Hi Team,
Krb5kdc and kadmin services not getting started
PFB error logs
As you can see we are getting "Kerberos User Principal not found. Do you have a valid Credential Cache?" upon getting new keytab
[root@dir ~]# tail -f /var/log/krb5kdc.log
krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM
-------------------------------------------------------------------------------------------------------
[root@dir ~]# [root@dir ~]# [root@dir ~]# tail -f /var/log/kadmind.log
Jul 24 19:49:57 dir.IPA.DOMAIN.COM kadmind[211105](Error): Server error while initializing, aborting
Jul 24 19:56:29 dir.IPA.DOMAIN.COM kadmind[2807](Error): Server error while initializing, aborting
Jul 24 20:50:50 dir.IPA.DOMAIN.COM kadmind[5803](Error): Server error while initializing, aborting
Jul 24 20:55:02 dir.IPA.DOMAIN.COM kadmind[6560](Error): Server error while initializing, aborting
Jul 24 21:39:45 dir.IPA.DOMAIN.COM kadmind[9520](Error): Server error while initializing, aborting
----------------------------------------------------------------------------------------------------------
[root@dir ~]# [root@dir ~]# [root@dir ~]# klist -kt Keytab name: FILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 1 05/14/2019 13:23:12 host/dir.IPA.DOMAIN.COM@IPA.DOMAIN.COM 1 05/14/2019 13:23:12 host/dir.IPA.DOMAIN.COM@IPA.DOMAIN.COM
---------------------------------------------------------------------------------------------------------- [root@dir ~]# [root@dir ~]# [root@dir ~]# mv /etc/krb5.keytab /etc/krb5.keytab-bak [root@dir ~]#
------------------------------------------------------------------------------------------------------------
[root@dir ~]# ipa-getkeytab -s central01.ipa.domain.com -p host/dir.IPA.DOMAIN.COM@IPA.DOMAIN.COM -k /etc/krb5.keytab Kerberos User Principal not found. Do you have a valid Credential Cache? [root@dir ~]# [root@dir ~]#
Regards Sai
________________________________
DISCLAIMER: The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Further, this e-mail may contain viruses and all reasonable precaution to minimize the risk arising there from is taken by OnMobile. OnMobile is not liable for any damage sustained by you as a result of any virus in this e-mail. All applicable virus checks should be carried out by you before opening this e-mail or any attachment thereto. Thank you - OnMobile Global Limited.
Polavarapu Manideep Sai via FreeIPA-users wrote:
Hi Team,
Krb5kdc and kadmin services not getting started
PFB error logs
As you can see we are getting Kerberos User Principal not found. Do you have a valid Credential Cache? upon getting new keytab
[root@dir ~]# tail -f /var/log/krb5kdc.log
krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM
krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM
krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM
krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM
krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM
krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM
krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM
krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM
krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM
krb5kdc: Server error - while fetching master key K/M for realm IPA.DOMAIN.COM
Ensure that your 389-ds server is running. The Kerberos master key is stored in LDAP so if that isn't running nothing else will work.
rob
[root@dir ~]#
[root@dir ~]#
[root@dir ~]# tail -f /var/log/kadmind.log
Jul 24 19:49:57 dir.IPA.DOMAIN.COM kadmind[211105](Error): Server error while initializing, aborting
Jul 24 19:56:29 dir.IPA.DOMAIN.COM kadmind[2807](Error): Server error while initializing, aborting
Jul 24 20:50:50 dir.IPA.DOMAIN.COM kadmind[5803](Error): Server error while initializing, aborting
Jul 24 20:55:02 dir.IPA.DOMAIN.COM kadmind[6560](Error): Server error while initializing, aborting
Jul 24 21:39:45 dir.IPA.DOMAIN.COM kadmind[9520](Error): Server error while initializing, aborting
[root@dir ~]#
[root@dir ~]#
[root@dir ~]# klist -kt
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
1 05/14/2019 13:23:12 host/dir.IPA.DOMAIN.COM@IPA.DOMAIN.COM
1 05/14/2019 13:23:12 host/dir.IPA.DOMAIN.COM@IPA.DOMAIN.COM
[root@dir ~]#
[root@dir ~]#
[root@dir ~]# mv /etc/krb5.keytab /etc/krb5.keytab-bak
[root@dir ~]#
[root@dir ~]# ipa-getkeytab -s central01.ipa.domain.com -p host/dir.IPA.DOMAIN.COM@IPA.DOMAIN.COM -k /etc/krb5.keytab
Kerberos User Principal not found. Do you have a valid Credential Cache?
[root@dir ~]#
[root@dir ~]#
Regards
Sai
DISCLAIMER: The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Further, this e-mail may contain viruses and all reasonable precaution to minimize the risk arising there from is taken by OnMobile. OnMobile is not liable for any damage sustained by you as a result of any virus in this e-mail. All applicable virus checks should be carried out by you before opening this e-mail or any attachment thereto. Thank you - OnMobile Global Limited.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
freeipa-users@lists.fedorahosted.org
-
Polavarapu Manideep Sai -
Rob Crittenden