On Thu, Jul 23, 2015 at 08:35:45AM +0200, Torsten Harenberg wrote:
> Huu.. situation is getting worse.
> Even after a full reboot, slapd does not start at all anymore on the
> primary server.
> This is the full log (looks like the realm is missing suddenly?):


> [23/Jul/2015:08:25:09 +0200] set_krb5_creds - Could not get initial
> credentials for principal [ldap/ipa@] in keytab [FILE:/etc/krb5.keytab]:
> -1765328164 (Cannot resolve network address for KDC in requested realm)

The principal looks strange, I would at least expect the fully-qualified
name of the ipa server here. What does the 'hostname' command return? It
is expected that it will return the fully-qualified name. Additionally if
you added the ipa server to /etc/hosts please only use the
fully-qualified name to be on the safe side (iirc it is ok to have the
short name as a second name, but the fully-qualified one should be
always first).

The keytab file /etc/krb5.keytab looks strange here. Later on the right
one /etc/dirsrv/ds.keytab is used. Did you try to run the
/usr/sbin/ns-slapd binary manually at some time?


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to