Ash Ryder
4 years ago
Hello Guys,
I am having a bit of trouble keeping the krb5kdc service up for longer than 10mins. I have just installed Free IPA on our windows domain and can authenticate when the service is up to the IPA server with my windows credentials. Any help would be much appreciated. Please let me know which required information/logs would assist.
The service errors with the following:
Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; disabled; vendor preset: disabled)
Active: failed (Result: core-dump) since Mon 2021-04-26 10:09:02 AEST; 3h 55min ago
Process: 139132 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid $KRB5KDC_ARGS (code=exited, status=0/SUCCESS)
Main PID: 139136 (code=dumped, signal=ABRT)
LOG SSD_Example.com shows this around the same time the service stops
(2021-04-26 10:08:53): [be[linux.example.com]] [sdap_id_conn_data_expire_handler] (0x0080): connection is about to expire, releasing it
(2021-04-26 10:09:01): [be[linux.example.com]] [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error]
(2021-04-26 10:09:01): [be[example.com]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot contact any KDC for realm 'LINUX.EXAMPLE.COM')]
KRB5KDC.LOG
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): AS_REQ (7 etypes {aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), camellia256-cts-cmac(26), aes128-cts-hmac-sha1-96(17), aes128-cts-hmac-sha256-128(19), camellia128-cts-cmac(25), DEPRECATED:arcfour-hmac(23)}) 10.2.0.208: NEEDED_PREAUTH: host/***@LINUX.EXAMPLE.COM for krbtgt/***@LINUX.EXAMPLE.COM, Additional pre-authentication required
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down fd 12
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139136](Error): worker 139142 exited with status 134
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): AS_REQ (7 etypes {aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), camellia256-cts-cmac(26), aes128-cts-hmac-sha1-96(17), aes128-cts-hmac-sha256-128(19), camellia128-cts-cmac(25), DEPRECATED:arcfour-hmac(23)}) 10.2.0.208: ISSUE: authtime 1619395741, etypes {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)}, host/***@LINUX.EXAMPLE.COM for krbtgt/***@LINUX.EXAMPLE.COM
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down fd 11
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down fd 10
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down fd 9
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down fd 8
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): shutting down
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): IPA certauth plugin un-loaded.
Thank in advance,
Ash
_______________________________________________
sssd-users mailing list -- sssd-***@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-***@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-***@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-i
I am having a bit of trouble keeping the krb5kdc service up for longer than 10mins. I have just installed Free IPA on our windows domain and can authenticate when the service is up to the IPA server with my windows credentials. Any help would be much appreciated. Please let me know which required information/logs would assist.
The service errors with the following:
Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; disabled; vendor preset: disabled)
Active: failed (Result: core-dump) since Mon 2021-04-26 10:09:02 AEST; 3h 55min ago
Process: 139132 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid $KRB5KDC_ARGS (code=exited, status=0/SUCCESS)
Main PID: 139136 (code=dumped, signal=ABRT)
LOG SSD_Example.com shows this around the same time the service stops
(2021-04-26 10:08:53): [be[linux.example.com]] [sdap_id_conn_data_expire_handler] (0x0080): connection is about to expire, releasing it
(2021-04-26 10:09:01): [be[linux.example.com]] [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error]
(2021-04-26 10:09:01): [be[example.com]] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot contact any KDC for realm 'LINUX.EXAMPLE.COM')]
KRB5KDC.LOG
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): AS_REQ (7 etypes {aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), camellia256-cts-cmac(26), aes128-cts-hmac-sha1-96(17), aes128-cts-hmac-sha256-128(19), camellia128-cts-cmac(25), DEPRECATED:arcfour-hmac(23)}) 10.2.0.208: NEEDED_PREAUTH: host/***@LINUX.EXAMPLE.COM for krbtgt/***@LINUX.EXAMPLE.COM, Additional pre-authentication required
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down fd 12
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139136](Error): worker 139142 exited with status 134
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): AS_REQ (7 etypes {aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), camellia256-cts-cmac(26), aes128-cts-hmac-sha1-96(17), aes128-cts-hmac-sha256-128(19), camellia128-cts-cmac(25), DEPRECATED:arcfour-hmac(23)}) 10.2.0.208: ISSUE: authtime 1619395741, etypes {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)}, host/***@LINUX.EXAMPLE.COM for krbtgt/***@LINUX.EXAMPLE.COM
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down fd 11
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down fd 10
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down fd 9
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): closing down fd 8
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): shutting down
Apr 26 10:09:01 IPA01.linux.example.com krb5kdc[139141](info): IPA certauth plugin un-loaded.
Thank in advance,
Ash
_______________________________________________
sssd-users mailing list -- sssd-***@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-***@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-***@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-i