When DNS plugin is installed via ipa-dns-install and user has a valid Kerberos ticket at the time, the DNS installation is corrupt and named won't start:
ipa-dns-install
named
# ipa-dns-install --forwarder=10.0.0.1 The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup DNS for the FreeIPA Server. This includes: * Configure DNS (bind) To accept the default shown in brackets, press the Enter key. Existing BIND configuration detected, overwrite? [no]: yes The following operations may take some minutes to complete. Please wait until the prompt is returned. Do you want to configure the reverse zone? [yes]: Configuring named: [1/9]: adding DNS container [2/9]: setting up our zone [3/9]: setting up reverse zone [4/9]: setting up our own record [5/9]: setting up kerberos principal [6/9]: setting up named.conf [7/9]: restarting named named service failed to start [8/9]: configuring named to start on boot [9/9]: changing resolv.conf to point to ourselves done configuring named.
Relevant log in /var/log/messages:
/var/log/messages
Jul 12 02:43:10 vm-099 named[2461]: starting BIND 9.8.0-P2-RedHat-9.8.0-5.P2.fc15 -u named Jul 12 02:43:10 vm-099 named[2461]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/ include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/ share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '-- enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-exportlib' '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' '--includedir=/usr/include/ bind9' '--with-pkcs11=/usr/lib64/pkcs11/PKCS11_API.so' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe - Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 - mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE' Jul 12 02:43:10 vm-099 named[2461]: adjusted limit on open files from 1024 to 1048576 Jul 12 02:43:10 vm-099 named[2461]: found 1 CPU, using 1 worker thread Jul 12 02:43:10 vm-099 named[2461]: using up to 4096 sockets Jul 12 02:43:10 vm-099 named[2461]: loading configuration from '/etc/named.conf' Jul 12 02:43:10 vm-099 named[2461]: using default UDP/IPv4 port range: [1024, 65535] Jul 12 02:43:10 vm-099 named[2461]: using default UDP/IPv6 port range: [1024, 65535] Jul 12 02:43:10 vm-099 named[2461]: listening on IPv6 interfaces, port 53 Jul 12 02:43:10 vm-099 named[2461]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 12 02:43:10 vm-099 named[2461]: listening on IPv4 interface eth0, 10.16.78.99#53 Jul 12 02:43:10 vm-099 named[2461]: generating session key for dynamic DNS Jul 12 02:43:11 vm-099 named[2461]: Failed to init credentials (Preauthentication failed) Jul 12 02:43:11 vm-099 named[2461]: loading configuration: failure Jul 12 02:43:11 vm-099 named[2461]: exiting (due to fatal error)
master: aece880[[BR]] ipa-2-0: d153d61
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.1 - 2011/07
Login to comment on this ticket.