Petr,
I changed both the host file (actually did that before emailing) and
now I have changed the DNS manually in LDAP. I restart ipa and it still fails
on DNS startup. It says the following (after I manually start everything
else)
May 29 13:16:15 ip- named[9076]: set up managed keys zone for view _default,
file 'dynamic/managed-keys.bind'
May 29 13:16:15 ip- named[9076]: GSSAPI Error: Unspecified GSS failure. Minor
code may provide more information (Server krbtgt/[email protected] not
found in Kerberos database)
May 29 13:16:15 ip- named[9076]: bind to LDAP server failed: Local error
May 29 13:16:15 ip- named[9076]: loading configuration: failure
May 29 13:16:15 ip- named[9076]: exiting (due to fatal error)
Thanks,
_____________________________________________________
John Moyer
Director, IT Operations
On May 29, 2013, at 4:11 AM, Petr Spacek <[email protected]> wrote:
> On 29.5.2013 07:42, John Moyer wrote:
>> Yea I replaced both certs, however, in my troubleshooting I've found more
>> I'll say symptoms or potential problems, which may stem from this or be
>> independent from it.
>>
>> 1. Showing this error message on restarting the service:
>> EXAMPLE-COM...[29/May/2013:05:30:58 +0000] - SSL alert:
>> CERT_VerifyCertificateNow: verify certificate failed for cert MyIPA of
>> family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8172
>> - Peer's certificate issuer has been marked as not trusted by the user.)
>>
>> 2. This is on an AWS machine, and when I rebooted the internal IP of the
>> machine changed. I'm not sure if there are values in the Directory Server
>> that would have that internal IP in there which would cause a problem. The
>> external IP and DNS have stayed the same and I've tried to have all install
>> values match the external IP or external name for this exact reason.
>>
>> 3. The named service will no longer start, here are the errors getting put
>> in the /var/log/messages
>> May 29 05:31:01 ip-10-1-3-5 named[5592]: sizing zone task pool based on 6
>> zones
>> May 29 05:31:01 ip-10-1-3-5 named[5592]: /etc/named.conf:12: no forwarders
>> seen; disabling forwarding
>> May 29 05:31:01 ip-10-1-3-5 named[5592]: set up managed keys zone for view
>> _default, file 'dynamic/managed-keys.bind'
>> May 29 05:31:19 ip-10-1-3-5 named[5592]: Failed to init credentials (Cannot
>> contact any KDC for realm 'EXAMPLE.COM')
>> May 29 05:31:19 ip-10-1-3-5 named[5592]: loading configuration: failure May
>> 29 05:31:19 ip-10-1-3-5 named[5592]: exiting (due to fatal error)
>>
>> Any help in a right direction or theory to a right direction would be much
>> appreciated!
> Problems 2 and 3 might be caused by incorrect IP address in /etc/hosts and
> IPA DNS. Please correct content of /etc/hosts, start IPA and then correct IP
> addresses in IPA DNS.
>
> --
> Petr^2 Spacek
>
> _______________________________________________
> Freeipa-users mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
