On 04/08/2015 06:54 AM, Ben .T.George wrote:
HI Traino,
thanks for the info
i have checked the hots and confirmed that entry was <ip> <FQDN>
<Alias> format
And the DNS everything is working
[root@kwtprsolipa01 slapd-SUN-LOCAL]# for i in _ldap._tcp
_kerberos._tcp _kerberos._udp _kerberos-master._tcp
_kerberos-master._udp _ntp._udp; do echo ""; dig @mha.local
${i}.SUN.LOCAL srv +nocmd +noquestion +nocomments +nostats +noaa
+noadditional +noauthority; done | egrep -v "^;" | egrep _
_ldap._tcp.SUN.LOCAL. 21965 IN SRV 0 100 389
kwtprsolipa01.sun.local.
_kerberos._tcp.SUN.LOCAL. 1957 IN SRV 0 100 88
kwtprsolipa01.sun.local.
_kerberos._udp.SUN.LOCAL. 86400 IN SRV 0 100 88
kwtprsolipa01.sun.local.
_kerberos-master._tcp.SUN.LOCAL. 86400 IN SRV 0 100 88
kwtprsolipa01.sun.local.
_kerberos-master._udp.SUN.LOCAL. 9112 IN SRV 0 100 88
kwtprsolipa01.sun.local.
_ntp._udp.SUN.LOCAL. 86400 IN SRV 0 100 123
kwtprsolipa01.sun.local.
[root@kwtprsolipa01 slapd-SUN-LOCAL]# for i in _ldap._tcp
_kerberos._tcp _kerberos._udp _kerberos-master._tcp
_kerberos-master._udp _ntp._udp; do echo ""; dig @mha.local
${i}.MHA.LOCAL srv +nocmd +noquestion +nocomments +nostats +noaa
+noadditional +noauthority; done | egrep -v "^;" | egrep _
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
dxbprdc002.mha.local.
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
kwtprdc001.mha.local.
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
dxbprdc001.mha.local.
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
rusmosprdc002.mha.local.
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
kwtprdc002.mha.local.
_kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
kwtprdc001.mha.local.
_kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
dxbprdc002.mha.local.
_kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
dxbprdc001.mha.local.
_kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
kwtprdc002.mha.local.
_kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
kwtprdc002.mha.local.
_kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
dxbprdc002.mha.local.
_kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
kwtprdc001.mha.local.
_kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
dxbprdc001.mha.local.
[root@kwtprsolipa01 slapd-SUN-LOCAL]# host 172.16.99.99
99.99.16.172.in-addr.arpa domain name pointer kwtprsolipa01.sun.local.
[root@kwtprsolipa01 slapd-SUN-LOCAL]# host kwtprsolipa01.sun.local
kwtprsolipa01.sun.local has address 172.16.99.99
[root@kwtprsolipa01 slapd-SUN-LOCAL]# host mha.local
mha.local has address 172.16.98.171
mha.local has address 172.16.100.180
mha.local has address 10.10.10.11
mha.local has address 10.10.10.10
[root@kwtprsolipa01 slapd-SUN-LOCAL]# dig kwtprsolipa01.sun.local
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7 <<>> kwtprsolipa01.sun.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23767
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;kwtprsolipa01.sun.local. IN A
;; ANSWER SECTION:
kwtprsolipa01.sun.local. 38 IN A 172.16.99.99
;; Query time: 0 msec
;; SERVER: 172.16.100.180#53(172.16.100.180)
;; WHEN: Wed Apr 08 13:54:02 AST 2015
;; MSG SIZE rcvd: 68
On Wed, Apr 8, 2015 at 1:27 PM, Traiano Welcome <trai...@gmail.com
<mailto:trai...@gmail.com>> wrote:
Hi Ben
On Wed, Apr 8, 2015 at 12:39 PM, Ben .T.George
<bentech4...@gmail.com <mailto:bentech4...@gmail.com>> wrote:
> HI
>
> i am getting krb5kdc: Server error on ligs:
>
> krb5kdc: Server error - while fetching master key K/M for realm
SUN.LOCAL
>
> and the ipactl status is taking long time. Web interface is not
able to
> athenticate.
>
> If i issue ipactl restart, noting is happening
>
> to solve this issue currently i am restarting full server..
>
>
> How can i fix this?
>
Check the tail-end of this thread:
https://www.redhat.com/archives/freeipa-users/2015-April/msg00011.html
You may want to begin by checking /etc/hosts for the right format (<ip
address> <fqdn> <hostname>).
DNS is probably the very next thing you want to check... thoroughly.
> Regards,
> Ben
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
Anything in the DS logs?
The DS might not be starting because there is not enough space or some
file corruption.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project