> This doesn't . You are forcefull going back in time. As long as it
> doesn't prevent named from starting and at least limping along then it
> isn't worth pursuing until the certs are renewed.
I can confirm that going back in time prevents named running. It looks it's
active but with errors. The returning to the present, service doesn't have any
errors.
[root@ca-ldap04 ca]# systemctl status -l named-pkcs11.service
named-pkcs11.service - Berkeley Internet Name Domain (DNS) with native PKCS#11
Loaded: loaded (/usr/lib/systemd/system/named-pkcs11.service; disabled;
vendor preset: disabled)
Active: active (running) since Tue 2018-10-30 21:41:43 PDT; 2 months 19 days
left
Process: 24525 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 ||
/bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 32575 ExecStart=/usr/sbin/named-pkcs11 -u named $OPTIONS
(code=exited, status=0/SUCCESS)
Process: 32571 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" ==
"yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking
of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 32576 (named-pkcs11)
CGroup: /system.slice/named-pkcs11.service
└─32576 /usr/sbin/named-pkcs11 -u named
Aug 11 20:24:32 ca-ldap04 named-pkcs11[32576]: GSSAPI client step 1
Aug 11 20:24:32 ca-ldap04 named-pkcs11[32576]: GSSAPI client step 1
Aug 11 20:24:32 ca-ldap04 named-pkcs11[32576]: GSSAPI Error: Unspecified GSS
failure. Minor code may provide more information (Ticket not yet valid)
Aug 11 20:24:32 ca-ldap04.domain.com named-pkcs11[32576]: LDAP error: Local
error: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor
code may provide more information (Ticket not yet valid): bind to LDAP server
failed
Aug 11 20:24:32 ca-ldap04 named-pkcs11[32576]: ldap_syncrepl will reconnect in
60 seconds
Aug 11 20:25:32 ca-ldap04 named-pkcs11[32576]: GSSAPI client step 1
Aug 11 20:25:32 ca-ldap04 named-pkcs11[32576]: GSSAPI client step 1
Aug 11 20:25:32 ca-ldap04 named-pkcs11[32576]: GSSAPI Error: Unspecified GSS
failure. Minor code may provide more information (Ticket not yet valid)
Aug 11 20:25:32 ca-ldap04 named-pkcs11[32576]: LDAP error: Local error:
SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code
may provide more information (Ticket not yet valid): bind to LDAP server failed
Aug 11 20:25:32 ca-ldap04 named-pkcs11[32576]: ldap_syncrepl will reconnect in
60 seconds
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
