Re: [Freeipa-users] krb5kdc: Server error
On 04/08/2015 06:54 AM, Ben .T.George wrote:
HI Traino,
thanks for the info
i have checked the hots and confirmed that entry was
format
And the DNS everything is working
[root@kwtprsolipa01 slapd-SUN-LOCAL]# for i in _ldap._tcp
_kerberos._tcp _kerberos._udp _kerberos-master._tcp
_kerberos-master._udp _ntp._udp; do echo ""; dig @mha.local
${i}.SUN.LOCAL srv +nocmd +noquestion +nocomments +nostats +noaa
+noadditional +noauthority; done | egrep -v "^;" | egrep _
_ldap._tcp.SUN.LOCAL. 21965 IN SRV 0 100 389
kwtprsolipa01.sun.local.
_kerberos._tcp.SUN.LOCAL. 1957 IN SRV 0 100 88
kwtprsolipa01.sun.local.
_kerberos._udp.SUN.LOCAL. 86400 IN SRV 0 100 88
kwtprsolipa01.sun.local.
_kerberos-master._tcp.SUN.LOCAL. 86400 IN SRV 0 100 88
kwtprsolipa01.sun.local.
_kerberos-master._udp.SUN.LOCAL. 9112 IN SRV0 100 88
kwtprsolipa01.sun.local.
_ntp._udp.SUN.LOCAL.86400 IN SRV 0 100 123
kwtprsolipa01.sun.local.
[root@kwtprsolipa01 slapd-SUN-LOCAL]# for i in _ldap._tcp
_kerberos._tcp _kerberos._udp _kerberos-master._tcp
_kerberos-master._udp _ntp._udp; do echo ""; dig @mha.local
${i}.MHA.LOCAL srv +nocmd +noquestion +nocomments +nostats +noaa
+noadditional +noauthority; done | egrep -v "^;" | egrep _
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
dxbprdc002.mha.local.
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
kwtprdc001.mha.local.
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
dxbprdc001.mha.local.
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
rusmosprdc002.mha.local.
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
kwtprdc002.mha.local.
_kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
kwtprdc001.mha.local.
_kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
dxbprdc002.mha.local.
_kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
dxbprdc001.mha.local.
_kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
kwtprdc002.mha.local.
_kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
kwtprdc002.mha.local.
_kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
dxbprdc002.mha.local.
_kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
kwtprdc001.mha.local.
_kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
dxbprdc001.mha.local.
[root@kwtprsolipa01 slapd-SUN-LOCAL]# host 172.16.99.99
99.99.16.172.in-addr.arpa domain name pointer kwtprsolipa01.sun.local.
[root@kwtprsolipa01 slapd-SUN-LOCAL]# host kwtprsolipa01.sun.local
kwtprsolipa01.sun.local has address 172.16.99.99
[root@kwtprsolipa01 slapd-SUN-LOCAL]# host mha.local
mha.local has address 172.16.98.171
mha.local has address 172.16.100.180
mha.local has address 10.10.10.11
mha.local has address 10.10.10.10
[root@kwtprsolipa01 slapd-SUN-LOCAL]# dig kwtprsolipa01.sun.local
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7 <<>> kwtprsolipa01.sun.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23767
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;kwtprsolipa01.sun.local. IN A
;; ANSWER SECTION:
kwtprsolipa01.sun.local. 38 IN A 172.16.99.99
;; Query time: 0 msec
;; SERVER: 172.16.100.180#53(172.16.100.180)
;; WHEN: Wed Apr 08 13:54:02 AST 2015
;; MSG SIZE rcvd: 68
On Wed, Apr 8, 2015 at 1:27 PM, Traiano Welcome > wrote:
Hi Ben
On Wed, Apr 8, 2015 at 12:39 PM, Ben .T.George
mailto:bentech4...@gmail.com>> wrote:
> HI
>
> i am getting krb5kdc: Server error on ligs:
>
> krb5kdc: Server error - while fetching master key K/M for realm
SUN.LOCAL
>
> and the ipactl status is taking long time. Web interface is not
able to
> athenticate.
>
> If i issue ipactl restart, noting is happening
>
> to solve this issue currently i am restarting full server..
>
>
> How can i fix this?
>
Check the tail-end of this thread:
https://www.redhat.com/archives/freeipa-users/2015-April/msg00011.html
You may want to begin by checking /etc/hosts for the right format ( ).
DNS is probably the very next thing you want to check... thoroughly.
> Regards,
> Ben
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
Anything in the DS logs?
The DS might not be starting because there is not enough space or some
file corruption.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] krb5kdc: Server error
HI Traino,
thanks for the info
i have checked the hots and confirmed that entry was
format
And the DNS everything is working
[root@kwtprsolipa01 slapd-SUN-LOCAL]# for i in _ldap._tcp _kerberos._tcp
_kerberos._udp _kerberos-master._tcp _kerberos-master._udp _ntp._udp; do
echo ""; dig @mha.local ${i}.SUN.LOCAL srv +nocmd +noquestion +nocomments
+nostats +noaa +noadditional +noauthority; done | egrep -v "^;" | egrep _
_ldap._tcp.SUN.LOCAL. 21965 IN SRV 0 100 389
kwtprsolipa01.sun.local.
