Sure I understand that, but this error in /var/log/krb5kdc.log is basically
all I have.
krb5kdc: Server error - while fetching master key K/M for realm GHS.NL
The system is Centos 7. OK, here are some lines from /var/log/messages, if
that helps.
Dec 17 13:43:01 alblas named-pkcs11[9684]: LDAP error: Invalid credentials: bind to LDAP
server failed
Dec 17 13:43:01 alblas named-pkcs11[9684]: couldn't establish connection in LDAP
connection pool: permission denied
Dec 17 13:43:01 alblas named-pkcs11[9684]: dynamic database 'ipa' configuration
failed: permission denied
Dec 17 13:43:01 alblas named-pkcs11[9684]: loading configuration: permission denied
Dec 17 13:43:01 alblas named-pkcs11[9684]: exiting (due to fatal error)
Dec 17 13:43:01 alblas systemd: named-pkcs11.service: control process exited, code=exited
status=1
Dec 17 13:43:01 alblas systemd: Failed to start Berkeley Internet Name Domain (DNS) with
native PKCS#11.
Dec 17 13:43:01 alblas systemd: Unit named-pkcs11.service entered failed state.
Dec 17 13:43:01 alblas systemd: named-pkcs11.service failed.
Dec 17 13:43:01 alblas systemd: Reached target Host and Network Name Lookups.
Dec 17 13:43:01 alblas systemd: Starting Host and Network Name Lookups.
Dec 17 13:43:01 alblas ipactl: Failed to start named Service
Dec 17 13:43:01 alblas ipactl: Shutting down
Dec 17 13:43:01 alblas systemd: Stopping Kerberos 5 KDC...
Dec 17 13:43:01 alblas systemd: Stopped Kerberos 5 KDC.
Dec 17 13:43:01 alblas systemd: Stopping Kerberos 5 Password-changing and
Administration...
Dec 17 13:43:01 alblas systemd: kadmin.service: main process exited, code=exited,
status=2/INVALIDARGUMENT
Dec 17 13:43:01 alblas systemd: Stopped Kerberos 5 Password-changing and Administration.
Dec 17 13:43:01 alblas systemd: Unit kadmin.service entered failed state.
Dec 17 13:43:01 alblas systemd: kadmin.service failed.
Dec 17 13:43:01 alblas systemd: Stopping 389 Directory Server GHS-NL....
Dec 17 13:43:01 alblas ns-slapd: [17/Dec/2018:13:43:01.678884473 +0100] - INFO -
op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 6
max work q size 4 max work q stack size 4
Dec 17 13:43:01 alblas ns-slapd: [17/Dec/2018:13:43:01.737634634 +0100] - INFO -
slapd_daemon - slapd shutting down - waiting for 18 threads to terminate
Dec 17 13:43:01 alblas ns-slapd: [17/Dec/2018:13:43:01.775014892 +0100] - INFO -
slapd_daemon - slapd shutting down - closing down internal subsystems and plugins
Dec 17 13:43:05 alblas ns-slapd: [17/Dec/2018:13:43:05.190616894 +0100] - INFO -
dblayer_pre_close - Waiting for 4 database threads to stop
Dec 17 13:43:06 alblas ns-slapd: [17/Dec/2018:13:43:06.295603458 +0100] - INFO -
dblayer_pre_close - All database threads now stopped
Dec 17 13:43:06 alblas ns-slapd: [17/Dec/2018:13:43:06.388499718 +0100] - INFO -
ldbm_back_instance_set_destructor - Set of instances destroyed
Dec 17 13:43:06 alblas ns-slapd: [17/Dec/2018:13:43:06.415985937 +0100] - INFO -
connection_post_shutdown_cleanup - slapd shutting down - freed 4 work q stack objects -
freed 6 op stack objects
Dec 17 13:43:06 alblas ns-slapd: [17/Dec/2018:13:43:06.449122641 +0100] - INFO - main -
slapd stopped.
Dec 17 13:43:07 alblas systemd: Stopped 389 Directory Server GHS-NL..
Dec 17 13:43:07 alblas ipactl: Hint: You can use --ignore-service-failure option for
forced start in case that a non-critical service failed
Dec 17 13:43:07 alblas ipactl: Aborting ipactl
Is there a sequence of systemctl commands I can try to eliminate
which service is actually the problem?
On 17-12-18 13:42, Brian Topping wrote:
You’re going to need to provide some basic errors in the logs.
Otherwise people are just going to be left to guess at a eleventy different things that
could go wrong and you’ll spend tons of time trying to chase them all down. It’s a bad use
of everyone’s time, including yours.
> On Dec 17, 2018, at 7:40 PM, Kees Bakker via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
>
> Hello,
>
> I want to move my IPA master to new hardware, but IPA does not
> want to start on that new hardware.
>
> /var/log/krb5kdc.log shows:
> krb5kdc: Server error - while fetching master key K/M for realm GHS.NL
>
> And then of course the rest of FreeIPA is not working either.
>
> I've basically copied the whole disk using rsync, and tweaked
> some things like ifcfg and fstab.
>
> The rsync command needs --numeric-ids, but other than that nothing
> else is needed, I think.
> rsync -ai -x --delete --numeric-ids oldmaster:/oldroot/ /croot/
>
> Also force a relabeling for SELINUX
> touch /croot/.autorelabel
>
> It boots alright, but IPA isn't started properly.
>
> Can someone shed some light on this? Does krb5kdc depend on its hardware?
> Is there documentation how to move an IPA master to other hardware?
> --
> Kees
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...