rpm -qa | grep krb5 pam_krb5-2.3.11-9.el6.x86_64 *krb5-server-1.10.3-10.el6_4.6.x86_64* krb5-libs-1.10.3-10.el6_4.6.x86_64 krb5-workstation-1.10.3-10.el6_4.6.x86_64
I don't see any segfaults in messages. /var/log/dirsrv/slapd-MIOVISION-LINUX/errors looks pretty clean: 389-Directory/1.2.11.15 B2013.337.1530 ipa1.miovision.linux:389 (/etc/dirsrv/slapd-MIOVISION-LINUX) [04/Feb/2014:15:39:54 -0500] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [04/Feb/2014:15:39:54 -0500] - check_and_set_import_cache: pagesize: 4096, pages: 1497738, procpages: 51916 [04/Feb/2014:15:39:54 -0500] - Import allocates 2396380KB import cache. [04/Feb/2014:15:39:55 -0500] - import userRoot: Beginning import job... [04/Feb/2014:15:39:55 -0500] - import userRoot: Index buffering enabled with bucket size 100 [04/Feb/2014:15:39:56 -0500] - import userRoot: Processing file "/var/lib/dirsrv/boot.ldif" [04/Feb/2014:15:39:56 -0500] - import userRoot: Finished scanning file "/var/lib/dirsrv/boot.ldif" (1 entries) [04/Feb/2014:15:40:03 -0500] - import userRoot: Workers finished; cleaning up... [04/Feb/2014:15:40:04 -0500] - import userRoot: Workers cleaned up. [04/Feb/2014:15:40:05 -0500] - import userRoot: Cleaning up producer thread... [04/Feb/2014:15:40:05 -0500] - import userRoot: Indexing complete. Post-processing... [04/Feb/2014:15:40:06 -0500] - import userRoot: Generating numSubordinates complete. [04/Feb/2014:15:40:07 -0500] - Nothing to do to build ancestorid index [04/Feb/2014:15:40:08 -0500] - import userRoot: Flushing caches... [04/Feb/2014:15:40:08 -0500] - import userRoot: Closing files... [04/Feb/2014:15:40:10 -0500] - All database threads now stopped [04/Feb/2014:15:40:10 -0500] - import userRoot: Import complete. Processed 1 entries in 15 seconds. (0.07 entries/sec) [04/Feb/2014:15:40:18 -0500] - 389-Directory/1.2.11.15 B2013.337.1530 starting up [04/Feb/2014:15:40:19 -0500] - Db home directory is not set. Possibly nsslapd-directory (optinally nsslapd-db-home-directory) is missing in the config file. [04/Feb/2014:15:40:19 -0500] - I'm resizing my cache now...cache was 2453893120 and is now 8000000 [04/Feb/2014:15:40:36 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [04/Feb/2014:15:40:36 -0500] - slapd shutting down - signaling operation threads [04/Feb/2014:15:40:37 -0500] - slapd shutting down - closing down internal subsystems and plugins [04/Feb/2014:15:40:37 -0500] - Waiting for 4 database threads to stop [04/Feb/2014:15:40:38 -0500] - All database threads now stopped [04/Feb/2014:15:40:38 -0500] - slapd stopped. [04/Feb/2014:15:40:40 -0500] - 389-Directory/1.2.11.15 B2013.337.1530 starting up [04/Feb/2014:15:40:41 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [04/Feb/2014:15:40:43 -0500] - The change of nsslapd-ldapilisten will not take effect until the server is restarted [04/Feb/2014:15:41:10 -0500] - Warning: Adding configuration attribute "nsslapd-security" [04/Feb/2014:15:41:13 -0500] - slapd shutting down - signaling operation threads [04/Feb/2014:15:41:14 -0500] - slapd shutting down - waiting for 30 threads to terminate [04/Feb/2014:15:41:14 -0500] - slapd shutting down - closing down internal subsystems and plugins [04/Feb/2014:15:41:15 -0500] - Waiting for 4 database threads to stop [04/Feb/2014:15:41:17 -0500] - All database threads now stopped [04/Feb/2014:15:41:17 -0500] - slapd stopped. [04/Feb/2014:15:41:27 -0500] - 389-Directory/1.2.11.15 B2013.337.1530 starting up [04/Feb/2014:15:41:27 -0500] attrcrypt - No symmetric key found for cipher AES in backend userRoot, attempting to create one... [04/Feb/2014:15:41:28 -0500] attrcrypt - Key for cipher AES successfully generated and stored [04/Feb/2014:15:41:29 -0500] attrcrypt - No symmetric key found for cipher 3DES in backend userRoot, attempting to create one... [04/Feb/2014:15:41:29 -0500] attrcrypt - Key for cipher 3DES successfully generated and stored [04/Feb/2014:15:41:31 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [04/Feb/2014:15:41:31 -0500] - Listening on All Interfaces port 636 for LDAPS requests [04/Feb/2014:15:41:32 -0500] - Listening on /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests [04/Feb/2014:15:42:06 -0500] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which should be added before the CoS Definition. [04/Feb/2014:15:44:31 -0500] - slapd shutting down - signaling operation threads [04/Feb/2014:15:44:33 -0500] - slapd shutting down - closing down internal subsystems and plugins [04/Feb/2014:15:44:44 -0500] - Waiting for 4 database threads to stop [04/Feb/2014:15:44:47 -0500] - All database threads now stopped [04/Feb/2014:15:44:47 -0500] - slapd stopped. [04/Feb/2014:15:44:49 -0500] - 389-Directory/1.2.11.15 B2013.337.1530 starting up [04/Feb/2014:15:44:51 -0500] schema-compat-plugin - warning: no entries set up under cn=computers, cn=compat,dc=miovision,dc=linux [04/Feb/2014:15:44:52 -0500] schema-compat-plugin - warning: no entries set up under cn=ng, cn=compat,dc=miovision,dc=linux [04/Feb/2014:15:44:52 -0500] schema-compat-plugin - warning: no entries set up under ou=sudoers,dc=miovision,dc=linux [04/Feb/2014:15:44:52 -0500] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which should be added before the CoS Definition. [04/Feb/2014:15:44:52 -0500] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=miovision,dc=linux--no CoS Templates found, which should be added before the CoS Definition. [04/Feb/2014:15:44:53 -0500] - slapd started. Listening on All Interfaces port 389 for LDAP requests [04/Feb/2014:15:44:53 -0500] - Listening on All Interfaces port 636 for LDAPS requests [04/Feb/2014:15:44:53 -0500] - Listening on /var/run/slapd-MIOVISION-LINUX.socket for LDAPI requests [04/Feb/2014:15:44:53 -0500] - The change of nsslapd-maxdescriptors will not take effect until the server is restarted [05/Feb/2014:09:51:59 -0500] - slapd shutting down - signaling operation threads [05/Feb/2014:09:51:59 -0500] - slapd shutting down - waiting for 26 threads to terminate [05/Feb/2014:09:52:00 -0500] - slapd shutting down - closing down internal subsystems and plugins [05/Feb/2014:09:52:00 -0500] - Waiting for 4 database threads to stop [05/Feb/2014:09:52:00 -0500] - All database threads now stopped [05/Feb/2014:09:52:00 -0500] - slapd stopped. Thanks, *Steve Dainard * IT Infrastructure Manager Miovision <http://miovision.com/> | *Rethink Traffic* 519-513-2407 ex.250 877-646-8476 (toll-free) *Blog <http://miovision.com/blog> | **LinkedIn <https://www.linkedin.com/company/miovision-technologies> | Twitter <https://twitter.com/miovision> | Facebook <https://www.facebook.com/miovision>* ------------------------------ Miovision Technologies Inc. | 148 Manitou Drive, Suite 101, Kitchener, ON, Canada | N2C 1L3 This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately. On Wed, Feb 5, 2014 at 11:50 AM, Rob Crittenden <rcrit...@redhat.com> wrote: > Steve Dainard wrote: > >> Following this guide: >> https://access.redhat.com/site/documentation/en-US/Red_ >> Hat_Enterprise_Linux/6/html/Identity_Management_Guide/ >> trust-diff-dns-domains.html >> >> STEP 4: >> ipa-server-install --setup-dns -p '<password>' -a '<password>' -r >> MIOVISION.LINUX -n miovision.linux --hostname ipa1.miovision.linux >> --forwarder=10.0.0.2 --forwarder=10.0.0.5 >> >> Server host name [ipa1.miovision.linux]: >> >> Warning: skipping DNS resolution of host ipa1.miovision.linux >> Unable to resolve IP address for host name >> Please provide the IP address to be used for this host name: 10.0.6.3 >> Adding [10.0.6.3 ipa1.miovision.linux] to your /etc/hosts file >> Do you want to configure the reverse zone? [yes]: >> Please specify the reverse zone name [6.0.10.in-addr.arpa.]: >> Using reverse zone 6.0.10.in-addr.arpa. >> >> The IPA Master Server will be configured with: >> Hostname: ipa1.miovision.linux >> IP address: 10.0.6.3 >> Domain name: miovision.linux >> Realm name: MIOVISION.LINUX >> >> BIND DNS server will be configured to serve IPA domain with: >> Forwarders: 10.0.0.2, 10.0.0.5 >> Reverse zone: 6.0.10.in-addr.arpa. >> >> Continue to configure the system with these values? [no]: yes >> >> The following operations may take some minutes to complete. >> Please wait until the prompt is