In one of those weird things I can only blame on gremlins, time seems to have been the answer. I recently ran "ipactl start" again and it worked.
-- Bret Wortman bret.wort...@damascusgrp.com On Thu, Jun 3, 2021, at 1:19 PM, Bret Wortman via FreeIPA-users wrote: > It's an ancient server, and one I'm trying to get us off of, but it's > our current primary IPA server on this network and named didn't like > its last reboot and is erroring on startup: > > [root@ipa1 ~]# systemctl status -l named-pkcs11.service > ● named-pkcs11.service - Berkeley Internet Name Domain (DNS) with > native PKCS#11 > Loaded: loaded (/usr/lib/systemd/system/named-pkcs11.service; > disabled) > Active: failed (Result: exit-code) since Thu 2021-06-03 12:47:25 > EDT; 13min ago > Process: 1055 ExecStart=/usr/sbin/named-pkcs11 -u named $OPTIONS > (code=exited, status=1/FAILURE) > Process: 1053 ExecStartPre=/usr/sbin/named-checkconf -z > /etc/named.conf (code=exited, status=0/SUCCESS) > > Jun 03 12:47:25 ipa1.our.net named-pkcs11[1057]: bind-dyndb-ldap > version 6.1 compiled at 17:24:34 Dec 2 2014, compiler 4.9.2 20141101 > (Red Hat 4.9.2-1) > Jun 03 12:47:25 ipa1.our.net named-pkcs11[1057]: option > 'serial_autoincrement' is not supported, ignoring > Jun 03 12:47:25 ipa1.our.net named-pkcs11[1057]: GSSAPI client step 1 > Jun 03 12:47:25 ipa1.our.net named-pkcs11[1057]: GSSAPI client step 1 > Jun 03 12:47:25 ipa1.our.net named-pkcs11[1057]: LDAP error: Invalid > credentials: SASL(-13): authentication failure: GSSAPI Failure: > gss_accept_sec_context: bind to LDAP server failed > Jun 03 12:47:25 ipa1.our.net named-pkcs11[1057]: couldn't establish > connection in LDAP connection pool: permission denied > Jun 03 12:47:25 ipa1.our.net systemd[1]: named-pkcs11.service: control > process exited, code=exited status=1 > Jun 03 12:47:25 ipa1.our.net systemd[1]: Failed to start Berkeley > Internet Name Domain (DNS) with native PKCS#11. > Jun 03 12:47:25 ipa1.our.net systemd[1]: Unit named-pkcs11.service > entered failed state. > Jun 03 12:47:25 ipa1.our.net systemd[1]: named-pkcs11.service failed. > > One of its replicas is still up and running so I'm not in emergency > crisis mode yet. > > This server is running Fedora 21 and ipa-server 4.1.4-1. > > We got here as I was trying to take this server and replicate it to a > C7 box running a more recent ipa-server (4.6.8-5) but couldn't get the > replication to work. Along the way, I rebooted the F21 server and it > came back in this state. > > What should I try next to get it back? > > > -- > Bret Wortman > bret.wort...@damascusgrp.com > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure