On Thu, Jul 23, 2015 at 08:35:45AM +0200, Torsten Harenberg wrote: > Huu.. situation is getting worse. > > Even after a full reboot, slapd does not start at all anymore on the > primary server. > > This is the full log (looks like the realm is missing suddenly?): >
... > [23/Jul/2015:08:25:09 +0200] set_krb5_creds - Could not get initial > credentials for principal [ldap/ipa@] in keytab [FILE:/etc/krb5.keytab]: > -1765328164 (Cannot resolve network address for KDC in requested realm) The principal looks strange, I would at least expect the fully-qualified name of the ipa server here. What does the 'hostname' command return? It is expected that it will return the fully-qualified name. Additionally if you added the ipa server to /etc/hosts please only use the fully-qualified name to be on the safe side (iirc it is ok to have the short name as a second name, but the fully-qualified one should be always first). The keytab file /etc/krb5.keytab looks strange here. Later on the right one /etc/dirsrv/ds.keytab is used. Did you try to run the /usr/sbin/ns-slapd binary manually at some time? bye, Sumit -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project