Polavarapu Manideep Sai via FreeIPA-users wrote: > Hi Team, > > > > Krb5kdc and kadmin services not getting started > > > > PFB error logs > > > > As you can see we are getting Kerberos User Principal not found. Do you > have a valid Credential Cache? upon getting new keytab > > > > > > [root@dir ~]# tail -f /var/log/krb5kdc.log > > > > krb5kdc: Server error - while fetching master key K/M for realm > IPA.DOMAIN.COM > > krb5kdc: Server error - while fetching master key K/M for realm > IPA.DOMAIN.COM > > krb5kdc: Server error - while fetching master key K/M for realm > IPA.DOMAIN.COM > > krb5kdc: Server error - while fetching master key K/M for realm > IPA.DOMAIN.COM > > krb5kdc: Server error - while fetching master key K/M for realm > IPA.DOMAIN.COM > > krb5kdc: Server error - while fetching master key K/M for realm > IPA.DOMAIN.COM > > krb5kdc: Server error - while fetching master key K/M for realm > IPA.DOMAIN.COM > > krb5kdc: Server error - while fetching master key K/M for realm > IPA.DOMAIN.COM > > krb5kdc: Server error - while fetching master key K/M for realm > IPA.DOMAIN.COM > > krb5kdc: Server error - while fetching master key K/M for realm > IPA.DOMAIN.COM
Ensure that your 389-ds server is running. The Kerberos master key is stored in LDAP so if that isn't running nothing else will work. rob > > > > ------------------------------------------------------------------------------------------------------- > > > > [root@dir ~]# > > [root@dir ~]# > > [root@dir ~]# tail -f /var/log/kadmind.log > > > > Jul 24 19:49:57 dir.IPA.DOMAIN.COM kadmind[211105](Error): Server error > while initializing, aborting > > > > Jul 24 19:56:29 dir.IPA.DOMAIN.COM kadmind[2807](Error): Server error > while initializing, aborting > > > > Jul 24 20:50:50 dir.IPA.DOMAIN.COM kadmind[5803](Error): Server error > while initializing, aborting > > > > Jul 24 20:55:02 dir.IPA.DOMAIN.COM kadmind[6560](Error): Server error > while initializing, aborting > > > > Jul 24 21:39:45 dir.IPA.DOMAIN.COM kadmind[9520](Error): Server error > while initializing, aborting > > > > > > ---------------------------------------------------------------------------------------------------------- > > > > [root@dir ~]# > > [root@dir ~]# > > [root@dir ~]# klist -kt > > Keytab name: FILE:/etc/krb5.keytab > > KVNO Timestamp Principal > > ---- ------------------- > ------------------------------------------------------ > > 1 05/14/2019 13:23:12 host/dir.ipa.domain....@ipa.domain.com > > 1 05/14/2019 13:23:12 host/dir.ipa.domain....@ipa.domain.com > > > > ---------------------------------------------------------------------------------------------------------- > > [root@dir ~]# > > [root@dir ~]# > > [root@dir ~]# mv /etc/krb5.keytab /etc/krb5.keytab-bak > > [root@dir ~]# > > > > ------------------------------------------------------------------------------------------------------------ > > > > [root@dir ~]# ipa-getkeytab -s central01.ipa.domain.com -p > host/dir.ipa.domain....@ipa.domain.com -k > /etc/krb5.keytab > > > Kerberos User Principal not found. Do you have a valid Credential Cache? > > [root@dir ~]# > > [root@dir ~]# > > > > > > > > Regards > > Sai > > > ------------------------------------------------------------------------ > > DISCLAIMER: The information in this message is confidential and may be > legally privileged. It is intended solely for the addressee. Access to > this message by anyone else is unauthorized. If you are not the intended > recipient, any disclosure, copying, or distribution of the message, or > any action or omission taken by you in reliance on it, is prohibited and > may be unlawful. Please immediately contact the sender if you have > received this message in error. Further, this e-mail may contain viruses > and all reasonable precaution to minimize the risk arising there from is > taken by OnMobile. OnMobile is not liable for any damage sustained by > you as a result of any virus in this e-mail. All applicable virus checks > should be carried out by you before opening this e-mail or any > attachment thereto. > Thank you - OnMobile Global Limited. > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue