[Freeipa-users] Re: kadmin service fails to start
Hi Mike It's prolly too late but you could have tried this as root to identify which process had port 749 open: netstat -pan | grep LISTEN | grep 749 Regards Angus From: Mike Conner via FreeIPA-users Sent: Wednesday, September 4, 2019 5:35:57 AM To: freeipa-users@lists.fedorahosted.org Cc: Mike Conner Subject: [Freeipa-users] Re: kadmin service fails to start I decided to reboot the master and the services came back up without a problem. Is it likely I was experiencing the bug that I linked earlier, and that just restarting the rpcbind service isn't enough to free the port for kadmin to use? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: kadmin service fails to start
I decided to reboot the master and the services came back up without a problem. Is it likely I was experiencing the bug that I linked earlier, and that just restarting the rpcbind service isn't enough to free the port for kadmin to use? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: kadmin service fails to start
The most useful bit of information I've found so far is this from the kadmind log: kadmind[14297](Error): Failed setting up a RPC socket (for 0.0.0.0.749) kadmind: Address already in use - Error setting up network I read that this can be caused by the rpcbind service taking over the port (https://bugzilla.redhat.com/show_bug.cgi?id=1592883) I've restarted the rpcbind service, but still cannot start the kadmin service. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] services disabled by default on replicas ?
Hello, I'm running freeipa 4.5.0-20 on CentOS Linux release 7.4.1708 (Core) I've noticed that when rebooting my replica, things are not working anymore on this replica, as I can't get a kinit work for example. It seems that services are disabled by default and I wonder if this is normal ? Should we enable these services manually ? After restarting everything with an ipactl command, it then is working. Thanks in advance for your answers, below are my commands and their results. D.L. # kinit admin kinit: Cannot contact any KDC for realm 'IPB.RHCE.LOCAL' while getting initial credentials # systemctl status kadmin.service ● kadmin.service - Kerberos 5 Password-changing and Administration Loaded: loaded (/usr/lib/systemd/system/kadmin.service; disabled; vendor preset: disabled) Active: inactive (dead) # ipactl status Directory Service: RUNNING krb5kdc Service: STOPPED kadmin Service: STOPPED httpd Service: STOPPED ipa-custodia Service: STOPPED ntpd Service: STOPPED pki-tomcatd Service: STOPPED ipa-otpd Service: STOPPED ipa: INFO: The ipactl command was successful # ipactl restart Failed to get service list from file: Unknown error when retrieving list of services from file: [Errno 2] No such file or directory: '/var/run/ipa/services.list' Restarting Directory Service Restarting krb5kdc Service Restarting kadmin Service Restarting httpd Service Restarting ipa-custodia Service Restarting ntpd Service Restarting pki-tomcatd Service Restarting ipa-otpd Service ipa: INFO: The ipactl command was successful # kinit admin Password for ad...@ipb.rhce.LOCAL: # klist Ticket cache: KEYRING:persistent:0:0 Default principal: ad...@ipb.rhce.LOCAL Valid starting ExpiresService principal 03/09/19 23:55:09 04/09/19 23:55:08 krbtgt/ipb.rhce.lo...@ipb.rhce.LOCAL ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] kadmin service fails to start
I've had a FreeIPA installation running without issues until today directory services went down and when I attempt to restart services using `ipactl restart` the kadmin service fails to start. I've been digging through logs and searching for answers but haven't found anything that makes sense to me. The only change I introduced (that I'm aware of) was that I upgraded ipa-server on the replica a week or two ago. Master is running IPA 4.5 and replica is running IPA 4.6. Any help with troubleshooting would be greatly appreciated. -Mike ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org