Vu Nguyen via FreeIPA-devel wrote: > After 7days, I tried to log in freeipa webUI and got this "Login failed due > to an unknown reason" message. So I rebooted my machine. After that I cannot > connect to freeipa webUI. Then I check ipa.service and got some errors > related to krb5 like "Failed to start krb5kdc Service" so I tried to start > krb5kdc.service but get errors too. Which is "krb5kdc: cannot initialize > realm". I checked the log file and got something might helpful : > "Cannot find master key record in database - while fetching master keys list > for realm" > "Didn't connect to LDAP on startup: 110" > "Server error - while fetching master key K/M for realm" > I also tried to run "kinit admin" command and got this message "kinit: Cannot > contact any KDC for realm" > I guess it is because my certificate expired which lead to this issue. Does > anyone know what should I do to fix this issue and prevent it in the future?
What are the 7 days? Is this seven days after the initial installation? Certificates are good for two years. The root cause appears that the LDAP server (389-ds) did not start. The logs are in /var/log/dirsrv/slapd-REALM. I'd suggest taking a look at errors. And/or try ipactl restart. It'll fail pretty quickly if 389-ds won't start and again, the logs should tell you what happened. rob _______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
