Here... [root@cd-p-ipa1 log]# ipactl status Directory Service: STOPPED Directory Service must be running in order to obtain status of other services ipa: INFO: The ipactl command was successful
[root@cd-p-ipa1 log]# systemctl status dirsrv@IPA-CANDEAL-CA.service -l ● dirsrv@IPA-CANDEAL-CA.service - 389 Directory Server IPA-CANDEAL-CA. Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2016-04-26 08:50:21 EDT; 30min ago Process: 6333 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pid -w /var/run/dirsrv/slapd-%i.startpid (code=exited, status=1/FAILURE) Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] - valueset_value_syntax_cmp: slapi_attr_values2keys_sv failed for type attributetypes Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-IPA-CANDEAL-CA/schema/00core.ldif (lineno: 1) is invalid, error code 21 (Invalid syntax) - attribute type aci: Unknown attribute syntax OID "1.3.6.1.4.1.1466.115.121.1.15" Apr 26 08:50:21 cd-p-ipa1.ipa.candeal.ca ns-slapd[6333]: [26/Apr/2016:08:50:21 -0400] dse - Please edit the file to correct the reported problems and then restart the server. [root@cd-p-ipa1 log]# Gady -----Original Message----- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Martin Babinsky Sent: April 26, 2016 9:17 AM To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] krb5kdc service not starting On 04/26/2016 03:13 PM, Gady Notrica wrote: > Hello world, > > > > I am having issues this morning with my primary IPA. See below the > details in the logs and command result. Basically, krb5kdc service not > starting - krb5kdc: Server error - while fetching master key. > > > > DNS is functioning. See below dig result. I have a trust with Windows AD. > > > > Please help…! > > > > [root@cd-ipa1 log]# systemctl status krb5kdc.service -l > > ● krb5kdc.service - Kerberos 5 KDC > > Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; disabled; > vendor preset: disabled) > > Active: failed (Result: exit-code) since Tue 2016-04-26 08:27:52 > EDT; 41min ago > > Process: 3694 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid > $KRB5KDC_ARGS (code=exited, status=1/FAILURE) > > > > Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: Starting Kerberos > 5 KDC... > > Apr 26 08:27:52 cd-ipa1.ipa.domain.localkrb5kdc[3694]: krb5kdc: cannot > initialize realm IPA.DOMAIN.LOCAL- see log file for details > > Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: krb5kdc.service: > control process exited, code=exited status=1 > > Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: Failed to start > Kerberos 5 KDC. > > Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: Unit > krb5kdc.service entered failed state. > > Apr 26 08:27:52 cd-ipa1.ipa.domain.localsystemd[1]: krb5kdc.service failed. > > [root@cd-ipa1 log]# > > > > Errors in /var/log/krb5kdc.log > > > > krb5kdc: Server error - while fetching master key K/M for realm > DOMAIN.LOCAL > > krb5kdc: Server error - while fetching master key K/M for realm > DOMAIN.LOCAL > > krb5kdc: Server error - while fetching master key K/M for realm > DOMAIN.LOCAL > > > > [root@cd-ipa1 log]# systemctl status httpd -l > > ● httpd.service - The Apache HTTP Server > > Loaded: loaded (/etc/systemd/system/httpd.service; disabled; vendor > preset: disabled) > > Active: failed (Result: exit-code) since Tue 2016-04-26 08:27:21 > EDT; 39min ago > > Docs: man:httpd(8) > > man:apachectl(8) > > Process: 3594 ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy > (code=exited, status=1/FAILURE) > > > > Apr 26 08:27:21 cd-ipa1.ipa.domain.localipa-httpd-kdcproxy[3594]: File > "/usr/lib/python2.7/siteackages/ipapython/ipaldap.py", line 1579, in > __wait_for_connection > > Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: > wait_for_open_socket(lurl.hostport, timeout) > > Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: > File "/usr/lib/python2.7/siteackages/ipapython/ipautil.py", line 1200, > in wait_for_open_socket > > Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: > raise e > > Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: > error: [Errno 2] No such file or directory > > Apr 26 08:27:21 cd-ipa1.ipa.domain.local ipa-httpd-kdcproxy[3594]: > ipa : ERROR Unknown error while retrieving setting from > ldapi://%2fvar%2frun%2fslapd-IPA-CANDEAL-CA.socket: [Errno 2] No such > file or directory > > Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: httpd.service: > control process exited, code=exited status=1 > > Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: Failed to start > The Apache HTTP Server. > > Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: Unit httpd.service > entered failed state. > > Apr 26 08:27:21 cd-ipa1.ipa.domain.localsystemd[1]: httpd.service failed. > > [root@cd-ipa1 log]# > > > > > > DNS Result for dig redhat.com > > > > ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> redhat.com > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5414 > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 2 > > > > ;; OPT PSEUDOSECTION: > > ; EDNS: version: 0, flags:; udp: 4096 > > ;; QUESTION SECTION: > > ;redhat.com. IN A > > > > ;; ANSWER SECTION: > > redhat.com. 60 IN A 209.132.183.105 > > > > ;; AUTHORITY SECTION: > > . 849 IN NS f.root-servers.net. > > . 849 IN NS e.root-servers.net. > > . 849 IN NS k.root-servers.net. > > . 849 IN NS m.root-servers.net. > > . 849 IN NS b.root-servers.net. > > . 849 IN NS g.root-servers.net. > > . 849 IN NS c.root-servers.net. > > . 849 IN NS h.root-servers.net. > > . 849 IN NS l.root-servers.net. > > . 849 IN NS a.root-servers.net. > > . 849 IN NS j.root-servers.net. > > . 849 IN NS i.root-servers.net. > > . 849 IN NS d.root-servers.net. > > > > ;; ADDITIONAL SECTION: > > j.root-servers.net. 3246 IN A 192.58.128.30 > > > > ;; Query time: 79 msec > > ;; SERVER: 10.20.10.41#53(10.20.10.41) > > ;; WHEN: Tue Apr 26 09:02:43 EDT 2016 > > ;; MSG SIZE rcvd: 282 > > > > Gady > > > > > It seems like Directory server is not running. Can you post result of 'ipactl status' and 'systemctl status dirsrv@IPA-CANDEAL-CA.service'? -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project