There is a bunch of interesting order-of-events issues I'm discovering with what I'm doing, and because of that it is creating errors that are obscured in the packaging process. I don't know if there's a fix, or just some alerts, etc. The package failure appears to be because I did NOT set up a realm; intending to use ldap as the backend, I figured I would NOT have krb5-kdc config create an initial realm. This means when it tries to start the service, I get this in the logs:
Cannot open DB2 database '/var/lib/krb5kdc/principal': No such file or directory - while initializing database for realm SUBDOMAIN.DOMAIN.COM The realm is defined by the install of krb5-config, so it knows the realm it wants to use. So, fine, maybe that's expected; then I go in and run krb5_ldap_util to create the realm, and THAT led to another error...the tool doesn't support TLS. I get "Confidentiality required while initializing database" which indicates a TLS error. Disabled forcing of tls on the ldap server and I could initialize the realm, stash everything needed in keyfiles, and I was off to the races. I don't know if there is a packaging fix (other than the advice from the maintainers above about handling the systemd calls knowing they will fail) but it's been interesting to troubleshoot. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/2003756 Title: Cannot configure krb5-kdc on Ubuntu Jammy 22.04.01, "Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142." Status in init-system-helpers package in Ubuntu: New Status in krb5 package in Ubuntu: New Bug description: I have a fresh install of Ubuntu Server 22.04.01 LTS. After installing the server and running all updates, I run the following command: apt -y install slapd ldap-utils schema2ldif sasl2-bin libsasl2-modules-gssapi-mit krb5-kdc-ldap krb5-admin-server krb5-kdc This will be installing krb5-kdc 1.19.2-2. This is in preparation for setting up an OpenLDAP server, a Kerberos server with an LDAP backend, and saslauthd for pass-through authentication. krb5-kdc was auto-selected when running the steps in the guide here in my development environment: https://ubuntu.com/server/docs/service-kerberos-with-openldap-backend When installing that, I get the following in the output: Setting up krb5-kdc (1.19.2-2) ... Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /lib/systemd/system/krb5-kdc.service. Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142. I do get the prompts for the realm, kdc, and admin server hostnames, and they are reflected in /etc/krb5.conf. If I then run the following: dpkg-reconfigure krb5-kdc I am prompted for whether I want the package to create the Kerberos KDC configuration automatically, and when I say yes, it then repeats the following error: Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142. I cannot find any further debug in the syslog or anything to indicate what the root cause is; the list of packages here are all installed together on a separate development server where I experimented with the configuration I will be deploying here in production so I don't think it's incompatible packages in the install list, but I am open to feedback on that. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/init-system-helpers/+bug/2003756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
