdc: cannot initialize realm ITMODEV.GOV - see log file for details [FAILED] # cat /var/log/krb5kdc.log krb5kdc: Server error - while fetching master key K/M for realm ITMODEV.GOV krb5kdc: Server error - while fetching master key K/M for realm ITMODEV.GOV krb5kdc: Server error - while fetching master key K/M for realm ITMODEV.GOV I found this article online: http://research.imb.uq.edu.au/~l.rathbone/ldap/kerberos.shtml Which stated it might be because The slave KDC does not have a stash file (.k5.EXAMPLE.COM). You need to create one. Tried the command listed: # kdb5_util stash kdb5_util: Server error while retrieving master entry No further information found on the proceeding error above for the kdb5_util command. Any thoughts?
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