returned. >> >> Configuring NTP daemon (ntpd) >> [1/4]: stopping ntpd >> >> ... >> >> Done configuring directory server (dirsrv). >> Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds >> [1/10]: adding sasl mappings to the directory >> [2/10]: adding kerberos container to the directory >> [3/10]: configuring KDC >> [4/10]: initialize kerberos container >> Failed to initialize the realm container >> [5/10]: adding default ACIs >> [6/10]: creating a keytab for the directory >> Unexpected error - see /var/log/ipaserver-install.log for details: >> CalledProcessError: Command 'kadmin.local -q addprinc -randkey >> ldap/ipa1.miovision.linux@MIOVISION.LINUX -x >> ipa-setup-override-restrictions' returned non-zero exit status 1 >> >> */var/log/ipaserver-install.log* >> >> >> add aci: >> >> (target="ldap:///cn=*,cn=ca_renewal,cn=ipa,cn=etc,dc= >> miovision,dc=linux")(targetattr="userCertificate")(version >> 3.0; acl "Modify CA Certificates for renewals"; allow(write) userdn = >> "ldap:///fqdn=ipa1.miovision.linux,cn=computers,cn= >> accounts,dc=miovision,dc=linux";) >> modifying entry "cn=ipa,cn=etc,dc=miovision,dc=linux" >> modify complete >> >> >> 2014-02-04T20:45:51Z DEBUG stderr=ldap_initialize( >> ldapi://%2Fvar%2Frun%2Fslapd-MIOVISION-LINUX.socket/??base ) >> >> 2014-02-04T20:45:51Z DEBUG duration: 6 seconds >> 2014-02-04T20:45:51Z DEBUG [6/10]: creating a keytab for the directory >> 2014-02-04T20:45:51Z DEBUG args=kadmin.local -q addprinc -randkey >> ldap/ipa1.miovision.linux@MIOVISION.LINUX -x ipa-setup-override- >> restrictions >> 2014-02-04T20:45:51Z DEBUG stdout=Authenticating as principal >> root/admin@MIOVISION.LINUX with password. >> >> 2014-02-04T20:45:51Z DEBUG stderr=kadmin.local: No such entry in the >> database while initializing kadmin.local interface >> >> 2014-02-04T20:45:51Z INFO File >> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", >> line 614, in run_script >> return_value = main_function() >> >> File "/usr/sbin/ipa-server-install", line 1024, in main >> subject_base=options.subject) >> >> File >> "/usr/lib/python2.6/site-packages/ipaserver/install/krbinstance.py", >> line 183, in create_instance >> self.start_creation(runtime=30) >> >> File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", >> line 358, in start_creation >> method() >> >> File >> "/usr/lib/python2.6/site-packages/ipaserver/install/krbinstance.py", >> line 386, in __create_ds_keytab >> installutils.kadmin_addprinc(ldap_principal) >> >> File >> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", >> line 369, in kadmin_addprinc >> kadmin("addprinc -randkey " + principal) >> >> File >> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", >> line 366, in kadmin >> "-x", "ipa-setup-override-restrictions"]) >> >> File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line >> 316, in run >> raise CalledProcessError(p.returncode, args) >> >> 2014-02-04T20:45:51Z INFO The ipa-server-install command failed, >> exception: CalledProcessError: Command 'kadmin.local -q addprinc >> -randkey ldap/ipa1.miovision.linux@MIOVISION.LINUX -x >> ipa-setup-override-restrictions' returned non-zero exit status 1 >> >> > Steve sent me the logs out-of-band. I think the problem is an earlier > failure after generating the master key: > > 2014-02-04T20:45:45Z DEBUG args=kdb5_util create -s -r MIOVISION.LINUX -x > ipa-setup-override-restrictions > 2014-02-04T20:45:45Z DEBUG stdout=Loading random data > Initializing database '/var/kerberos/krb5kdc/principal' for realm > 'MIOVISION.LINUX', > master key name 'K/M@MIOVISION.LINUX' > You will be prompted for the database Master Password. > It is important that you NOT FORGET this password. > Enter KDC database master key: > Re-enter KDC database master key to verify: > > > 2014-02-04T20:45:45Z DEBUG stderr=kdb5_util: add.c:124: ldap_add_ext: > Assertion `ld != ((void *)0)' failed. > > What version of krb5_server is installed? Does /var/log/messages indicate > a segfault? Are there any failures in /var/log/dirsrv/slapd- > MIOVISION-LINUX/errors? > > rob >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users