_kerberos._tcp.SUN.LOCAL. 1957 IN SRV 0 100 88
kwtprsolipa01.sun.local.
_kerberos._udp.SUN.LOCAL. 86400 IN SRV 0 100 88
kwtprsolipa01.sun.local.
_kerberos-master._tcp.SUN.LOCAL. 86400 IN SRV 0 100 88
kwtprsolipa01.sun.local.
_kerberos-master._udp.SUN.LOCAL. 9112 IN SRV0 100 88
kwtprsolipa01.sun.local.
_ntp._udp.SUN.LOCAL.86400 IN SRV 0 100 123
kwtprsolipa01.sun.local.
[root@kwtprsolipa01 slapd-SUN-LOCAL]# for i in _ldap._tcp _kerberos._tcp
_kerberos._udp _kerberos-master._tcp _kerberos-master._udp _ntp._udp; do
echo ""; dig @mha.local ${i}.MHA.LOCAL srv +nocmd +noquestion +nocomments
+nostats +noaa +noadditional +noauthority; done | egrep -v "^;" | egrep _
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
dxbprdc002.mha.local.
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
kwtprdc001.mha.local.
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
dxbprdc001.mha.local.
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
rusmosprdc002.mha.local.
_ldap._tcp.MHA.LOCAL. 600 IN SRV 0 100 389
kwtprdc002.mha.local.
_kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
kwtprdc001.mha.local.
_kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
dxbprdc002.mha.local.
_kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
dxbprdc001.mha.local.
_kerberos._tcp.MHA.LOCAL. 600 IN SRV 0 100 88
kwtprdc002.mha.local.
_kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
kwtprdc002.mha.local.
_kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
dxbprdc002.mha.local.
_kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
kwtprdc001.mha.local.
_kerberos._udp.MHA.LOCAL. 600 IN SRV 0 100 88
dxbprdc001.mha.local.
[root@kwtprsolipa01 slapd-SUN-LOCAL]# host 172.16.99.99
99.99.16.172.in-addr.arpa domain name pointer kwtprsolipa01.sun.local.
[root@kwtprsolipa01 slapd-SUN-LOCAL]# host kwtprsolipa01.sun.local
kwtprsolipa01.sun.local has address 172.16.99.99
[root@kwtprsolipa01 slapd-SUN-LOCAL]# host mha.local
mha.local has address 172.16.98.171
mha.local has address 172.16.100.180
mha.local has address 10.10.10.11
mha.local has address 10.10.10.10
[root@kwtprsolipa01 slapd-SUN-LOCAL]# dig kwtprsolipa01.sun.local
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7 <<>> kwtprsolipa01.sun.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23767
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;kwtprsolipa01.sun.local. IN A
;; ANSWER SECTION:
kwtprsolipa01.sun.local. 38 IN A 172.16.99.99
;; Query time: 0 msec
;; SERVER: 172.16.100.180#53(172.16.100.180)
;; WHEN: Wed Apr 08 13:54:02 AST 2015
;; MSG SIZE rcvd: 68
On Wed, Apr 8, 2015 at 1:27 PM, Traiano Welcome wrote:
> Hi Ben
>
>
>
> On Wed, Apr 8, 2015 at 12:39 PM, Ben .T.George
> wrote:
> > HI
> >
> > i am getting krb5kdc: Server error on ligs:
> >
> > krb5kdc: Server error - while fetching master key K/M for realm SUN.LOCAL
> >
> > and the ipactl status is taking long time. Web interface is not able to
> > athenticate.
> >
> > If i issue ipactl restart, noting is happening
> >
> > to solve this issue currently i am restarting full server..
> >
> >
> > How can i fix this?
> >
>
> Check the tail-end of this thread:
>
> https://www.redhat.com/archives/freeipa-users/2015-April/msg00011.html
>
> You may want to begin by checking /etc/hosts for the right format ( address> ).
> DNS is probably the very next thing you want to check... thoroughly.
>
>
>
>
>
>
> > Regards,
> > Ben
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] krb5kdc: Server error
Hi Ben On Wed, Apr 8, 2015 at 12:39 PM, Ben .T.George wrote: > HI > > i am getting krb5kdc: Server error on ligs: > > krb5kdc: Server error - while fetching master key K/M for realm SUN.LOCAL > > and the ipactl status is taking long time. Web interface is not able to > athenticate. > > If i issue ipactl restart, noting is happening > > to solve this issue currently i am restarting full server.. > > > How can i fix this? > Check the tail-end of this thread: https://www.redhat.com/archives/freeipa-users/2015-April/msg00011.html You may want to begin by checking /etc/hosts for the right format ( ). DNS is probably the very next thing you want to check... thoroughly. > Regards, > Ben > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
