Sure I understand that, but this error in /var/log/krb5kdc.log is basically all I have. krb5kdc: Server error - while fetching master key K/M for realm GHS.NL
The system is Centos 7. OK, here are some lines from /var/log/messages, if that helps. Dec 17 13:43:01 alblas named-pkcs11[9684]: LDAP error: Invalid credentials: bind to LDAP server failed Dec 17 13:43:01 alblas named-pkcs11[9684]: couldn't establish connection in LDAP connection pool: permission denied Dec 17 13:43:01 alblas named-pkcs11[9684]: dynamic database 'ipa' configuration failed: permission denied Dec 17 13:43:01 alblas named-pkcs11[9684]: loading configuration: permission denied Dec 17 13:43:01 alblas named-pkcs11[9684]: exiting (due to fatal error) Dec 17 13:43:01 alblas systemd: named-pkcs11.service: control process exited, code=exited status=1 Dec 17 13:43:01 alblas systemd: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11. Dec 17 13:43:01 alblas systemd: Unit named-pkcs11.service entered failed state. Dec 17 13:43:01 alblas systemd: named-pkcs11.service failed. Dec 17 13:43:01 alblas systemd: Reached target Host and Network Name Lookups. Dec 17 13:43:01 alblas systemd: Starting Host and Network Name Lookups. Dec 17 13:43:01 alblas ipactl: Failed to start named Service Dec 17 13:43:01 alblas ipactl: Shutting down Dec 17 13:43:01 alblas systemd: Stopping Kerberos 5 KDC... Dec 17 13:43:01 alblas systemd: Stopped Kerberos 5 KDC. Dec 17 13:43:01 alblas systemd: Stopping Kerberos 5 Password-changing and Administration... Dec 17 13:43:01 alblas systemd: kadmin.service: main process exited, code=exited, status=2/INVALIDARGUMENT Dec 17 13:43:01 alblas systemd: Stopped Kerberos 5 Password-changing and Administration. Dec 17 13:43:01 alblas systemd: Unit kadmin.service entered failed state. Dec 17 13:43:01 alblas systemd: kadmin.service failed. Dec 17 13:43:01 alblas systemd: Stopping 389 Directory Server GHS-NL.... Dec 17 13:43:01 alblas ns-slapd: [17/Dec/2018:13:43:01.678884473 +0100] - INFO - op_thread_cleanup - slapd shutting down - signaling operation threads - op stack size 6 max work q size 4 max work q stack size 4 Dec 17 13:43:01 alblas ns-slapd: [17/Dec/2018:13:43:01.737634634 +0100] - INFO - slapd_daemon - slapd shutting down - waiting for 18 threads to terminate Dec 17 13:43:01 alblas ns-slapd: [17/Dec/2018:13:43:01.775014892 +0100] - INFO - slapd_daemon - slapd shutting down - closing down internal subsystems and plugins Dec 17 13:43:05 alblas ns-slapd: [17/Dec/2018:13:43:05.190616894 +0100] - INFO - dblayer_pre_close - Waiting for 4 database threads to stop Dec 17 13:43:06 alblas ns-slapd: [17/Dec/2018:13:43:06.295603458 +0100] - INFO - dblayer_pre_close - All database threads now stopped Dec 17 13:43:06 alblas ns-slapd: [17/Dec/2018:13:43:06.388499718 +0100] - INFO - ldbm_back_instance_set_destructor - Set of instances destroyed Dec 17 13:43:06 alblas ns-slapd: [17/Dec/2018:13:43:06.415985937 +0100] - INFO - connection_post_shutdown_cleanup - slapd shutting down - freed 4 work q stack objects - freed 6 op stack objects Dec 17 13:43:06 alblas ns-slapd: [17/Dec/2018:13:43:06.449122641 +0100] - INFO - main - slapd stopped. Dec 17 13:43:07 alblas systemd: Stopped 389 Directory Server GHS-NL.. Dec 17 13:43:07 alblas ipactl: Hint: You can use --ignore-service-failure option for forced start in case that a non-critical service failed Dec 17 13:43:07 alblas ipactl: Aborting ipactl Is there a sequence of systemctl commands I can try to eliminate which service is actually the problem? On 17-12-18 13:42, Brian Topping wrote: > You’re going to need to provide some basic errors in the logs. Otherwise > people are just going to be left to guess at a eleventy different things that > could go wrong and you’ll spend tons of time trying to chase them all down. > It’s a bad use of everyone’s time, including yours. > >> On Dec 17, 2018, at 7:40 PM, Kees Bakker via FreeIPA-users >> <[email protected]> wrote: >> >> Hello, >> >> I want to move my IPA master to new hardware, but IPA does not >> want to start on that new hardware. >> >> /var/log/krb5kdc.log shows: >> krb5kdc: Server error - while fetching master key K/M for realm GHS.NL >> >> And then of course the rest of FreeIPA is not working either. >> >> I've basically copied the whole disk using rsync, and tweaked >> some things like ifcfg and fstab. >> >> The rsync command needs --numeric-ids, but other than that nothing >> else is needed, I think. >> rsync -ai -x --delete --numeric-ids oldmaster:/oldroot/ /croot/ >> >> Also force a relabeling for SELINUX >> touch /croot/.autorelabel >> >> It boots alright, but IPA isn't started properly. >> >> Can someone shed some light on this? Does krb5kdc depend on its hardware? >> Is there documentation how to move an IPA master to other hardware? >> -- >> Kees >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
