Hello Guys,
I am having a bit of trouble keeping the krb5kdc service up for longer than 10mins. I
have
just installed Free IPA on our windows domain and can authenticate when the service is up
to the IPA server with my windows credentials.
I have just installed the development tools to run GBD but i am having issues.. is someone
able to please advise how to obtain a backtrace? with a simple guide? I'm not that
Linux savvy yet :)
The service errors with the following:
Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; disabled; vendor preset:
disabled)
Active: failed (Result: core-dump) since Mon 2021-04-26 10:09:02 AEST; 3h 55min ago
Process: 139132 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid $KRB5KDC_ARGS
(code=exited, status=0/SUCCESS)
Main PID: 139136 (code=dumped, signal=ABRT)
LOG
SSD_Example.com shows this around the same time the service stops
(2021-04-26 10:08:53): [be[linux.example.com]] [sdap_id_conn_data_expire_handler]
(0x0080): connection is about to expire, releasing it
(2021-04-26 10:09:01): [be[linux.example.com]] [sasl_bind_send] (0x0020): ldap_sasl_bind
failed (-2)[Local error]
(2021-04-26 10:09:01): [be[example.com]] [sasl_bind_send] (0x0080): Extended failure
message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code
may provide more information (Cannot contact any KDC for realm
'LINUX.EXAMPLE.COM')]
KRB5KDC.LOG
Apr 26 10:09:01
IPA01.linux.example.com krb5kdc[139141](info): AS_REQ (7 etypes
{aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), camellia256-cts-cmac(26),
aes128-cts-hmac-sha1-96(17), aes128-cts-hmac-sha256-128(19), camellia128-cts-cmac(25),
DEPRECATED:arcfour-hmac(23)}) 10.2.0.208: NEEDED_PREAUTH:
host/IPA01.linux.example.com(a)LINUX.EXAMPLE.COM for
krbtgt/LINUX.EXAMPLE.COM(a)LINUX.EXAMPLE.COM, Additional pre-authentication required
Apr 26 10:09:01
IPA01.linux.example.com krb5kdc[139141](info): closing down fd 12
Apr 26 10:09:01
IPA01.linux.example.com krb5kdc[139136](Error): worker 139142 exited with
status 134
Apr 26 10:09:01
IPA01.linux.example.com krb5kdc[139141](info): AS_REQ (7 etypes
{aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), camellia256-cts-cmac(26),
aes128-cts-hmac-sha1-96(17), aes128-cts-hmac-sha256-128(19), camellia128-cts-cmac(25),
DEPRECATED:arcfour-hmac(23)}) 10.2.0.208: ISSUE: authtime 1619395741, etypes
{rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-96(18),
ses=aes256-cts-hmac-sha1-96(18)},
host/IPA01.linux.example.com(a)LINUX.EXAMPLE.COM for
krbtgt/LINUX.EXAMPLE.COM(a)LINUX.EXAMPLE.COM
Apr 26 10:09:01
IPA01.linux.example.com krb5kdc[139141](info): closing down fd 11
Apr 26 10:09:01
IPA01.linux.example.com krb5kdc[139141](info): closing down fd 10
Apr 26 10:09:01
IPA01.linux.example.com krb5kdc[139141](info): closing down fd 9
Apr 26 10:09:01
IPA01.linux.example.com krb5kdc[139141](info): closing down fd 8
Apr 26 10:09:01
IPA01.linux.example.com krb5kdc[139141](info): shutting down
Apr 26 10:09:01
IPA01.linux.example.com krb5kdc[139141](info): IPA certauth plugin
un-loaded.
Thank in advance,
Ash