[Freeipa-users] Re: Replica won't start

Thu, 06 Dec 2018 05:43:22 -0800 

I'll check it out. Thanks, Flo!


On 12/06/2018 08:39 AM, Florence Blanc-Renaud wrote:

On 12/6/18 1:32 PM, Bret Wortman via FreeIPA-users wrote:
After a reboot, my IPA replica won't start. I've tracked it down to an error in the named startup. From /var/log/messages(all messags from named-pkcs11):
bind-dyndb-ldap version 11.1 compiled at 13:38:22 Aug 23 2017, complier 4.8.5 20150623 (Red Hat 4.8.5-16) 
LDAP error: Invalid credentials: bind to LDAP server failed
couldn't establish connection in LDAP connection pool: permission denied
dynamic database 'ipa' configuration failed:
loading configuration: permission denied
exiting (due to fatal error)

So I tried manually:

# kinit -kt /etc/named.keytab DNS/ipa3.spx....@my.net
# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: DNS/asipa3.spx....@my.net

Valid starting       Expires              Service principal
12/06/2018 12:26:17  12/07/2018 12:26:17 krbtgt/my....@my.net
I've restarted now using ipactl start --ignore-service-failure but where should I be looking next to get this fixed? 



Hi,

you can find a lot of information in this page:
https://docs.pagure.org/bind-dyndb-ldap/BIND9/NamedCannotStart.html

flo


--
photo

*Bret Wortman*
Founder, Damascus Products, LLC
855-644-2783 <tel:855-644-2783> | b...@wrapbuddies.co <mailto:b...@wrapbuddies.co> 

http://wrapbuddies.co/

70 Main St. Suite 23 Warrenton, VA 20186

<http://facebook.com/wrapbuddiesco>
    <http://www.linkedin.com/in/bretwortman>
    <http://twitter.com/wrapbuddiesco>
    <http://instagram.com/wrapbuddies>



_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org 
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org 






_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

Reply via email to