On Wed, Jul 22, 2015 at 11:39:25AM +0200, Torsten Harenberg wrote:
> Dear Alexander, dear Sumit,
> thank you very much indeed for the quick replies.
> Am 22.07.15 um 11:21 schrieb Sumit Bose:
> > Looks like there are issues getting the needed data from the local LDAP
> > server. The message below about the master key points into the same
> > direction. Can you check the 389ds logs?
> I have attached the
> /var/log/dirsrv/slapd-PLEIADES-UNI-WUPPERTAL-DE/errors file to the end
> of the mail, it's a bit larger.
> There are some "ticket expired" messages, could that point to the source
> of the problem?
> Am 22.07.15 um 11:22 schrieb Alexander Bokovoy:
> > Do you have 389-ds actually operating? If you would install debuginfo
> > packages, what does 'pstack <pid of ns-slapd>' print?
> here is the output:
Thank you for the logs. It looks like the KDC cannot talk to the LDAP
server and the LDAP server cannot talk to the KDC to renew a Kerberos
ticket. So we have to find out which came first. To rule out KDC lookup
issues it would be good if you can send the content for /etc/krb5.conf
and /var/lib/sss/pubconf/kdcinfo.* . Feel free to send it to Alexander
and me by private mail if you do not want to disclose details of your
environment on a public list.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project