Hello, OK I now understand that it's ipa service which is not starting at boot.
The service status gives : # service ipa status Redirecting to /bin/systemctl status ipa.service ● ipa.service - Identity, Policy, Audit Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2019-09-04 23:34:20 CEST; 6min ago Process: 990 ExecStart=/usr/sbin/ipactl start (code=exited, status=1/FAILURE) Main PID: 990 (code=exited, status=1/FAILURE) Sep 04 23:33:36 srv2.rhce.local systemd[1]: Starting Identity, Policy, Audit... Sep 04 23:34:20 srv2.rhce.local ipactl[990]: Failed to start Directory Service: [Errno 2] No such file or directory: '/var/run/ipa/services.list' Sep 04 23:34:20 srv2.rhce.local ipactl[990]: Starting Directory Service Sep 04 23:34:20 srv2.rhce.local systemd[1]: ipa.service: main process exited, code=exited, status=1/FAILURE Sep 04 23:34:20 srv2.rhce.local systemd[1]: Failed to start Identity, Policy, Audit. Sep 04 23:34:20 srv2.rhce.local systemd[1]: Unit ipa.service entered failed state. Sep 04 23:34:20 srv2.rhce.local systemd[1]: ipa.service failed. Shouldn't /var/run/ipa/services.list be created during the replica installation ? Le mer. 4 sept. 2019 à 17:53, Florence Blanc-Renaud <f...@redhat.com> a écrit : > On 9/4/19 12:02 AM, danielle lampert via FreeIPA-users wrote: > > > > Hello, > > > > I'm running freeipa 4.5.0-20 on CentOS Linux release 7.4.1708 (Core) > > > > I've noticed that when rebooting my replica, things are not working > > anymore on this replica, as I can't get a kinit work for example. > > It seems that services are disabled by default and I wonder if this is > > normal ? Should we enable these services manually ? > > After restarting everything with an ipactl command, it then is working. > > > Hi, > > it's normal that kadmin.service is disabled because it will be started > as part of the ipa.service unit. > > You will probably find the reason why kadmin failed to start after the > reboot in the journal, or in /var/log/kadmind.log. There was a known > issue if rpcbind service is already taking the 749 port > (https://bugzilla.redhat.com/show_bug.cgi?id=1592883) > > flo > > > Thanks in advance for your answers, below are my commands and their > results. > > > > D.L. > > > > > > # kinit admin > > kinit: Cannot contact any KDC for realm 'IPB.RHCE.LOCAL' while getting > > initial credentials > > > > # systemctl status kadmin.service > > ● kadmin.service - Kerberos 5 Password-changing and Administration > > Loaded: loaded (/usr/lib/systemd/system/kadmin.service; disabled; > > vendor preset: disabled) > > Active: inactive (dead) > > > > # ipactl status > > Directory Service: RUNNING > > krb5kdc Service: STOPPED > > kadmin Service: STOPPED > > httpd Service: STOPPED > > ipa-custodia Service: STOPPED > > ntpd Service: STOPPED > > pki-tomcatd Service: STOPPED > > ipa-otpd Service: STOPPED > > ipa: INFO: The ipactl command was successful > > > > # ipactl restart > > Failed to get service list from file: Unknown error when retrieving list > > of services from file: [Errno 2] No such file or directory: > > '/var/run/ipa/services.list' > > Restarting Directory Service > > Restarting krb5kdc Service > > Restarting kadmin Service > > Restarting httpd Service > > Restarting ipa-custodia Service > > Restarting ntpd Service > > Restarting pki-tomcatd Service > > Restarting ipa-otpd Service > > ipa: INFO: The ipactl command was successful > > > > # kinit admin > > Password for ad...@ipb.rhce.LOCAL: > > > > # klist > > Ticket cache: KEYRING:persistent:0:0 > > Default principal: ad...@ipb.rhce.LOCAL > > > > Valid starting Expires Service principal > > 03/09/19 23:55:09 04/09/19 23:55:08 > krbtgt/ipb.rhce.lo...@ipb.rhce.LOCAL > > > > > > > > _______________________________________________ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org