md tabrez via FreeIPA-users wrote: > Hi Everyone, > got an issue with our ipa server, users cannot login into > there ipa account. > > failed to initialize credentials using keytab [MEMORY:/ETC/KRB5.KEYTAB]: > cannot contact any kdc for realm 'ABC.COM' unable to create GSSAPI-encrypted > ldap connection > > kerberos 5 kdc service status > krb5kdc.service - Kerberos 5 KDC > Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; disabled; > vendor preset: disabled) > Active: active (running) since Thu 2023-10-26 14:40:05 UTC; 2h 27min ago > Process: 927 ExecStart=/usr/sbin/krb5kdc -P /run/krb5kdc.pid > $KRB5KDC_ARGS (code=exited, status=0/SUCCESS) > Main PID: 928 (krb5kdc) > Tasks: 3 (limit: 9191) > Memory: 11.4M > CPU: 9.916s > CGroup: /system.slice/krb5kdc.service > ├─928 /usr/sbin/krb5kdc -P /run/krb5kdc.pid -w 2 > ├─929 /usr/sbin/krb5kdc -P /run/krb5kdc.pid -w 2 > └─930 /usr/sbin/krb5kdc -P /run/krb5kdc.pid -w 2 > > Oct 26 14:40:05 ipa.zerodha.com systemd[1]: Starting Kerberos 5 KDC... > Oct 26 14:40:05 ipa.zerodha.com systemd[1]: krb5kdc.service: Can't open PID > file /run/krb5kdc.pid (yet?) after start: Operation not permitted > Oct 26 14:40:05 ipa.zerodha.com systemd[1]: Started Kerberos 5 KDC.
What does ipactl say the status of the services are? Does /run/krb5kdc.pid exist? rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue