Bug 450214

Summary: Kerberos not starting.
Product: [Retired] freeIPA Reporter: Eric Desgranges <eric>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED UPSTREAM QA Contact: Chandrasekar Kannan <ckannan>
Severity: low Docs Contact:
Priority: low    
Version: 1.0CC: benl, dcbw
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-01 15:02:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 431020    
Attachments:
Description Flags
ipaserver-install.log none

Description Eric Desgranges 2008-06-05 21:38:24 UTC 
Description of problem:Kerberos not starting after first reboot although it first started okay after installation. 
krb5kdc.log:
Jun 05 14:02:33 directory.fronteranet.com krb5kdc[2854](info): setting up network... Jun 05 14:02:33 directory.fronteranet.com krb5kdc[2854](info): set up 0 sockets  krb5kdc: no sockets set up?
Version-Release number of selected component (if applicable):
Server is a Fedora 9 domU

How reproducible:


Steps to Reproduce:
1.freeIPA install
2.reboot
3.
  
Actual results:kinit admin
Cannot contact any KDC for realm 'FRONTERANET.COM' while getting initial credentials

Expected results:


Additional info:Log files attached
Comment 1 Eric Desgranges 2008-06-05 21:38:24 UTC 
Created attachment 308491 [details]
ipaserver-install.log
Comment 2 Rob Crittenden 2008-06-06 02:13:26 UTC 
Can you run this to verify that it is set up to start on boot:

/sbin/chkconfig --list krb5kdc

Are you using NetworkManager for your networking or the older network script?

Can you start the KDC after boot-up?

And finally, is ns-slapd running?
Comment 3 Andreas Mischinski 2008-06-06 06:48:28 UTC 
I had the same problem after installation. The system massage bus hangs during
starting. I `ve followed 

http://www.freeipa.com/page/TroubleshootingGuide#IPA_Server_boot_problems

and after this all started fine.
Comment 4 Eric Desgranges 2008-06-06 14:58:20 UTC 
I was using NetworkManager. Kerberos started OK after disabling it.
Comment 5 Rob Crittenden 2008-06-06 17:29:22 UTC 
ccing the NetworkManager maintainer to see if he has any ideas.

The freeIPA-installed KDC isn't starting on bootup with NetworkManager but it is
with network. I don't know if this is an init ordering problem or some NM option
we need to set.
Comment 6 Dan Williams 2008-06-06 19:54:30 UTC 
On F9 you may need to install updated NetworkManager packages from
updates-testing because we moved NM earlier in the boot process.  You could try:

/sbin/chkconfig messagebus resetpriorities
/sbin/chkconfig haldaemon resetpriorities
/sbin/chkconfig NetworkManager resetpriorities

and then ensure that there is a /etc/rc3.d/S27NetworkManager file.

Since NM brings the network up asynchronously, if your service requires a
network connection when it starts (which is actaully a bug in that service that
it cannot listen for netlink events and notice interface changes on the fly)
then you can add the line:

NETWORKWAIT=yes

to your /etc/sysconfig/network file to block startup for up to 10 seconds while
waiting for a network connection to come up.
Comment 7 Rob Crittenden 2008-06-10 02:19:54 UTC 
Eric or Andreas, can you give Dan's suggestion a shot? If it works we'll update
our documentation to reflect this work-around.
Comment 8 Martin Nagy 2008-06-12 13:25:50 UTC 
I had the same problem and I can confirm that the NETWORKWAIT solution worked
nicely for me.
Comment 9 Rob Crittenden 2008-07-01 15:02:33 UTC 
Added Dan's comments to documentation at
http://freeipa.org/page/TroubleshootingGuide