Patrick Hemmer wrote:
Figured it out.
Somehow during the upgrade process, the default_realm changed to one of
our other domains we use. I'm guessing some RPM postinstall script
pulled the domain out of sssd.conf as that's the only place on the box
where that domain is mentioned. We don't touch krb5.conf with any sort
of configuration management utility.

Anyway, after removing the domain from the krb5.conf and restoring the
original settings, ipa started up normally.

That's really strange.. I wonder if authconfig is doing something. What exactly did the file look like? We do try to update it to fix the dbmodules line but we already know the realm and domain from /etc/ipa/default.conf.

rob


-Patrick


------------------------------------------------------------------------
*From: *Patrick Hemmer <free...@stormcloud9.net>
*Sent: * 2014-04-08 11:52:34 E
*To: *freeipa-users@redhat.com
*Subject: *[Freeipa-users] /var/kerberos/krb5kdc/principal missing

I'm having the exact same issue as
http://www.redhat.com/archives/freeipa-users/2013-October/msg00009.html
I upgraded from RHEL-6.3 to RHEL-6.5, and now FreeIPA won't start due
to kadmind not starting.

The kadmind.log contains an extremely unhelpful:
Apr 08 11:31:20 i-31f62969 kadmind[20850](Error): No such file or
directory while initializing, aborting

Stracing `/usr/sbin/kadmind -P /var/run/kadmind.pid` results in:
open("/var/kerberos/krb5kdc/principal", O_RDONLY) = -1 ENOENT (No such
file or directory)
gettimeofday({1396971844, 51536}, NULL) = 0
open("/etc/localtime", O_RDONLY)        = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
fstat(4, {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7f25440dd000
read(4,
"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"...,
4096) = 3519
lseek(4, -2252, SEEK_CUR)               = 1267
read(4,
"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\5\0\0\0\0"...,
4096) = 2252
close(4)                                = 0
munmap(0x7f25440dd000, 4096)            = 0
write(3, "Apr 08 11:44:04 i-31f62969 kadmi"..., 105) = 105
write(2, "kadmind: No such file or directo"..., 64kadmind: No such
file or directory while initializing, aborting) = 64
close(3)                                = 0
munmap(0x7f25440df000, 4096)            = 0
exit_group(1)                           = ?

As requested in the linked thread, the dbmodules section looks like this:
[dbmodules]
  CLIFF.CLOUDBURRITO.COM = {
    db_library = ipadb.so
  }

Another important item of note, I have another IPA server which has
not been upgraded from 6.3 yet, and the file is missing there too, but
kadmind is currently running just fine...

Ideas?

-Patrick


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to