Hello everyone,

I have been running a freeIPA server on Scientific Linux 6.2 for about a year.  
Yesterday I  started not being able to run any "ipa-" commands.  Running kinit 
admin gives me the proper tickets, but when I run any ipa- command I get the 
following error:

ipa: ERROR: Kerberos error: Service u'h...@cyclone.esci.millersville.edu' not 
found in Kerberos database/.

I have no idea where the cyclone.esci.millersville.edu is coming from, as that 
used to be a Windows Domain server that was decommissioned years ago and is no 
longer in DNS, nor in /etc/hosts.  I even grep -R  all of the files in /etc and 
none refer to cyclone.  I checked the ipa config and krb5.conf files and they 
are pointing at the proper ipa server.

Checking log files I get these messages when I try to run ipa commands:

/var/log/httpd/error log:
Tue Mar 05 08:57:54 2013] [error] ipa: ERROR: 500 Internal Server Error: 
xmlserver.__call__: KRB5CCNAME not defined in HTTP request environment

/var/log/ipa
Mar 05 09:57:00 aurora.esci.millersville.edu krb5kdc[12534](info): TGS_REQ (4 
etypes {18 17 16 23}) 166.66.65.39: ISSUE: authtime 1362491436, etypes {rep=18 
tkt=18 ses=18}, admin@LINUX.DIRSRV.LOCAL for 
krbtgt/LINUX.DIRSRV.LOCAL@LINUX.DIRSRV.LOCAL
Mar 05 09:57:00 aurora.esci.millersville.edu krb5kdc[12534](info): TGS_REQ (4 
etypes {18 17 16 23}) 166.66.65.39: UNKNOWN_SERVER: authtime 0,  
admin@LINUX.DIRSRV.LOCAL for 
HTTP/cyclone.esci.millersville.edu@LINUX.DIRSRV.LOCAL, Server not found in 
Kerberos database

I Googled these error messages, but none of the results seemed to apply to my 
situation or didn't solve the problem  Can anyone point me in the right 
direction? Any help is greatly appreciated.

For what they are worth, here are my /etc/krb5.conf and /etc/ipa/default.conf 
files:

/etc/krb5.conf:

includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = LINUX.DIRSRV.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes

[realms]
LINUX.DIRSRV.LOCAL = {
  kdc = aurora.esci.millersville.edu:88
  admin_server = aurora.esci.millersville.edu:749
  default_domain = esci.millersville.edu
  pkinit_anchors = FILE:/etc/ipa/ca.crt
}

[domain_realm]
.esci.millersville.edu = LINUX.DIRSRV.LOCAL
esci.millersville.edu = LINUX.DIRSRV.LOCAL

[dbmodules]
#  LINUX.DIRSRV.LOCAL = {
#    db_library = kldap
#    ldap_servers = ldapi://%2fvar%2frun%2fslapd-LINUX-DIRSRV-LOCAL.socket
#    ldap_kerberos_container_dn = cn=kerberos,dc=linux,dc=dirsrv,dc=local
#    ldap_kdc_dn = uid=kdc,cn=sysaccounts,cn=etc,dc=linux,dc=dirsrv,dc=local
#    ldap_kadmind_dn = uid=kdc,cn=sysaccounts,cn=etc,dc=linux,dc=dirsrv,dc=local
#    ldap_service_password_file = /var/kerberos/krb5kdc/ldappwd
#  }

  LINUX.DIRSRV.LOCAL = {
    db_library = ipadb.so
  }

/etc/ipa/default.conf

[global]
host=aurora.esci.millersville.edu
basedn=dc=linux,dc=dirsrv,dc=local
realm=LINUX.DIRSRV.LOCAL
domain=esci.millersville.edu
xmlrpc_uri=https://aurora.esci.millersville.edu/ipa/xml
ldap_uri=ldapi://%2fvar%2frun%2fslapd-LINUX-DIRSRV-LOCAL.socket
enable_ra=True
ra_plugin=dogtag
mode=production


+++++++++++++++++++++++
David Fitzgerald
Department of Earth Sciences
Millersville University
Millersville, PA 17551

Phone: 717-871-2394

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to