After completing setup of FreeIPA on master and replica node (both nodes are running on identical virtual machine with Fedora 29) I started dnf update to install latest kernel. Rebooting the nodes to load the latest kernel was successful, but ipa.service fails to start on both master and replica.
dnf update
Starting service named-pkcs11.service fails with error:
named-pkcs11.service
Dez 29 12:21:20 ipa-replica.example.com named-pkcs11[1240]: LDAP configuration synchronization failed: socket is not connected Dez 29 12:21:20 ipa-replica.example.com named-pkcs11[1240]: ldap_syncrepl will reconnect in 60 seconds Dez 29 12:22:20 ipa-replica.example.com named-pkcs11[1240]: Failed to get initial credentials (TGT) using principal 'DNS/ipa-replica.example.com' and keytab 'FILE:/etc/named.keytab' (Cannot contact any KDC for realm 'EXAMPLE.COM')
systemctl | grep failed
The error message starting ipa.service indicates an issue with named-pkcs11.service. Therefore I continue to start named-pkcs11.service manually. This is successful although there is an error message, but systemctl status named-pkcs11.service reports the service is running. The service ipa.service fails to start, and it kills service dirsrv@EXAMPLE-COM.service.
ipa.service
systemctl status named-pkcs11.service
dirsrv@EXAMPLE-COM.service
The complete log for starting named-pkcs11.service is here: http://freetexthost.com/ui1ky252je The complete log for restarting ipa.service is here: http://freetexthost.com/3lpujhi3cf
Automatic startup of all required services.
$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server freeipa-server-4.7.2-1.fc29.x86_64 freeipa-client-4.7.2-1.fc29.x86_64 Das Paket ipa-server ist nicht installiert Das Paket ipa-client ist nicht installiert 389-ds-base-1.4.0.20-1.fc29.x86_64 pki-ca-10.6.8-3.fc29.noarch krb5-server-1.16.1-22.fc29.x86_64
Any additional information, configuration, data or log snippets that is needed for reproduction or investigation of the issue. see above
Log file locations: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-files-logs.html Troubleshooting guide: https://www.freeipa.org/page/Troubleshooting
Closing as a duplicate of https://pagure.io/freeipa/issue/7822
Metadata Update from @rcritten: - Issue close_status updated to: duplicate - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.