Hello, After upgrading to Fedora 29, Kerberos on the primary Free IPA is not working. Another FreeIPA replica failed to start. It is because Kerberos (GSSAPI) is not working and ns-slapd cannot start. Replication agreement cannot be established via Kerberos (GSSAPI)
I got this messages in for the kernel log.
Dec 27 02:00:05 server1 kernel: [ 2551.272984] krb5_child[25058]: segfault at 6e ip 00007f58ae29464e sp 00007fffb5047bf0 error 4 in libkrb5.so.3.3[7f58ae26b000+71000] Dec 27 02:00:05 server1 kernel: [ 2551.273449] Code: fc bf 28 00 00 00 55 53 48 83 ec 18 64 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 e8 2b 9b fd ff 48 85 c0 0f 84 02 01 00 00 <f3> 41 0f 6f 07 f3 41 0f 6f 4f 10 48 89 c3 49 63 7f 20 0f 11 00 0f Dec 27 02:00:05 server1 kernel: [ 2551.272984] krb5_child[25058]: segfault at 6e ip 00007f58ae29464e sp 00007fffb5047bf0 error 4 in libkrb5.so.3.3[7f58ae26b000+71000] Dec 27 02:00:05 server1 kernel: [ 2551.273449] Code: fc bf 28 00 00 00 55 53 48 83 ec 18 64 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 e8 2b 9b fd ff 48 85 c0 0f 84 02 01 00 00 <f3> 41 0f 6f 07 f3 41 0f 6f 4f 10 48 89 c3 49 63 7f 20 0f 11 00 0f Any ideas? FYI I had already opened a ticket in bugzilla: 1662175 – Segfault in freeipa/krb5_child after upgrading to Fedora 29
| | | | 1662175 – Segfault in freeipa/krb5_child after upgrading to Fedora 29
|
|
|
Thanks,Patrick
Patrick Dung via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
Hello, After upgrading to Fedora 29, Kerberos on the primary Free IPA is not working. Another FreeIPA replica failed to start. It is because Kerberos (GSSAPI) is not working and ns-slapd cannot start. Replication agreement cannot be established via Kerberos (GSSAPI)
This should be addressed in the latest versions of krb5 (krb5-1.16.1-23.fc29). Let me know if it's not by filing a bug!
Thanks, --Robbie
Installed krb5-1.16.1-23.fc29 and it looks fine
Thanks, Patrick
freeipa-users@lists.fedorahosted.org