Current IPA master failed to start for me while I was trying to test it today.
/var/log/messages:
Sep 22 10:18:41 vm-123 named[5038]: starting BIND 9.8.1-RedHat-9.8.1-1.fc15 -u named Sep 22 10:18:41 vm-123 named[5038]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefi x=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexec dir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-exportlib' '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' '--includedir=/usr/include/bind9' '--with-pkcs11=/usr/lib64/pkcs11/PKCS11_API.so' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE' Sep 22 10:18:41 vm-123 named[5038]: adjusted limit on open files from 4096 to 1048576 Sep 22 10:18:41 vm-123 named[5038]: found 1 CPU, using 1 worker thread Sep 22 10:18:41 vm-123 named[5038]: using up to 4096 sockets Sep 22 10:18:41 vm-123 named[5038]: loading configuration from '/etc/named.conf' Sep 22 10:18:41 vm-123 named[5038]: using default UDP/IPv4 port range: [1024, 65535] Sep 22 10:18:41 vm-123 named[5038]: using default UDP/IPv6 port range: [1024, 65535] Sep 22 10:18:41 vm-123 named[5038]: listening on IPv6 interfaces, port 53 Sep 22 10:18:41 vm-123 named[5038]: listening on IPv4 interface lo, 127.0.0.1#53 Sep 22 10:18:41 vm-123 named[5038]: listening on IPv4 interface eth0, 10.16.78.123#53 Sep 22 10:18:41 vm-123 named[5038]: generating session key for dynamic DNS Sep 22 10:18:41 vm-123 named[5038]: sizing zone task pool based on 6 zones Sep 22 10:18:41 vm-123 named[5038]: Failed to init credentials (Password has expired) Sep 22 10:18:41 vm-123 named[5038]: loading configuration: failure Sep 22 10:18:41 vm-123 named[5038]: exiting (due to fatal error) Sep 22 10:18:41 vm-123 systemd[1]: named.service: control process exited, code=exited status=7 Sep 22 10:18:41 vm-123 systemd[1]: Unit named.service entered failed state. Sep 22 10:18:41 vm-123 systemd[1]: Reloading. Sep 22 10:18:44 vm-123 systemd[1]: Reloading. Sep 22 10:18:44 vm-123 sssd: Starting up Sep 22 10:18:45 vm-123 sssd[be[idm.lab.bos.redhat.com]]: Starting up Sep 22 10:18:45 vm-123 sssd[nss]: Starting up Sep 22 10:18:45 vm-123 sssd[pam]: Starting up Sep 22 10:18:45 vm-123 systemd[1]: Reloading. Sep 22 10:18:45 vm-123 systemd[1]: Reloading. Sep 22 10:18:53 vm-123 systemd[1]: kadmin.service: main process exited, code=exited, status=2 Sep 22 10:18:54 vm-123 [sssd[ldap_child[5475]]]: Failed to initialize credentials using keytab [(null)]: Password has expired. Unable to create GSSAPI-encrypted LDAP connection. Sep 22 10:18:54 vm-123 named[5476]: starting BIND 9.8.1-RedHat-9.8.1-1.fc15 -u named Sep 22 10:18:54 vm-123 named[5476]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-exportlib' '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' '--includedir=/usr/include/bind9' '--with-pkcs11=/usr/lib64/pkcs11/PKCS11_API.so' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE' Sep 22 10:18:54 vm-123 named[5476]: adjusted limit on open files from 4096 to 1048576 Sep 22 10:18:54 vm-123 named[5476]: found 1 CPU, using 1 worker thread Sep 22 10:18:54 vm-123 named[5476]: using up to 4096 sockets Sep 22 10:18:54 vm-123 named[5476]: loading configuration from '/etc/named.conf' Sep 22 10:18:54 vm-123 named[5476]: using default UDP/IPv4 port range: [1024, 65535] Sep 22 10:18:54 vm-123 named[5476]: using default UDP/IPv6 port range: [1024, 65535] Sep 22 10:18:54 vm-123 named[5476]: listening on IPv6 interfaces, port 53 Sep 22 10:18:54 vm-123 named[5476]: listening on IPv4 interface lo, 127.0.0.1#53 Sep 22 10:18:54 vm-123 named[5476]: listening on IPv4 interface eth0, 10.16.78.123#53 Sep 22 10:18:54 vm-123 named[5476]: generating session key for dynamic DNS Sep 22 10:18:54 vm-123 named[5476]: sizing zone task pool based on 6 zones Sep 22 10:18:54 vm-123 named[5476]: Failed to init credentials (Password has expired) Sep 22 10:18:54 vm-123 named[5476]: loading configuration: failure Sep 22 10:18:54 vm-123 named[5476]: exiting (due to fatal error)
This is worrying:
Sep 22 10:18:54 vm-123 [sssd[ldap_child[5475]]]: Failed to initialize credentials using keytab [(null)]: Password has expired. Unable to create GSSAPI-encrypted LDAP connection.
Can you reproduce ?
I've tried installing IPA several times on two different machines, always with the same result. The system was fully updated with packages from updates-testing and ipa-devel.
It seem I cannot reproduce it with my dev tree that has all the ipa-kdb patches I create lately.
Checking my tree the only patch not in master yet at this moment seem to be my patch for bug #1820
Can you re-test with latest master and that patch and tell me if you can still reproduce ?
I'm still getting the error after applying the patch.
Just for the record, current ipa-2-1 works fine.
Ok, nevermind reproduced here after another restart, odd. I will investigate and fix.
master: dfc704d
Merge KDC LDAP components to one.
Metadata Update from @jcholast: - Issue assigned to simo - Issue set to the milestone: FreeIPA 3.0 Trust Effort - 2011/09
Login to comment on this ticket.