Package: krb5-admin-server
Version: 1.12.1+dfsg-14
Severity: normal
Hi everybody,
my system (Debian-LAN) combines krb5-kdc-ldap and kadmind on the same host.
On startup, kadmind tries to contact slapd and fails, because slapd is not
available yet:
$ systemctl status krb5-admin-server
● krb5-admin-server.service - Kerberos 5 Admin Server
Loaded: loaded (/lib/systemd/system/krb5-admin-server.service; enabled)
Active: failed (Result: exit-code) since Sat 2014-11-15 18:10:32 CET; 12min
ago
Process: 897 ExecStart=/usr/sbin/kadmind -nofork $DAEMON_ARGS (code=exited,
status=1/FAILURE)
Main PID: 897 (code=exited, status=1/FAILURE)
Nov 15 18:10:31 mainserver kadmind[897]: Couldn't open log file
/var/log/krb5.log: Read-only file system
Nov 15 18:10:32 mainserver kadmind[897]: Cannot bind to LDAP server 'ldapi://'
as 'cn=kadmin,cn=kerberos,dc=intern': Can't contact LDAP server while
initializing, aborting
Nov 15 18:10:32 mainserver kadmind[897]: kadmind: Cannot bind to LDAP server
'ldapi://' as 'cn=kadmin,cn=kerberos,dc=intern': Can't contact LDAP server
while initializing, aborting
Nov 15 18:10:32 mainserver systemd[1]: krb5-admin-server.service: main process
exited, code=exited, status=1/FAILURE
Nov 15 18:10:32 mainserver systemd[1]: Unit krb5-admin-server.service entered
failed state.
I fixed the issue so far by adding the directory
'/lib/system/krb5-admin-server.service.d/'
containing the file 'kdc-before-admind.conf' with:
[Unit]
After=krb5-kdc.service
This is comparable to the fix for krb5-kdc-ldap (cf.
'/lib/system/krb5-kdc.service.d/').
It would be great if the setup would work out of the box, i.e. if a
krb5-kdc.service is
on the same host, start krb5-admin-server.service after krb5-kdc.service.
Many thanks and best regards,
Andi
-- System Information:
Debian Release: jessie/sid
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages krb5-admin-server depends on:
ii debconf [debconf-2.0] 1.5.53
ii init-system-helpers 1.21
ii krb5-kdc 1.12.1+dfsg-14
ii libc6 2.19-13
ii libcomerr2 1.42.12-1
ii libgssapi-krb5-2 1.12.1+dfsg-14
ii libgssrpc4 1.12.1+dfsg-14
ii libk5crypto3 1.12.1+dfsg-14
ii libkadm5srv-mit9 1.12.1+dfsg-14
ii libkdb5-7 1.12.1+dfsg-14
ii libkeyutils1 1.5.9-5
ii libkrb5-3 1.12.1+dfsg-14
ii libkrb5support0 1.12.1+dfsg-14
ii libss2 1.42.12-1
ii libverto1 0.2.4-1
ii lsb-base 4.1+Debian13+nmu1
krb5-admin-server recommends no packages.
krb5-admin-server suggests no packages.
-- debconf information:
* krb5-admin-server/kadmind: true
krb5-admin-server/newrealm:
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
