450214 – Kerberos not starting.

Bug 450214 - Kerberos not starting.

Summary: Kerberos not starting.

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	freeIPA
Classification:	Retired
Component:	ipa-server
Sub Component:
Version:	1.0
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Rob Crittenden
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	431020
TreeView+	depends on / blocked

Reported:	2008-06-05 21:38 UTC by Eric Desgranges
Modified:	2015-01-04 23:32 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2008-07-01 15:02:33 UTC
Embargoed:

Attachments	(Terms of Use)
ipaserver-install.log (38.51 KB, text/plain) 2008-06-05 21:38 UTC, Eric Desgranges	no flags	Details
View All

Description Eric Desgranges 2008-06-05 21:38:24 UTC

Description of problem:Kerberos not starting after first reboot although it first started okay after installation. 
krb5kdc.log:
Jun 05 14:02:33 directory.fronteranet.com krb5kdc[2854](info): setting up network... Jun 05 14:02:33 directory.fronteranet.com krb5kdc[2854](info): set up 0 sockets  krb5kdc: no sockets set up?
Version-Release number of selected component (if applicable):
Server is a Fedora 9 domU

How reproducible:


Steps to Reproduce:
1.freeIPA install
2.reboot
3.
  
Actual results:kinit admin
Cannot contact any KDC for realm 'FRONTERANET.COM' while getting initial credentials

Expected results:


Additional info:Log files attached

Comment 1 Eric Desgranges 2008-06-05 21:38:24 UTC

Created attachment 308491 [details]
ipaserver-install.log

Comment 2 Rob Crittenden 2008-06-06 02:13:26 UTC

Can you run this to verify that it is set up to start on boot:

/sbin/chkconfig --list krb5kdc

Are you using NetworkManager for your networking or the older network script?

Can you start the KDC after boot-up?

And finally, is ns-slapd running?

Comment 3 Andreas Mischinski 2008-06-06 06:48:28 UTC

I had the same problem after installation. The system massage bus hangs during
starting. I `ve followed 

http://www.freeipa.com/page/TroubleshootingGuide#IPA_Server_boot_problems

and after this all started fine.

Comment 4 Eric Desgranges 2008-06-06 14:58:20 UTC

I was using NetworkManager. Kerberos started OK after disabling it.

Comment 5 Rob Crittenden 2008-06-06 17:29:22 UTC

ccing the NetworkManager maintainer to see if he has any ideas.

The freeIPA-installed KDC isn't starting on bootup with NetworkManager but it is
with network. I don't know if this is an init ordering problem or some NM option
we need to set.

Comment 6 Dan Williams 2008-06-06 19:54:30 UTC

On F9 you may need to install updated NetworkManager packages from
updates-testing because we moved NM earlier in the boot process.  You could try:

/sbin/chkconfig messagebus resetpriorities
/sbin/chkconfig haldaemon resetpriorities
/sbin/chkconfig NetworkManager resetpriorities

and then ensure that there is a /etc/rc3.d/S27NetworkManager file.

Since NM brings the network up asynchronously, if your service requires a
network connection when it starts (which is actaully a bug in that service that
it cannot listen for netlink events and notice interface changes on the fly)
then you can add the line:

NETWORKWAIT=yes

to your /etc/sysconfig/network file to block startup for up to 10 seconds while
waiting for a network connection to come up.

Comment 7 Rob Crittenden 2008-06-10 02:19:54 UTC

Eric or Andreas, can you give Dan's suggestion a shot? If it works we'll update
our documentation to reflect this work-around.

Comment 8 Martin Nagy 2008-06-12 13:25:50 UTC

I had the same problem and I can confirm that the NETWORKWAIT solution worked
nicely for me.

Comment 9 Rob Crittenden 2008-07-01 15:02:33 UTC

Added Dan's comments to documentation at
http://freeipa.org/page/TroubleshootingGuide

Note You need to log in before you can comment on or make changes to this bug.