Am Mon, Apr 26, 2021 at 04:20:57AM -0000 schrieb Ash Ryder: > Hello Guys, > > I am having a bit of trouble keeping the krb5kdc service up for longer than > 10mins. I have just installed Free IPA on our windows domain and can > authenticate when the service is up to the IPA server with my windows > credentials. Any help would be much appreciated. Please let me know which > required information/logs would assist. > > The service errors with the following: > > Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; disabled; vendor > preset: disabled) > Active: failed (Result: core-dump) since Mon 2021-04-26 10:09:02 AEST; 3h > 55min ago > Process: 139132 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid > $KRB5KDC_ARGS (code=exited, status=0/SUCCESS) > Main PID: 139136 (code=dumped, signal=ABRT)
Hi, it looks like krb5kdc failed with a core dump. Please check the backtrace if there is a hint why it failed or send the backtrace to the freeipa-users list https://lists.fedoraproject.org/archives/list/freeipa-users%40lists.fedorahosted.org/ to see if this is a known issue. bye, Sumit > > LOG SSD_Example.com shows this around the same time the service stops > > (2021-04-26 10:08:53): [be[linux.example.com]] > [sdap_id_conn_data_expire_handler] (0x0080): connection is about to expire, > releasing it > (2021-04-26 10:09:01): [be[linux.example.com]] [sasl_bind_send] (0x0020): > ldap_sasl_bind failed (-2)[Local error] > (2021-04-26 10:09:01): [be[example.com]] [sasl_bind_send] (0x0080): Extended > failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS > failure. Minor code may provide more information (Cannot contact any KDC for > realm 'LINUX.EXAMPLE.COM')] > > KRB5KDC.LOG > > Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): AS_REQ (7 > etypes {aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), > camellia256-cts-cmac(26), aes128-cts-hmac-sha1-96(17), > aes128-cts-hmac-sha256-128(19), camellia128-cts-cmac(25), > DEPRECATED:arcfour-hmac(23)}) 10.2.0.208: NEEDED_PREAUTH: > host/[email protected] for > krbtgt/[email protected], Additional pre-authentication > required > Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down > fd 12 > Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139136](Error): worker 139142 > exited with status 134 > Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): AS_REQ (7 > etypes {aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), > camellia256-cts-cmac(26), aes128-cts-hmac-sha1-96(17), > aes128-cts-hmac-sha256-128(19), camellia128-cts-cmac(25), > DEPRECATED:arcfour-hmac(23)}) 10.2.0.208: ISSUE: authtime 1619395741, etypes > {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-96(18), > ses=aes256-cts-hmac-sha1-96(18)}, > host/[email protected] for > krbtgt/[email protected] > Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down > fd 11 > Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down > fd 10 > Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down > fd 9 > Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down > fd 8 > Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): shutting down > Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): IPA certauth > plugin un-loaded. > > Thank in advance, > Ash > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
