0

I installed freeipa on centos 7. However, when I run kinit admin, I get the following error:

kinit: Cannot contact any KDC for realm 'IPA.TESTDOMAIN.COM' while getting initial credentials

when I try getting the kadmin service status:

systemctl status kadmin.service
● kadmin.service - Kerberos 5 Password-changing and Administration
   Loaded: loaded (/usr/lib/systemd/system/kadmin.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sat 2018-05-26 19:54:54 UTC; 11s ago
  Process: 21040 ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS (code=exited, status=1/FAILURE)
 Main PID: 7777 (code=exited, status=2)

May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service: main process exited, code=exited, status=2/INVALIDARGUMENT
May 26 19:54:54 ipa.testdomain.com systemd[1]: Unit kadmin.service entered failed state.
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service failed.
May 26 19:54:54 ipa.testdomain.com systemd[1]: Starting Kerberos 5 Password-changing and Administration...
May 26 19:54:54 ipa.testdomain.com _kadmind[21040]: kadmind: kadmind: Cannot open DB2 database '/var/kerberos/krb5kdc/principal': No...orting
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service: control process exited, code=exited status=1
May 26 19:54:54 ipa.testdomain.com systemd[1]: Failed to start Kerberos 5 Password-changing and Administration.
May 26 19:54:54 ipa.testdomain.com systemd[1]: Unit kadmin.service entered failed state.
May 26 19:54:54 ipa.testdomain.com systemd[1]: kadmin.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

Any thoughts on how to troubleshoot this further?

ali haider
  • 19,175
  • 17
  • 80
  • 149

2 Answers2

1

The krb5kdc service should be up and running. To launch all FreeIPA services (in the right order), you should try to use ipactl restart. You might have to kill krb5kdc process manually if you cannot restart services.

RReivax
  • 41
  • 3
  • thanks for reverting - I had specified the incorrect domain information during installation which caused the issue. I am still going over the process and will update once its working correctly – ali haider May 28 '18 at 14:40
0

The issue was caused by using the wrong domain name with the installation script. Running the installation with the correct information allowed me to run freeipa on centos (I tried on ubuntu as well and it never worked on ubuntu).

ali haider
  • 19,175
  • 17
  • 80
  • 149